Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

\SysWOW64\rundll32.exe takes me to dangerous website

Started by alasdairt, May 01 2012 01:11 PM

Next

This topic is locked

20 replies to this topic

#1 $\SysWOW64\rundll32.exe takes me to dangerous website: post #1$ alasdairt

New Member

Members
10 posts

Posted 01 May 2012 - 01:11 PM

Hi After my AV started reporting infections Ive run a series of scans with Malwarebytes as well as Avast! and Spybot. However ,I am still left with a problem whereby every couple of minutes MWB reports it has prevented me from visiting a dangerous website (I have not tried to navigate to any page but it says that the process involved is C:\Windows\SysWOW64\rundll32.exe so assume this has become infected.) Any thoughts on how I should remove the cause of this would be most gratefully received. Cheers

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Al at 19:09:32 on 2012-05-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16381.13796 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
e:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
e:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
E:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Program Files (x86)\Steam\Steam.exe
C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Program Files (x86)\DisplayFusion\AppHookx86.exe
C:\Users\Al\AppData\Local\Apps\2.0\47TY1899.DAR\1G67QV7L.RBM\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe
C:\Users\Al\AppData\Roaming\Dropbox\bin\Dropbox.exe
E:\Program Files (x86)\itunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
E:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;192.168.*.*
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - e:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - E:\java\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - e:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [AlcoholAutomount] "e:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
uRun: [SpybotSD TeaTimer] E:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [DisplayFusion] "e:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [Google Update] "C:\Users\Al\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avast] "e:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [GrooveMonitor] "E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
StartupFolder: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Al\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Al\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Al\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\ONENOT~1.LNK - E:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\PS3MED~1.LNK - E:\Program Files (x86)\PS3 Media Server\PMS.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AA1CF23E-6632-41D9-B700-20B5D1B1738F} : DhcpNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\java\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avast] "e:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [GrooveMonitor] "E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-5-24 365568]
R2 ASTRA64;ASTRA64 Kernel Driver 1.0.0.1;E:\Program Files (x86)\ASTRA32\astra64.sys [2007-2-22 21200]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;E:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-3-27 44768]
R2 MBAMService;MBAMService;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-4 654408]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R2 StarWindServiceAE;StarWind AE Service;E:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-19 136176]
S2 SBSDWSCService;SBSD Security Center Service;E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-5 1153368]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-2-18 25640]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-19 136176]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-2-18 30528]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys --> C:\Windows\system32\DRIVERS\motodrv.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-30 18:52:20 457632 ----a-w- C:\FixExec.exe
2012-04-30 18:44:54 -------- d-----w- C:\ProgramData\B7E85B3B00000AA700005E17B4EB2367
2012-04-30 17:36:52 -------- d--h--w- C:\ProgramData\CanonIJScan
2012-04-30 17:36:28 -------- d-----w- C:\Program Files (x86)\Canon
2012-04-30 17:19:47 235008 ----a-w- C:\Windows\System32\CNQ9601O.DLL
2012-04-30 17:19:46 92672 ----a-w- C:\Windows\System32\CNQ9601I.DLL
2012-04-30 17:19:46 495104 ----a-w- C:\Windows\System32\CNQ9601L.DLL
2012-04-30 17:19:45 17920 ----a-w- C:\Windows\System32\CNHMCA6.DLL
2012-04-30 17:19:45 1342976 ----a-w- C:\Windows\System32\CNQ9601C.DLL
2012-04-29 07:46:58 -------- d-----w- C:\ProgramData\CCP
2012-04-28 16:28:01 -------- d-----w- C:\Users\Al\AppData\Roaming\PCF-VLC
2012-04-28 16:27:03 -------- d-----w- C:\Users\Al\AppData\Roaming\Participatory Culture Foundation
2012-04-28 16:26:43 -------- d-----w- C:\Program Files (x86)\Participatory Culture Foundation
2012-04-28 15:42:52 -------- d-----w- C:\Users\Al\AppData\Local\CCP
2012-04-27 21:33:16 -------- d-----w- C:\Program Files (x86)\iLivid
2012-04-27 19:35:13 -------- d-----w- C:\Users\Al\AppData\Local\Skyrim
2012-04-27 16:33:35 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C32B9BEE-0D50-476F-916E-55408480AF77}\mpengine.dll
2012-04-24 18:30:06 -------- d-----w- C:\Users\Al\AppData\Local\Motosftemp
2012-04-24 18:23:53 -------- d-----w- C:\Temp
2012-04-24 18:23:28 -------- d-----w- C:\Program Files\Motorola Inc
2012-04-19 15:24:55 -------- d-----w- C:\Users\Al\.android
2012-04-11 02:01:28 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 02:01:27 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 02:01:27 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-11 02:00:18 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 02:00:18 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 02:00:18 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 02:00:18 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 02:00:18 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 02:00:18 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 02:00:18 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-24 12:19:51 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-02-24 12:19:51 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-02-24 12:19:51 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-02-24 12:19:51 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-02-23 09:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 10:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 19:09:50.97 ===============

Attached Files

DDS.txt 19.39KB 7 downloads
Attach.txt 13.21KB 11 downloads

Back to top

#2 $\SysWOW64\rundll32.exe takes me to dangerous website: post #2$ alasdairt

New Member

Members
10 posts

Posted 01 May 2012 - 02:25 PM

Correct, it was Avast! that was blocking the malicious website, not Antimalware..
It gave this message:

Infection Details

URL: http://11sx5c8.reald...ng.com/file/...
Process: C:\Windows\SysWOW64\rundll32.exe
Infection: URL:Mal

Back to top

#3 $\SysWOW64\rundll32.exe takes me to dangerous website: post #3$ MrCharlie

Forum Deity

Experts
18,274 posts

Gender:Male
Location:So. Plainfield, New Jersey, USA

Posted 01 May 2012 - 07:03 PM

Welcome to the forum.

Before we proceed further, please uninstall uTorrent and any other peer-to-peer filesharing apps.
Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

MrC

Malware Removal Expert

I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Thanks MrC & crew

Back to top

#4 $\SysWOW64\rundll32.exe takes me to dangerous website: post #4$ MrCharlie

Forum Deity

Experts
18,274 posts

Gender:Male
Location:So. Plainfield, New Jersey, USA

Posted 03 May 2012 - 07:17 AM

How are we doing??

Do you still need help or can I close this post??

MrC

Malware Removal Expert

I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Thanks MrC & crew

Back to top

#5 $\SysWOW64\rundll32.exe takes me to dangerous website: post #5$ alasdairt

New Member

Members
10 posts

Posted 03 May 2012 - 11:58 AM

Hi. Sorry for the delay -late one at work last night.

Yes please. I have uninstalled both utorrent & Sopcast - dont think there is anything else that comes under the P2P category.
What next?

Back to top

#6 $\SysWOW64\rundll32.exe takes me to dangerous website: post #6$ MrCharlie

Forum Deity

Experts
18,274 posts

Gender:Male
Location:So. Plainfield, New Jersey, USA

Posted 03 May 2012 - 12:03 PM

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)
Post back the report.

