\SysWOW64\rundll32.exe takes me to dangerous website

[alasdairt]

Hi After my AV started reporting infections Ive run a series of scans with Malwarebytes as well as Avast! and Spybot. However ,I am still left with a problem whereby every couple of minutes MWB reports it has prevented me from visiting a dangerous website (I have not tried to navigate to any page but it says that the process involved is C:\Windows\SysWOW64\rundll32.exe so assume this has become infected.) Any thoughts on how I should remove the cause of this would be most gratefully received. Cheers

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Al at 19:09:32 on 2012-05-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16381.13796 [GMT 1:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

e:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

e:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

E:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe

E:\Program Files (x86)\DisplayFusion\DisplayFusion.exe

C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe

E:\Program Files (x86)\Steam\Steam.exe

C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe

E:\Program Files (x86)\DisplayFusion\AppHookx86.exe

C:\Users\Al\AppData\Local\Apps\2.0\47TY1899.DAR\1G67QV7L.RBM\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe

C:\Users\Al\AppData\Roaming\Dropbox\bin\Dropbox.exe

E:\Program Files (x86)\itunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

E:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\iPod\bin\iPodService.exe

E:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE

e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local;192.168.*.*

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - e:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - E:\java\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - e:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [AlcoholAutomount] "e:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount

uRun: [spybotSD TeaTimer] E:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [DisplayFusion] "e:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"

uRun: [Google Update] "C:\Users\Al\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "E:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [avast] "e:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [GrooveMonitor] "E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

StartupFolder: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\Users\Al\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Al\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Al\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\ONENOT~1.LNK - E:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\PS3MED~1.LNK - E:\Program Files (x86)\PS3 Media Server\PMS.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{AA1CF23E-6632-41D9-B700-20B5D1B1738F} : DhcpNameServer = 192.168.1.1

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\java\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [avast] "e:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [GrooveMonitor] "E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-5-24 365568]

R2 ASTRA64;ASTRA64 Kernel Driver 1.0.0.1;E:\Program Files (x86)\ASTRA32\astra64.sys [2007-2-22 21200]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;E:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-3-27 44768]

R2 MBAMService;MBAMService;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-4 654408]

R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]

R2 StarWindServiceAE;StarWind AE Service;E:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-19 136176]

S2 SBSDWSCService;SBSD Security Center Service;E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-5 1153368]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-2-18 25640]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-19 136176]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-2-18 30528]

S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]

S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]

S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys --> C:\Windows\system32\DRIVERS\motodrv.sys [?]

S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]

S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-30 18:52:20 457632 ----a-w- C:\FixExec.exe

2012-04-30 18:44:54 -------- d-----w- C:\ProgramData\B7E85B3B00000AA700005E17B4EB2367

2012-04-30 17:36:52 -------- d--h--w- C:\ProgramData\CanonIJScan

2012-04-30 17:36:28 -------- d-----w- C:\Program Files (x86)\Canon

2012-04-30 17:19:47 235008 ----a-w- C:\Windows\System32\CNQ9601O.DLL

2012-04-30 17:19:46 92672 ----a-w- C:\Windows\System32\CNQ9601I.DLL

2012-04-30 17:19:46 495104 ----a-w- C:\Windows\System32\CNQ9601L.DLL

2012-04-30 17:19:45 17920 ----a-w- C:\Windows\System32\CNHMCA6.DLL

2012-04-30 17:19:45 1342976 ----a-w- C:\Windows\System32\CNQ9601C.DLL

2012-04-29 07:46:58 -------- d-----w- C:\ProgramData\CCP

2012-04-28 16:28:01 -------- d-----w- C:\Users\Al\AppData\Roaming\PCF-VLC

2012-04-28 16:27:03 -------- d-----w- C:\Users\Al\AppData\Roaming\Participatory Culture Foundation

2012-04-28 16:26:43 -------- d-----w- C:\Program Files (x86)\Participatory Culture Foundation

2012-04-28 15:42:52 -------- d-----w- C:\Users\Al\AppData\Local\CCP

2012-04-27 21:33:16 -------- d-----w- C:\Program Files (x86)\iLivid

2012-04-27 19:35:13 -------- d-----w- C:\Users\Al\AppData\Local\Skyrim

2012-04-27 16:33:35 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C32B9BEE-0D50-476F-916E-55408480AF77}\mpengine.dll

2012-04-24 18:30:06 -------- d-----w- C:\Users\Al\AppData\Local\Motosftemp

2012-04-24 18:23:53 -------- d-----w- C:\Temp

2012-04-24 18:23:28 -------- d-----w- C:\Program Files\Motorola Inc

2012-04-19 15:24:55 -------- d-----w- C:\Users\Al\.android

2012-04-11 02:01:28 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-11 02:01:27 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-11 02:01:27 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-11 02:00:18 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-11 02:00:18 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-11 02:00:18 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-11 02:00:18 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-11 02:00:18 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-11 02:00:18 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-11 02:00:18 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr

2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-24 12:19:51 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-02-24 12:19:51 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-02-24 12:19:51 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-02-24 12:19:51 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-02-23 09:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-07 10:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 19:09:50.97 ===============

DDS.txt

Attach.txt

[alasdairt]

Correct, it was Avast! that was blocking the malicious website, not Antimalware..