MrC

Malware Removal Expert

I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Thanks MrC & crew

Back to top

#7 $\SysWOW64\rundll32.exe takes me to dangerous website: post #7$ alasdairt

New Member

Members
10 posts

Posted 03 May 2012 - 12:37 PM

RogueKiller V7.4.2 [05/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Al [Admin rights]
Mode: Scan -- Date: 05/03/2012 18:36:57

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[BLACKLIST DLL] HKLM\[...]\Run : mietp (rundll32.exe "C:\Users\Al\AppData\Local\Temp\mietp.dll",mpegInSeekSample64) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: KINGSTON SNVP325S264GB ATA Device +++++
--- User ---
[MBR] d41af0937110441aaa1649db69d9d16a
[BSP] 8239f65f4c9010ca95501601bc45e7e1 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 60955 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD103UJ ATA Device +++++
--- User ---
[MBR] b950dd9215e4140c6b552dafc9418487
[BSP] ccdae066dea7e34cf31f002fa6e37b20 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 753865 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1543919616 | Size: 200000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Back to top

#8 $\SysWOW64\rundll32.exe takes me to dangerous website: post #8$ MrCharlie

Forum Deity

Experts
18,274 posts

Gender:Male
Location:So. Plainfield, New Jersey, USA

Posted 03 May 2012 - 12:43 PM

Please run RogueKiller again and click Scan
When the scan completes, click the Registry Entries
Put a check next to these and uncheck the rest
Now click Delete on the right hand column.

Quote

¤¤¤ Registry Entries: 5 ¤¤¤
[BLACKLIST DLL] HKLM\[...]\Run : mietp (rundll32.exe "C:\Users\Al\AppData\Local\Temp\mietp.dll",mpegInSeekSample64) -> FOUND

--------------------

Next......

Please make sure system restore is running and create a new restore point before continuing.

Instructions here

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Posted Image

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Malware Removal Expert

I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Thanks MrC & crew

Back to top

#9 $\SysWOW64\rundll32.exe takes me to dangerous website: post #9$ alasdairt

New Member

Members
10 posts

Posted 03 May 2012 - 01:40 PM

19:39:37.0523 4916 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
19:39:37.0708 4916 ============================================================
19:39:37.0708 4916 Current date / time: 2012/05/03 19:39:37.0708
19:39:37.0708 4916 SystemInfo:
19:39:37.0708 4916
19:39:37.0708 4916 OS Version: 6.1.7601 ServicePack: 1.0
19:39:37.0708 4916 Product type: Workstation
19:39:37.0708 4916 ComputerName: AL-PC
19:39:37.0708 4916 UserName: Al
19:39:37.0709 4916 Windows directory: C:\Windows
19:39:37.0709 4916 System windows directory: C:\Windows
19:39:37.0709 4916 Running under WOW64
19:39:37.0709 4916 Processor architecture: Intel x64
19:39:37.0709 4916 Number of processors: 4
19:39:37.0709 4916 Page size: 0x1000
19:39:37.0709 4916 Boot type: Normal boot
19:39:37.0709 4916 ============================================================
19:39:38.0437 4916 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:39:38.0437 4916 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:39:38.0447 4916 ============================================================
19:39:38.0447 4916 \Device\Harddisk0\DR0:
19:39:38.0448 4916 MBR partitions:
19:39:38.0448 4916 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:39:38.0448 4916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
19:39:38.0448 4916 \Device\Harddisk1\DR1:
19:39:38.0448 4916 MBR partitions:
19:39:38.0448 4916 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x5C064FF8
19:39:38.0448 4916 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x5C065800, BlocksNum 0x186A0000
19:39:38.0448 4916 ============================================================
19:39:38.0449 4916 C: <-> \Device\Harddisk0\DR0\Partition1
19:39:38.0477 4916 D: <-> \Device\Harddisk1\DR1\Partition0
19:39:38.0495 4916 E: <-> \Device\Harddisk1\DR1\Partition1
19:39:38.0495 4916 ============================================================
19:39:38.0495 4916 Initialize success
19:39:38.0495 4916 ============================================================
19:39:42.0697 4348 ============================================================
19:39:42.0697 4348 Scan started
19:39:42.0697 4348 Mode: Manual; SigCheck; TDLFS;
19:39:42.0697 4348 ============================================================
19:39:43.0653 4348 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:39:43.0702 4348 1394ohci - ok
19:39:43.0713 4348 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:39:43.0725 4348 ACPI - ok
19:39:43.0728 4348 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:39:43.0740 4348 AcpiPmi - ok
19:39:43.0745 4348 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:39:43.0754 4348 AdobeARMservice - ok
19:39:43.0769 4348 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:39:43.0783 4348 adp94xx - ok
19:39:43.0794 4348 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:39:43.0806 4348 adpahci - ok
19:39:43.0814 4348 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:39:43.0824 4348 adpu320 - ok
19:39:43.0830 4348 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:39:43.0856 4348 AeLookupSvc - ok
19:39:43.0872 4348 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:39:43.0885 4348 AFD - ok
19:39:43.0889 4348 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:39:43.0898 4348 agp440 - ok
19:39:43.0903 4348 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:39:43.0913 4348 ALG - ok
19:39:43.0916 4348 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:39:43.0925 4348 aliide - ok
19:39:43.0932 4348 AMD External Events Utility (514089cb4a7df38dc4dd936ade4114d3) C:\Windows\system32\atiesrxx.exe
19:39:43.0948 4348 AMD External Events Utility - ok
19:39:43.0952 4348 AMD FUEL Service - ok
19:39:43.0956 4348 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:39:43.0965 4348 amdide - ok
19:39:43.0969 4348 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
19:39:43.0988 4348 amdiox64 - ok
19:39:43.0992 4348 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:39:44.0002 4348 AmdK8 - ok
19:39:44.0244 4348 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
19:39:44.0326 4348 amdkmdag - ok
19:39:44.0357 4348 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
19:39:44.0372 4348 amdkmdap - ok
19:39:44.0376 4348 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:39:44.0386 4348 AmdPPM - ok
19:39:44.0391 4348 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:39:44.0401 4348 amdsata - ok
19:39:44.0408 4348 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:39:44.0419 4348 amdsbs - ok
19:39:44.0422 4348 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:39:44.0431 4348 amdxata - ok
19:39:44.0436 4348 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:39:44.0461 4348 AppID - ok
19:39:44.0464 4348 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:39:44.0489 4348 AppIDSvc - ok
19:39:44.0495 4348 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:39:44.0520 4348 Appinfo - ok
19:39:44.0526 4348 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:39:44.0535 4348 Apple Mobile Device - ok
19:39:44.0539 4348 AppleCharger (301aa64f9643bc453d90a66c4c0e7204) C:\Windows\system32\DRIVERS\AppleCharger.sys
19:39:44.0547 4348 AppleCharger - ok
19:39:44.0550 4348 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\Windows\system32\AppleChargerSrv.exe
19:39:44.0558 4348 AppleChargerSrv - ok
19:39:44.0563 4348 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:39:44.0572 4348 arc - ok
19:39:44.0577 4348 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:39:44.0587 4348 arcsas - ok
19:39:44.0593 4348 aspnet_state - ok
19:39:44.0608 4348 ASTRA64 (748b2514db1438fe16a2ddb56bfcf011) e:\Program Files (x86)\ASTRA32\ASTRA64.sys
19:39:44.0617 4348 ASTRA64 - ok
19:39:44.0620 4348 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
19:39:44.0629 4348 aswFsBlk - ok
19:39:44.0634 4348 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
19:39:44.0643 4348 aswMonFlt - ok
19:39:44.0647 4348 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
19:39:44.0655 4348 aswRdr - ok
19:39:44.0681 4348 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
19:39:44.0697 4348 aswSnx - ok
19:39:44.0709 4348 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
19:39:44.0720 4348 aswSP - ok
19:39:44.0724 4348 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
19:39:44.0733 4348 aswTdi - ok
19:39:44.0736 4348 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:39:44.0762 4348 AsyncMac - ok
19:39:44.0765 4348 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:39:44.0774 4348 atapi - ok
19:39:44.0782 4348 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
19:39:44.0790 4348 AtiHDAudioService - ok
19:39:44.0810 4348 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:39:44.0839 4348 AudioEndpointBuilder - ok
19:39:44.0844 4348 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:39:44.0873 4348 AudioSrv - ok
19:39:44.0884 4348 avast! Antivirus (4041d31508a2a084dfb42c595854090f) e:\Program Files\Alwil Software\Avast5\AvastSvc.exe
19:39:44.0893 4348 avast! Antivirus - ok
19:39:44.0899 4348 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:39:44.0912 4348 AxInstSV - ok
19:39:44.0927 4348 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:39:44.0939 4348 b06bdrv - ok
19:39:44.0949 4348 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:39:44.0961 4348 b57nd60a - ok
19:39:44.0968 4348 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:39:44.0978 4348 BDESVC - ok
19:39:44.0981 4348 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:39:45.0006 4348 Beep - ok
19:39:45.0030 4348 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:39:45.0062 4348 BITS - ok
19:39:45.0066 4348 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:39:45.0076 4348 blbdrive - ok
19:39:45.0092 4348 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:39:45.0104 4348 Bonjour Service - ok
19:39:45.0110 4348 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:39:45.0119 4348 bowser - ok
19:39:45.0122 4348 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:39:45.0134 4348 BrFiltLo - ok
19:39:45.0136 4348 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:39:45.0148 4348 BrFiltUp - ok
19:39:45.0153 4348 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:39:45.0178 4348 Browser - ok
19:39:45.0188 4348 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:39:45.0200 4348 Brserid - ok
19:39:45.0203 4348 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:39:45.0215 4348 BrSerWdm - ok
19:39:45.0218 4348 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:39:45.0229 4348 BrUsbMdm - ok
19:39:45.0231 4348 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:39:45.0241 4348 BrUsbSer - ok
19:39:45.0243 4348 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
19:39:45.0252 4348 BTCFilterService - ok
19:39:45.0258 4348 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:39:45.0269 4348 BTHMODEM - ok
19:39:45.0277 4348 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:39:45.0303 4348 bthserv - ok
19:39:45.0308 4348 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:39:45.0333 4348 cdfs - ok
19:39:45.0340 4348 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:39:45.0351 4348 cdrom - ok
19:39:45.0356 4348 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:39:45.0381 4348 CertPropSvc - ok
19:39:45.0385 4348 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:39:45.0396 4348 circlass - ok
19:39:45.0408 4348 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:39:45.0421 4348 CLFS - ok
19:39:45.0427 4348 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:39:45.0435 4348 clr_optimization_v2.0.50727_32 - ok
19:39:45.0441 4348 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:39:45.0449 4348 clr_optimization_v2.0.50727_64 - ok
19:39:45.0459 4348 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:39:45.0468 4348 clr_optimization_v4.0.30319_32 - ok
19:39:45.0475 4348 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:39:45.0484 4348 clr_optimization_v4.0.30319_64 - ok
19:39:45.0487 4348 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:39:45.0496 4348 CmBatt - ok
19:39:45.0499 4348 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:39:45.0509 4348 cmdide - ok
19:39:45.0523 4348 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:39:45.0541 4348 CNG - ok
19:39:45.0545 4348 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:39:45.0554 4348 Compbatt - ok
19:39:45.0557 4348 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:39:45.0569 4348 CompositeBus - ok
19:39:45.0571 4348 COMSysApp - ok
19:39:45.0575 4348 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:39:45.0585 4348 crcdisk - ok
19:39:45.0593 4348 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:39:45.0619 4348 CryptSvc - ok
19:39:45.0623 4348 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
19:39:45.0632 4348 dc3d - ok
19:39:45.0649 4348 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:39:45.0679 4348 DcomLaunch - ok
19:39:45.0690 4348 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:39:45.0718 4348 defragsvc - ok
19:39:45.0723 4348 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:39:45.0748 4348 DfsC - ok
19:39:45.0759 4348 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:39:45.0786 4348 Dhcp - ok
19:39:45.0790 4348 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:39:45.0815 4348 discache - ok
19:39:45.0820 4348 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:39:45.0830 4348 Disk - ok
19:39:45.0837 4348 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:39:45.0848 4348 Dnscache - ok
19:39:45.0857 4348 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:39:45.0883 4348 dot3svc - ok
19:39:45.0890 4348 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:39:45.0916 4348 DPS - ok
19:39:45.0919 4348 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:39:45.0931 4348 drmkaud - ok
19:39:45.0958 4348 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:39:45.0977 4348 DXGKrnl - ok
19:39:45.0982 4348 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:39:46.0009 4348 EapHost - ok
19:39:46.0095 4348 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:39:46.0128 4348 ebdrv - ok
19:39:46.0149 4348 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:39:46.0159 4348 EFS - ok
19:39:46.0180 4348 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:39:46.0195 4348 ehRecvr - ok
19:39:46.0202 4348 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:39:46.0212 4348 ehSched - ok
19:39:46.0231 4348 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:39:46.0245 4348 elxstor - ok
19:39:46.0248 4348 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:39:46.0258 4348 ErrDev - ok
19:39:46.0262 4348 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
19:39:46.0270 4348 etdrv - ok
19:39:46.0284 4348 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:39:46.0312 4348 EventSystem - ok
19:39:46.0320 4348 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:39:46.0347 4348 exfat - ok
19:39:46.0354 4348 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:39:46.0381 4348 fastfat - ok
19:39:46.0401 4348 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:39:46.0416 4348 Fax - ok
19:39:46.0419 4348 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:39:46.0429 4348 fdc - ok
19:39:46.0432 4348 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:39:46.0459 4348 fdPHost - ok
19:39:46.0462 4348 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:39:46.0488 4348 FDResPub - ok
19:39:46.0492 4348 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:39:46.0502 4348 FileInfo - ok
19:39:46.0505 4348 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:39:46.0530 4348 Filetrace - ok
19:39:46.0533 4348 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:39:46.0543 4348 flpydisk - ok
19:39:46.0553 4348 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:39:46.0564 4348 FltMgr - ok
19:39:46.0596 4348 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:39:46.0614 4348 FontCache - ok
19:39:46.0665 4348 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:39:46.0673 4348 FontCache3.0.0.0 - ok
19:39:46.0680 4348 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:39:46.0689 4348 FsDepends - ok
19:39:46.0692 4348 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:39:46.0701 4348 Fs_Rec - ok
19:39:46.0710 4348 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:39:46.0723 4348 fvevol - ok
19:39:46.0728 4348 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:39:46.0737 4348 gagp30kx - ok
19:39:46.0740 4348 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
19:39:46.0747 4348 gdrv - ok
19:39:46.0751 4348 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:39:46.0759 4348 GEARAspiWDM - ok
19:39:46.0781 4348 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:39:46.0811 4348 gpsvc - ok
19:39:46.0820 4348 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:39:46.0829 4348 gupdate - ok
19:39:46.0833 4348 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:39:46.0841 4348 gupdatem - ok
19:39:46.0848 4348 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:39:46.0857 4348 gusvc - ok
19:39:46.0862 4348 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
19:39:46.0870 4348 GVTDrv64 - ok
19:39:46.0873 4348 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:39:46.0882 4348 hcw85cir - ok
19:39:46.0893 4348 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:39:46.0907 4348 HdAudAddService - ok
19:39:46.0913 4348 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:39:46.0925 4348 HDAudBus - ok
19:39:46.0928 4348 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:39:46.0938 4348 HidBatt - ok
19:39:46.0942 4348 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:39:46.0954 4348 HidBth - ok
19:39:46.0958 4348 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:39:46.0969 4348 HidIr - ok
19:39:46.0973 4348 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:39:46.0999 4348 hidserv - ok
19:39:47.0003 4348 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:39:47.0013 4348 HidUsb - ok
19:39:47.0018 4348 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:39:47.0044 4348 hkmsvc - ok
19:39:47.0052 4348 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:39:47.0065 4348 HomeGroupListener - ok
19:39:47.0072 4348 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:39:47.0084 4348 HomeGroupProvider - ok
19:39:47.0090 4348 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:39:47.0100 4348 HpSAMD - ok
19:39:47.0121 4348 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:39:47.0151 4348 HTTP - ok
19:39:47.0154 4348 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:39:47.0163 4348 hwpolicy - ok
19:39:47.0168 4348 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:39:47.0178 4348 i8042prt - ok
19:39:47.0192 4348 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:39:47.0205 4348 iaStorV - ok
19:39:47.0211 4348 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:39:47.0215 4348 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:39:47.0215 4348 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:39:47.0240 4348 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:39:47.0256 4348 idsvc - ok
19:39:47.0278 4348 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:39:47.0287 4348 iirsp - ok
19:39:47.0311 4348 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:39:47.0342 4348 IKEEXT - ok
19:39:47.0407 4348 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys
19:39:47.0439 4348 IntcAzAudAddService - ok
19:39:47.0462 4348 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:39:47.0471 4348 intelide - ok
19:39:47.0475 4348 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:39:47.0485 4348 intelppm - ok
19:39:47.0490 4348 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:39:47.0517 4348 IPBusEnum - ok
19:39:47.0522 4348 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:39:47.0547 4348 IpFilterDriver - ok
19:39:47.0551 4348 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:39:47.0561 4348 IPMIDRV - ok
19:39:47.0567 4348 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:39:47.0593 4348 IPNAT - ok
19:39:47.0621 4348 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
19:39:47.0637 4348 iPod Service - ok
19:39:47.0640 4348 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:39:47.0653 4348 IRENUM - ok
19:39:47.0656 4348 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:39:47.0665 4348 isapnp - ok
19:39:47.0674 4348 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:39:47.0686 4348 iScsiPrt - ok
19:39:47.0690 4348 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:39:47.0699 4348 kbdclass - ok
19:39:47.0703 4348 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:39:47.0713 4348 kbdhid - ok
19:39:47.0715 4348 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:39:47.0726 4348 KeyIso - ok
19:39:47.0730 4348 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:39:47.0740 4348 KSecDD - ok
19:39:47.0747 4348 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:39:47.0757 4348 KSecPkg - ok
19:39:47.0760 4348 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:39:47.0785 4348 ksthunk - ok
19:39:47.0797 4348 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:39:47.0826 4348 KtmRm - ok
19:39:47.0835 4348 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:39:47.0863 4348 LanmanServer - ok
19:39:47.0869 4348 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:39:47.0896 4348 LanmanWorkstation - ok
19:39:47.0912 4348 LBTServ (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:39:47.0924 4348 LBTServ - ok
19:39:47.0931 4348 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:39:47.0940 4348 LHidFilt - ok
19:39:47.0949 4348 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:39:47.0952 4348 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:39:47.0952 4348 LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:39:47.0957 4348 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:39:47.0982 4348 lltdio - ok
19:39:47.0993 4348 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:39:48.0021 4348 lltdsvc - ok
19:39:48.0024 4348 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:39:48.0050 4348 lmhosts - ok
19:39:48.0055 4348 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:39:48.0064 4348 LMouFilt - ok
19:39:48.0071 4348 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:39:48.0081 4348 LSI_FC - ok
19:39:48.0086 4348 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:39:48.0096 4348 LSI_SAS - ok
19:39:48.0100 4348 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:39:48.0110 4348 LSI_SAS2 - ok
19:39:48.0115 4348 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:39:48.0126 4348 LSI_SCSI - ok
19:39:48.0131 4348 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:39:48.0157 4348 luafv - ok
19:39:48.0192 4348 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
19:39:48.0201 4348 MBAMProtector - ok
19:39:48.0244 4348 MBAMService (ba400ed640bca1eae5c727ae17c10207) e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:39:48.0258 4348 MBAMService - ok
19:39:48.0262 4348 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:39:48.0274 4348 Mcx2Svc - ok
19:39:48.0277 4348 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:39:48.0286 4348 megasas - ok
19:39:48.0296 4348 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:39:48.0308 4348 MegaSR - ok
19:39:48.0319 4348 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) E:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:39:48.0327 4348 Microsoft Office Groove Audit Service - ok
19:39:48.0331 4348 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:39:48.0358 4348 MMCSS - ok
19:39:48.0361 4348 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:39:48.0387 4348 Modem - ok
19:39:48.0391 4348 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:39:48.0402 4348 monitor - ok
19:39:48.0406 4348 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
19:39:48.0417 4348 motandroidusb - ok
19:39:48.0421 4348 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
19:39:48.0433 4348 motccgp - ok
19:39:48.0437 4348 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
19:39:48.0449 4348 motccgpfl - ok
19:39:48.0453 4348 MotDev (3cc500c9b0e4d476802d277353cb2c89) C:\Windows\system32\DRIVERS\motodrv.sys
19:39:48.0464 4348 MotDev - ok
19:39:48.0468 4348 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
19:39:48.0480 4348 motmodem - ok
19:39:48.0489 4348 MotoHelper (9dfd34e6841c460b5d992a1c5327ae69) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
19:39:48.0498 4348 MotoHelper - ok
19:39:48.0501 4348 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
19:39:48.0510 4348 MotoSwitchService - ok
19:39:48.0514 4348 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
19:39:48.0523 4348 Motousbnet - ok
19:39:48.0526 4348 motusbdevice (d075b1d964a314d240f5498773ee89df) C:\Windows\system32\DRIVERS\motusbdevice.sys
19:39:48.0538 4348 motusbdevice - ok
19:39:48.0543 4348 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:39:48.0552 4348 mouclass - ok
19:39:48.0557 4348 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:39:48.0567 4348 mouhid - ok
19:39:48.0571 4348 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:39:48.0581 4348 mountmgr - ok
19:39:48.0587 4348 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:39:48.0598 4348 mpio - ok
19:39:48.0604 4348 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:39:48.0629 4348 mpsdrv - ok
19:39:48.0636 4348 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:39:48.0650 4348 MRxDAV - ok
19:39:48.0656 4348 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:39:48.0666 4348 mrxsmb - ok
19:39:48.0676 4348 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:39:48.0687 4348 mrxsmb10 - ok
19:39:48.0693 4348 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:39:48.0703 4348 mrxsmb20 - ok
19:39:48.0707 4348 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:39:48.0716 4348 msahci - ok
19:39:48.0722 4348 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:39:48.0732 4348 msdsm - ok
19:39:48.0738 4348 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:39:48.0750 4348 MSDTC - ok
19:39:48.0757 4348 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:39:48.0782 4348 Msfs - ok
19:39:48.0785 4348 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:39:48.0810 4348 mshidkmdf - ok
19:39:48.0813 4348 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:39:48.0822 4348 msisadrv - ok
19:39:48.0829 4348 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:39:48.0856 4348 MSiSCSI - ok
19:39:48.0858 4348 msiserver - ok
19:39:48.0863 4348 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:39:48.0888 4348 MSKSSRV - ok
19:39:48.0891 4348 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:39:48.0916 4348 MSPCLOCK - ok
19:39:48.0919 4348 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:39:48.0944 4348 MSPQM - ok
19:39:48.0956 4348 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:39:48.0969 4348 MsRPC - ok
19:39:48.0974 4348 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:39:48.0983 4348 mssmbios - ok
19:39:48.0987 4348 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:39:49.0012 4348 MSTEE - ok
19:39:49.0015 4348 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:39:49.0024 4348 MTConfig - ok
19:39:49.0029 4348 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:39:49.0038 4348 Mup - ok
19:39:49.0053 4348 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:39:49.0082 4348 napagent - ok
19:39:49.0094 4348 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:39:49.0108 4348 NativeWifiP - ok
19:39:49.0135 4348 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:39:49.0154 4348 NDIS - ok
19:39:49.0158 4348 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:39:49.0184 4348 NdisCap - ok
19:39:49.0187 4348 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:39:49.0213 4348 NdisTapi - ok
19:39:49.0217 4348 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:39:49.0242 4348 Ndisuio - ok
19:39:49.0249 4348 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:39:49.0274 4348 NdisWan - ok
19:39:49.0279 4348 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:39:49.0303 4348 NDProxy - ok
19:39:49.0308 4348 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:39:49.0333 4348 NetBIOS - ok
19:39:49.0342 4348 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:39:49.0368 4348 NetBT - ok
19:39:49.0372 4348 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:39:49.0382 4348 Netlogon - ok
19:39:49.0394 4348 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:39:49.0422 4348 Netman - ok
19:39:49.0437 4348 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:39:49.0467 4348 netprofm - ok
19:39:49.0474 4348 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:39:49.0483 4348 NetTcpPortSharing - ok
19:39:49.0487 4348 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:39:49.0496 4348 nfrd960 - ok
19:39:49.0508 4348 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:39:49.0536 4348 NlaSvc - ok
19:39:49.0539 4348 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:39:49.0565 4348 Npfs - ok
19:39:49.0569 4348 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:39:49.0596 4348 nsi - ok
19:39:49.0599 4348 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:39:49.0624 4348 nsiproxy - ok
19:39:49.0671 4348 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:39:49.0696 4348 Ntfs - ok
19:39:49.0719 4348 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:39:49.0744 4348 Null - ok
19:39:49.0750 4348 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:39:49.0761 4348 nvraid - ok
19:39:49.0767 4348 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:39:49.0778 4348 nvstor - ok
19:39:49.0784 4348 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:39:49.0794 4348 nv_agp - ok
19:39:49.0809 4348 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:39:49.0821 4348 odserv - ok
19:39:49.0825 4348 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:39:49.0836 4348 ohci1394 - ok
19:39:49.0842 4348 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:39:49.0851 4348 ose - ok
19:39:49.0864 4348 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:39:49.0877 4348 p2pimsvc - ok
19:39:49.0890 4348 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:39:49.0904 4348 p2psvc - ok
19:39:49.0910 4348 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:39:49.0920 4348 Parport - ok
19:39:49.0924 4348 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:39:49.0934 4348 partmgr - ok
19:39:49.0941 4348 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:39:49.0957 4348 PcaSvc - ok
19:39:49.0961 4348 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:39:49.0969 4348 pccsmcfd - ok
19:39:49.0977 4348 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:39:49.0987 4348 pci - ok
19:39:49.0990 4348 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:39:49.0999 4348 pciide - ok
19:39:50.0007 4348 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:39:50.0019 4348 pcmcia - ok
19:39:50.0022 4348 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:39:50.0032 4348 pcw - ok
19:39:50.0050 4348 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:39:50.0080 4348 PEAUTH - ok
19:39:50.0100 4348 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:39:50.0111 4348 PerfHost - ok
19:39:50.0169 4348 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:39:50.0205 4348 pla - ok
19:39:50.0218 4348 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:39:50.0232 4348 PlugPlay - ok
19:39:50.0236 4348 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:39:50.0246 4348 PNRPAutoReg - ok
19:39:50.0257 4348 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:39:50.0270 4348 PNRPsvc - ok
19:39:50.0277 4348 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
19:39:50.0285 4348 Point64 - ok
19:39:50.0300 4348 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:39:50.0329 4348 PolicyAgent - ok
19:39:50.0337 4348 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:39:50.0366 4348 Power - ok
19:39:50.0372 4348 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:39:50.0397 4348 PptpMiniport - ok
19:39:50.0401 4348 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:39:50.0411 4348 Processor - ok
19:39:50.0419 4348 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:39:50.0446 4348 ProfSvc - ok
19:39:50.0450 4348 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:39:50.0460 4348 ProtectedStorage - ok
19:39:50.0467 4348 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:39:50.0492 4348 Psched - ok
19:39:50.0533 4348 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:39:50.0557 4348 ql2300 - ok
19:39:50.0583 4348 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:39:50.0593 4348 ql40xx - ok
19:39:50.0602 4348 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:39:50.0618 4348 QWAVE - ok
19:39:50.0622 4348 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:39:50.0635 4348 QWAVEdrv - ok
19:39:50.0637 4348 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:39:50.0663 4348 RasAcd - ok
19:39:50.0667 4348 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:39:50.0693 4348 RasAgileVpn - ok
19:39:50.0698 4348 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:39:50.0726 4348 RasAuto - ok
19:39:50.0732 4348 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:39:50.0757 4348 Rasl2tp - ok
19:39:50.0768 4348 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:39:50.0796 4348 RasMan - ok
19:39:50.0802 4348 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:39:50.0828 4348 RasPppoe - ok
19:39:50.0833 4348 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:39:50.0859 4348 RasSstp - ok
19:39:50.0869 4348 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:39:50.0895 4348 rdbss - ok
19:39:50.0899 4348 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:39:50.0910 4348 rdpbus - ok
19:39:50.0913 4348 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:39:50.0938 4348 RDPCDD - ok
19:39:50.0943 4348 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:39:50.0969 4348 RDPENCDD - ok
19:39:50.0973 4348 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:39:50.0998 4348 RDPREFMP - ok
19:39:51.0006 4348 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:39:51.0017 4348 RDPWD - ok
19:39:51.0025 4348 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:39:51.0036 4348 rdyboost - ok
19:39:51.0042 4348 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:39:51.0068 4348 RemoteAccess - ok
19:39:51.0076 4348 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:39:51.0103 4348 RemoteRegistry - ok
19:39:51.0106 4348 RimUsb - ok
19:39:51.0111 4348 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
19:39:51.0119 4348 RimVSerPort - ok
19:39:51.0123 4348 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
19:39:51.0148 4348 ROOTMODEM - ok
19:39:51.0152 4348 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:39:51.0180 4348 RpcEptMapper - ok
19:39:51.0182 4348 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:39:51.0193 4348 RpcLocator - ok
19:39:51.0210 4348 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:39:51.0240 4348 RpcSs - ok
19:39:51.0245 4348 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:39:51.0271 4348 rspndr - ok
19:39:51.0280 4348 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
19:39:51.0290 4348 RTHDMIAzAudService - ok
19:39:51.0301 4348 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:39:51.0312 4348 RTL8167 - ok
19:39:51.0316 4348 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:39:51.0326 4348 SamSs - ok
19:39:51.0332 4348 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:39:51.0342 4348 sbp2port - ok
19:39:51.0391 4348 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
19:39:51.0410 4348 SBSDWSCService - ok
19:39:51.0418 4348 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:39:51.0446 4348 SCardSvr - ok
19:39:51.0450 4348 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:39:51.0474 4348 scfilter - ok
19:39:51.0565 4348 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:39:51.0599 4348 Schedule - ok
19:39:51.0604 4348 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:39:51.0629 4348 SCPolicySvc - ok
19:39:51.0636 4348 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:39:51.0648 4348 SDRSVC - ok
19:39:51.0654 4348 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:39:51.0680 4348 secdrv - ok
19:39:51.0683 4348 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:39:51.0710 4348 seclogon - ok
19:39:51.0714 4348 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:39:51.0741 4348 SENS - ok
19:39:51.0745 4348 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:39:51.0756 4348 SensrSvc - ok
19:39:51.0763 4348 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:39:51.0773 4348 Serenum - ok
19:39:51.0778 4348 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:39:51.0788 4348 Serial - ok
19:39:51.0792 4348 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:39:51.0802 4348 sermouse - ok
19:39:51.0825 4348 ServiceLayer (668043f192ab9659761a349a4703600d) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:39:51.0839 4348 ServiceLayer - ok
19:39:51.0850 4348 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:39:51.0877 4348 SessionEnv - ok
19:39:51.0880 4348 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:39:51.0891 4348 sffdisk - ok
19:39:51.0894 4348 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:39:51.0906 4348 sffp_mmc - ok
19:39:51.0909 4348 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:39:51.0920 4348 sffp_sd - ok
19:39:51.0923 4348 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:39:51.0933 4348 sfloppy - ok
19:39:51.0945 4348 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:39:51.0974 4348 SharedAccess - ok
19:39:51.0986 4348 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:39:52.0016 4348 ShellHWDetection - ok
19:39:52.0020 4348 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:39:52.0029 4348 SiSRaid2 - ok
19:39:52.0034 4348 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:39:52.0044 4348 SiSRaid4 - ok
19:39:52.0049 4348 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:39:52.0075 4348 Smb - ok
19:39:52.0082 4348 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:39:52.0094 4348 SNMPTRAP - ok
19:39:52.0097 4348 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:39:52.0106 4348 spldr - ok
19:39:52.0123 4348 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:39:52.0153 4348 Spooler - ok
19:39:52.0246 4348 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:39:52.0299 4348 sppsvc - ok
19:39:52.0320 4348 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:39:52.0348 4348 sppuinotify - ok
19:39:52.0375 4348 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\system32\Drivers\sptd.sys
19:39:52.0376 4348 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51de15ca5c05bca46d8b110cd00a02fb
19:39:52.0377 4348 sptd ( LockedFile.Multi.Generic ) - warning
19:39:52.0377 4348 sptd - detected LockedFile.Multi.Generic (1)
19:39:52.0392 4348 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:39:52.0404 4348 srv - ok
19:39:52.0418 4348 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:39:52.0430 4348 srv2 - ok
19:39:52.0437 4348 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:39:52.0448 4348 srvnet - ok
19:39:52.0455 4348 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:39:52.0484 4348 SSDPSRV - ok
19:39:52.0488 4348 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:39:52.0516 4348 SstpSvc - ok
19:39:52.0540 4348 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) e:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
19:39:52.0546 4348 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
19:39:52.0546 4348 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
19:39:52.0550 4348 Steam Client Service - ok
19:39:52.0555 4348 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:39:52.0564 4348 stexstor - ok
19:39:52.0582 4348 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:39:52.0601 4348 stisvc - ok
19:39:52.0604 4348 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:39:52.0613 4348 swenum - ok
19:39:52.0629 4348 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:39:52.0660 4348 swprv - ok
19:39:52.0708 4348 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:39:52.0735 4348 SysMain - ok
19:39:52.0758 4348 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:39:52.0773 4348 TabletInputService - ok
19:39:52.0784 4348 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:39:52.0812 4348 TapiSrv - ok
19:39:52.0817 4348 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:39:52.0845 4348 TBS - ok
19:39:52.0899 4348 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:39:52.0927 4348 Tcpip - ok
19:39:52.0999 4348 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:39:53.0027 4348 TCPIP6 - ok
19:39:53.0052 4348 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:39:53.0077 4348 tcpipreg - ok
19:39:53.0082 4348 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:39:53.0091 4348 TDPIPE - ok
19:39:53.0094 4348 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:39:53.0104 4348 TDTCP - ok
19:39:53.0110 4348 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:39:53.0135 4348 tdx - ok
19:39:53.0139 4348 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:39:53.0149 4348 TermDD - ok
19:39:53.0169 4348 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:39:53.0200 4348 TermService - ok
19:39:53.0204 4348 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:39:53.0219 4348 Themes - ok
19:39:53.0242 4348 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:39:53.0269 4348 THREADORDER - ok
19:39:53.0275 4348 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:39:53.0303 4348 TrkWks - ok
19:39:53.0311 4348 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:39:53.0336 4348 TrustedInstaller - ok
19:39:53.0342 4348 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:39:53.0366 4348 tssecsrv - ok
19:39:53.0371 4348 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:39:53.0381 4348 TsUsbFlt - ok
19:39:53.0387 4348 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:39:53.0412 4348 tunnel - ok
19:39:53.0417 4348 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:39:53.0426 4348 uagp35 - ok
19:39:53.0437 4348 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:39:53.0464 4348 udfs - ok
19:39:53.0472 4348 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:39:53.0485 4348 UI0Detect - ok
19:39:53.0489 4348 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:39:53.0499 4348 uliagpkx - ok
19:39:53.0504 4348 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:39:53.0514 4348 umbus - ok
19:39:53.0517 4348 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:39:53.0527 4348 UmPass - ok
19:39:53.0539 4348 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:39:53.0568 4348 upnphost - ok
19:39:53.0576 4348 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:39:53.0585 4348 USBAAPL64 - ok
19:39:53.0591 4348 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:39:53.0604 4348 usbaudio - ok
19:39:53.0609 4348 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:39:53.0619 4348 usbccgp - ok
19:39:53.0625 4348 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:39:53.0637 4348 usbcir - ok
19:39:53.0641 4348 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:39:53.0651 4348 usbehci - ok
19:39:53.0663 4348 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:39:53.0674 4348 usbhub - ok
19:39:53.0678 4348 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:39:53.0688 4348 usbohci - ok
19:39:53.0691 4348 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:39:53.0703 4348 usbprint - ok
19:39:53.0707 4348 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:39:53.0719 4348 usbscan - ok
19:39:53.0723 4348 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
19:39:53.0733 4348 usbser - ok
19:39:53.0738 4348 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:39:53.0748 4348 USBSTOR - ok
19:39:53.0751 4348 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:39:53.0761 4348 usbuhci - ok
19:39:53.0765 4348 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:39:53.0793 4348 UxSms - ok
19:39:53.0796 4348 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:39:53.0807 4348 VaultSvc - ok
19:39:53.0811 4348 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:39:53.0820 4348 vdrvroot - ok
19:39:53.0836 4348 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:39:53.0866 4348 vds - ok
19:39:53.0871 4348 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:39:53.0882 4348 vga - ok
19:39:53.0886 4348 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:39:53.0911 4348 VgaSave - ok
19:39:53.0919 4348 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:39:53.0930 4348 vhdmp - ok
19:39:53.0934 4348 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:39:53.0943 4348 viaide - ok
19:39:53.0947 4348 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:39:53.0957 4348 volmgr - ok
19:39:53.0969 4348 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:39:53.0982 4348 volmgrx - ok
19:39:53.0992 4348 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:39:54.0004 4348 volsnap - ok
19:39:54.0011 4348 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:39:54.0022 4348 vsmraid - ok
19:39:54.0065 4348 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:39:54.0103 4348 VSS - ok
19:39:54.0126 4348 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:39:54.0138 4348 vwifibus - ok
19:39:54.0151 4348 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:39:54.0181 4348 W32Time - ok
19:39:54.0186 4348 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:39:54.0196 4348 WacomPen - ok
19:39:54.0202 4348 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:39:54.0227 4348 WANARP - ok
19:39:54.0229 4348 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:39:54.0254 4348 Wanarpv6 - ok
19:39:54.0291 4348 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:39:54.0312 4348 WatAdminSvc - ok
19:39:54.0354 4348 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:39:54.0376 4348 wbengine - ok
19:39:54.0401 4348 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:39:54.0417 4348 WbioSrvc - ok
19:39:54.0429 4348 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:39:54.0447 4348 wcncsvc - ok
19:39:54.0451 4348 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:39:54.0462 4348 WcsPlugInService - ok
19:39:54.0468 4348 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:39:54.0478 4348 Wd - ok
19:39:54.0497 4348 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:39:54.0513 4348 Wdf01000 - ok
19:39:54.0518 4348 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:39:54.0534 4348 WdiServiceHost - ok
19:39:54.0536 4348 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:39:54.0551 4348 WdiSystemHost - ok
19:39:54.0561 4348 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:39:54.0578 4348 WebClient - ok
19:39:54.0587 4348 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:39:54.0616 4348 Wecsvc - ok
19:39:54.0621 4348 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:39:54.0649 4348 wercplsupport - ok
19:39:54.0654 4348 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:39:54.0682 4348 WerSvc - ok
19:39:54.0689 4348 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:39:54.0714 4348 WfpLwf - ok
19:39:54.0718 4348 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:39:54.0727 4348 WIMMount - ok
19:39:54.0731 4348 WinHttpAutoProxySvc - ok
19:39:54.0743 4348 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:39:54.0770 4348 Winmgmt - ok
19:39:54.0825 4348 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:39:54.0866 4348 WinRM - ok
19:39:54.0893 4348 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:39:54.0905 4348 WinUsb - ok
19:39:54.0930 4348 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:39:54.0952 4348 Wlansvc - ok
19:39:54.0955 4348 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:39:54.0965 4348 WmiAcpi - ok
19:39:54.0976 4348 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:39:54.0988 4348 wmiApSrv - ok
19:39:54.0991 4348 WMPNetworkSvc - ok
19:39:54.0996 4348 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:39:55.0007 4348 WPCSvc - ok
19:39:55.0013 4348 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:39:55.0026 4348 WPDBusEnum - ok
19:39:55.0030 4348 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:39:55.0055 4348 ws2ifsl - ok
19:39:55.0058 4348 WSearch - ok
19:39:55.0123 4348 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:39:55.0168 4348 wuauserv - ok
19:39:55.0193 4348 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:39:55.0219 4348 WudfPf - ok
19:39:55.0226 4348 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:39:55.0252 4348 WUDFRd - ok
19:39:55.0257 4348 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:39:55.0284 4348 wudfsvc - ok
19:39:55.0293 4348 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:39:55.0309 4348 WwanSvc - ok
19:39:55.0318 4348 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:39:55.0335 4348 \Device\Harddisk0\DR0 - ok
19:39:55.0338 4348 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
19:39:55.0359 4348 \Device\Harddisk1\DR1 - ok
19:39:55.0361 4348 Boot (0x1200) (28ab4e145d94a5d0e4546e9adb132c41) \Device\Harddisk0\DR0\Partition0
19:39:55.0362 4348 \Device\Harddisk0\DR0\Partition0 - ok
19:39:55.0365 4348 Boot (0x1200) (9821bf7f2763306ab5fa84f3080d3cc4) \Device\Harddisk0\DR0\Partition1
19:39:55.0366 4348 \Device\Harddisk0\DR0\Partition1 - ok
19:39:55.0368 4348 Boot (0x1200) (4e09bdd97d682251f5510ed0bf0bb6e8) \Device\Harddisk1\DR1\Partition0
19:39:55.0369 4348 \Device\Harddisk1\DR1\Partition0 - ok
19:39:55.0371 4348 Boot (0x1200) (61b1b40b18537a221ec1e04955ac8e9c) \Device\Harddisk1\DR1\Partition1
19:39:55.0378 4348 \Device\Harddisk1\DR1\Partition1 - ok
19:39:55.0378 4348 ============================================================
19:39:55.0378 4348 Scan finished
19:39:55.0378 4348 ============================================================
19:39:55.0385 3604 Detected object count: 4
19:39:55.0385 3604 Actual detected object count: 4
19:39:58.0082 3604 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:58.0082 3604 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:58.0083 3604 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:58.0083 3604 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:58.0084 3604 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:39:58.0084 3604 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:39:58.0086 3604 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:58.0086 3604 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:00.0107 4108 Deinitialize success

Back to top

#10 $\SysWOW64\rundll32.exe takes me to dangerous website: post #10$ MrCharlie

Forum Deity

Experts
18,274 posts

Gender:Male
Location:So. Plainfield, New Jersey, USA

Posted 03 May 2012 - 01:45 PM

That scan was clean, just some unsigned files.

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.
MrC

Malware Removal Expert

I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Thanks MrC & crew

Back to top

#11 $\SysWOW64\rundll32.exe takes me to dangerous website: post #11$ alasdairt

New Member

Members
10 posts

Posted 03 May 2012 - 02:14 PM

ComboFix 12-05-03.02 - Al 03/05/2012 20:06:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16381.12663 [GMT 1:00]
Running from: c:\users\Al\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Al\AppData\Local\assembly\tmp
c:\users\Al\AppData\Local\Temp\mietp.dll
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-04-03 to 2012-05-03 )))))))))))))))))))))))))))))))
.
.
2012-05-03 19:09 . 2012-05-03 19:09 -------- d-----w- c:\users\Kids\AppData\Local\temp
2012-05-03 19:09 . 2012-05-03 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-02 17:07 . 2012-05-02 17:07 -------- d-sh--w- c:\users\Al\AppData\Roaming\Common
2012-04-30 18:52 . 2012-04-30 18:52 457632 ----a-w- C:\FixExec.exe
2012-04-30 18:44 . 2012-04-30 18:48 -------- d-----w- c:\programdata\B7E85B3B00000AA700005E17B4EB2367
2012-04-30 18:32 . 2012-04-30 18:32 -------- d-----w- c:\windows\Sun
2012-04-30 17:36 . 2012-04-30 17:36 -------- d--h--w- c:\programdata\CanonIJScan
2012-04-30 17:36 . 2012-04-30 17:36 -------- d-----w- c:\users\Al\AppData\Roaming\Canon
2012-04-30 17:36 . 2012-04-30 17:36 -------- d-----w- c:\program files (x86)\Canon
2012-04-30 17:20 . 2012-04-30 17:20 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-04-30 17:19 . 2008-07-16 08:39 235008 ----a-w- c:\windows\system32\CNQ9601O.DLL
2012-04-30 17:19 . 2010-12-17 14:32 495104 ----a-w- c:\windows\system32\CNQ9601L.DLL
2012-04-30 17:19 . 2008-10-07 10:21 92672 ----a-w- c:\windows\system32\CNQ9601I.DLL
2012-04-30 17:19 . 2008-10-07 10:21 1342976 ----a-w- c:\windows\system32\CNQ9601C.DLL
2012-04-30 17:19 . 2008-08-25 17:02 17920 ----a-w- c:\windows\system32\CNHMCA6.DLL
2012-04-29 12:42 . 2012-04-29 12:42 -------- d-----w- c:\users\Kids\AppData\Roaming\Logitech
2012-04-29 12:42 . 2012-04-29 12:42 -------- d-----w- c:\users\Kids\AppData\Roaming\Apple Computer
2012-04-29 12:42 . 2012-04-29 12:42 -------- d-----w- c:\users\Kids\AppData\Local\Adobe
2012-04-29 07:46 . 2012-04-29 07:46 -------- d-----w- c:\programdata\CCP
2012-04-28 16:28 . 2012-04-28 17:34 -------- d-----w- c:\users\Al\AppData\Roaming\PCF-VLC
2012-04-28 16:27 . 2012-04-28 16:27 -------- d-----w- c:\users\Al\AppData\Roaming\Participatory Culture Foundation
2012-04-28 16:26 . 2012-04-28 16:26 -------- d-----w- c:\program files (x86)\Participatory Culture Foundation
2012-04-28 15:42 . 2012-04-28 15:42 -------- d-----w- c:\users\Al\AppData\Local\CCP
2012-04-27 21:33 . 2012-04-27 21:33 -------- d-----w- c:\program files (x86)\iLivid
2012-04-27 19:35 . 2012-04-27 19:35 -------- d-----w- c:\users\Al\AppData\Local\Skyrim
2012-04-27 16:33 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C32B9BEE-0D50-476F-916E-55408480AF77}\mpengine.dll
2012-04-26 02:00 . 2012-04-26 02:00 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-25 20:46 . 2012-04-25 20:46 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-24 18:30 . 2012-04-25 21:28 -------- d-----w- c:\users\Al\AppData\Local\Motosftemp
2012-04-24 18:23 . 2012-05-03 19:10 -------- d-----w- C:\Temp
2012-04-24 18:23 . 2012-04-24 18:23 -------- d-----w- c:\program files\Motorola Inc
2012-04-19 15:24 . 2012-04-19 15:36 -------- d-----w- c:\users\Al\.android
2012-04-11 02:01 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 02:01 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 02:01 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 02:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 02:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 02:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 02:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 02:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 02:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 02:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 12:26 . 2012-04-10 12:26 -------- d-----w- c:\users\Kids\AppData\Local\Apple
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 14:56 . 2011-12-04 09:42 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-06 23:15 . 2011-02-14 22:21 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-02-14 22:21 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-02-14 22:21 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-02-26 18:02 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-02-14 22:21 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-03-27 15:54 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-02-14 22:21 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-02-14 22:21 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-02-14 22:21 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-24 12:19 . 2012-02-24 12:19 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-24 12:19 . 2012-02-24 12:19 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-24 12:19 . 2012-02-24 12:19 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-24 12:19 . 2012-02-24 12:19 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-23 09:18 . 2011-02-14 18:46 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 19:06 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 19:06 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 19:06 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 19:06 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-13 19:09 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 19:09 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 10:02 . 2012-02-07 10:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Al\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Al\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Al\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="e:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]
"SpybotSD TeaTimer"="e:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DisplayFusion"="e:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2012-05-02 4419488]
"Steam"="e:\program files (x86)\Steam\steam.exe" [2011-10-17 1242448]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="e:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="e:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="e:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"GrooveMonitor"="e:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\users\Al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-11-25 0]
Dropbox.lnk - c:\users\Al\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-26 27264496]
.
c:\users\Al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OneNote 2007 Screen Clipper and Launcher.lnk - e:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
PS3 Media Server.lnk - e:\program files (x86)\PS3 Media Server\PMS.exe [2011-7-5 432749]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19 136176]
R2 MBAMService;MBAMService;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-02-18 25640]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-06-07 30528]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-24 365568]
S2 ASTRA64;ASTRA64 Kernel Driver 1.0.0.1;e:\program files (x86)\ASTRA32\ASTRA64.sys [2007-02-22 21200]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 SBSDWSCService;SBSD Security Center Service;e:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8408e57-3867-11e0-a278-1c6f658bd1c1}]
\shell\AutoRun\command - G:\INSTALL.EXE
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19 09:09]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19 09:09]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3569113882-3445991305-3262552411-1000Core.job
- c:\users\Al\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-14 18:30]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3569113882-3445991305-3262552411-1000UA.job
- c:\users\Al\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-14 18:30]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- e:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Al\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Al\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Al\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Al\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AA1CF23E-6632-41D9-B700-20B5D1B1738F}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
Notify-LBTWlgn - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-Smart Fortress 2012 - c:\programdata\B7E85B3B00000AA700005E17B4EB2367\B7E85B3B00000AA700005E17B4EB2367.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
e:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2012-05-03 20:13:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-03 19:13
.
Pre-Run: 16,005,185,536 bytes free
Post-Run: 16,782,917,632 bytes free
.
- - End Of File - - 77AA7DE8610AB3CA0B0B89FDB6DA5176

Back to top

#12 $\SysWOW64\rundll32.exe takes me to dangerous website: post #12$ alasdairt

New Member

Members
10 posts

Posted 03 May 2012 - 02:15 PM

HI. Just a note. I did disable all the Avast! shields (as per the guidance in link), but ComboFIx still reported that Avast! was still running - I think this was just the UI minmised to the tray as I couldnt find anything else to disable and it doesnt have a convenient option to turn it off! Cheers

Back to top

#13 $\SysWOW64\rundll32.exe takes me to dangerous website: post #13$ MrCharlie

Forum Deity

Experts
18,274 posts

Gender:Male
Location:So. Plainfield, New Jersey, USA

Posted 03 May 2012 - 02:34 PM

Quote

HI. Just a note. I did disable all the Avast! shields (as per the guidance in link), but ComboFIx still reported that Avast! was still running - I think this was just the UI minmised to the tray as I couldnt find anything else to disable and it doesnt have a convenient option to turn it off! Cheers

Don't worry about it.

------------------------------------------------------------

Can you have a look at this folder and see what's it and do you recognize it.

c:\programdata\B7E85B3B00000AA700005E17B4EB2367

-------------------------------------------

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.
Double click on the icon on your desktop.
Click the Scan All Users checkbox.
Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

MrC

Malware Removal Expert

I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Thanks MrC & crew

Back to top

#14 $\SysWOW64\rundll32.exe takes me to dangerous website: post #14$ alasdairt

New Member

Members
10 posts

Posted 03 May 2012 - 04:05 PM

No idea what that folder is in ProgramData

Attached Files

Extras.Txt 115.47KB 8 downloads
OTL.Txt 93.66KB 7 downloads

Back to top

#15 $\SysWOW64\rundll32.exe takes me to dangerous website: post #15$ MrCharlie

Forum Deity

Experts
18,274 posts

Gender:Male
Location:So. Plainfield, New Jersey, USA

Posted 03 May 2012 - 04:26 PM

Not much showing....

Please do this:
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKU\S-1-5-21-3569113882-3445991305-3262552411-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.

:Commands
[EMPTYJAVA]
[emptytemp]

Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Let me know if there's any improvement, MrC

Malware Removal Expert

I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Thanks MrC & crew

Back to top

#16 $\SysWOW64\rundll32.exe takes me to dangerous website: post #16$ alasdairt

New Member

Members
10 posts

Posted 03 May 2012 - 04:54 PM

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry value HKEY_USERS\S-1-5-21-3569113882-3445991305-3262552411-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
========== COMMANDS ==========

[EMPTYJAVA]

User: Al
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Kids

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Al
->Temp folder emptied: 634 bytes
->Temporary Internet Files folder emptied: 35502659 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 35922214 bytes
->Flash cache emptied: 172004 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kids
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 113762702 bytes
->Flash cache emptied: 82310 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6032 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 177.00 mb

OTL by OldTimer - Version 3.2.42.2 log created on 05032012_222939

Back to top

#17 $\SysWOW64\rundll32.exe takes me to dangerous website: post #17$ MrCharlie

Forum Deity

Experts
18,274 posts

Gender:Male
Location:So. Plainfield, New Jersey, USA

Posted 03 May 2012 - 04:55 PM

Is there any improvement?? MrC

Malware Removal Expert

I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Thanks MrC & crew

Back to top

#18 $\SysWOW64\rundll32.exe takes me to dangerous website: post #18$ alasdairt

New Member

Members
10 posts

Posted 03 May 2012 - 05:21 PM

Hard to say as the warning comes up at random intervals. I havent had the warning box come up whilst we've been running all these scans but that could be because I havent really been looking at any web pages except for refreshing this one. I'll spend some time online tomorrow night and see if the problem has gone away. Thanks for all the help!