It gave this message:

Infection Details

URL: http://11sx5c8.realdatahosting.com/file/...

Process: C:\Windows\SysWOW64\rundll32.exe

Infection: URL:Mal

[MrCharlie]

Welcome to the forum.

Before we proceed further, please uninstall uTorrent and any other peer-to-peer filesharing apps.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[alasdairt]

Hi. Sorry for the delay -late one at work last night.

Yes please. I have uninstalled both utorrent & Sopcast - dont think there is anything else that comes under the P2P category.

What next?

[MrCharlie]

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

[alasdairt]

RogueKiller V7.4.2 [05/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Al [Admin rights]

Mode: Scan -- Date: 05/03/2012 18:36:57

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤

[bLACKLIST DLL] HKLM\[...]\Run : mietp (rundll32.exe "C:\Users\Al\AppData\Local\Temp\mietp.dll",mpegInSeekSample64) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: KINGSTON SNVP325S264GB ATA Device +++++

--- User ---

[MBR] d41af0937110441aaa1649db69d9d16a

[bSP] 8239f65f4c9010ca95501601bc45e7e1 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 60955 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD103UJ ATA Device +++++

--- User ---

[MBR] b950dd9215e4140c6b552dafc9418487

[bSP] ccdae066dea7e34cf31f002fa6e37b20 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 753865 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1543919616 | Size: 200000 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Please run RogueKiller again and click Scan

When the scan completes, click the Registry Entries

Put a check next to these and uncheck the rest

Now click Delete on the right hand column.

¤¤¤ Registry Entries: 5 ¤¤¤

[bLACKLIST DLL] HKLM\[...]\Run : mietp (rundll32.exe "C:\Users\Al\AppData\Local\Temp\mietp.dll",mpegInSeekSample64) -> FOUND

--------------------

Next......

Please make sure system restore is running and create a new restore point before continuing.

Instructions here

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[alasdairt]

19:39:37.0523 4916 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

19:39:37.0708 4916 ============================================================

19:39:37.0708 4916 Current date / time: 2012/05/03 19:39:37.0708

19:39:37.0708 4916 SystemInfo:

19:39:37.0708 4916

19:39:37.0708 4916 OS Version: 6.1.7601 ServicePack: 1.0

19:39:37.0708 4916 Product type: Workstation

19:39:37.0708 4916 ComputerName: AL-PC

19:39:37.0708 4916 UserName: Al

19:39:37.0709 4916 Windows directory: C:\Windows

19:39:37.0709 4916 System windows directory: C:\Windows

19:39:37.0709 4916 Running under WOW64

19:39:37.0709 4916 Processor architecture: Intel x64

19:39:37.0709 4916 Number of processors: 4

19:39:37.0709 4916 Page size: 0x1000

19:39:37.0709 4916 Boot type: Normal boot

19:39:37.0709 4916 ============================================================

19:39:38.0437 4916 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:39:38.0437 4916 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:39:38.0447 4916 ============================================================

19:39:38.0447 4916 \Device\Harddisk0\DR0:

19:39:38.0448 4916 MBR partitions:

19:39:38.0448 4916 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

19:39:38.0448 4916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800

19:39:38.0448 4916 \Device\Harddisk1\DR1:

19:39:38.0448 4916 MBR partitions:

19:39:38.0448 4916 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x5C064FF8

19:39:38.0448 4916 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x5C065800, BlocksNum 0x186A0000

19:39:38.0448 4916 ============================================================

19:39:38.0449 4916 C: <-> \Device\Harddisk0\DR0\Partition1

19:39:38.0477 4916 D: <-> \Device\Harddisk1\DR1\Partition0

19:39:38.0495 4916 E: <-> \Device\Harddisk1\DR1\Partition1

19:39:38.0495 4916 ============================================================

19:39:38.0495 4916 Initialize success

19:39:38.0495 4916 ============================================================

19:39:42.0697 4348 ============================================================

19:39:42.0697 4348 Scan started

19:39:42.0697 4348 Mode: Manual; SigCheck; TDLFS;

19:39:42.0697 4348 ============================================================

19:39:43.0653 4348 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

19:39:43.0702 4348 1394ohci - ok

19:39:43.0713 4348 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

19:39:43.0725 4348 ACPI - ok

19:39:43.0728 4348 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

19:39:43.0740 4348 AcpiPmi - ok

19:39:43.0745 4348 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

19:39:43.0754 4348 AdobeARMservice - ok

19:39:43.0769 4348 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

19:39:43.0783 4348 adp94xx - ok

19:39:43.0794 4348 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

19:39:43.0806 4348 adpahci - ok

19:39:43.0814 4348 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

19:39:43.0824 4348 adpu320 - ok

19:39:43.0830 4348 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

19:39:43.0856 4348 AeLookupSvc - ok

19:39:43.0872 4348 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

19:39:43.0885 4348 AFD - ok

19:39:43.0889 4348 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

19:39:43.0898 4348 agp440 - ok

19:39:43.0903 4348 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

19:39:43.0913 4348 ALG - ok

19:39:43.0916 4348 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

19:39:43.0925 4348 aliide - ok

19:39:43.0932 4348 AMD External Events Utility (514089cb4a7df38dc4dd936ade4114d3) C:\Windows\system32\atiesrxx.exe

19:39:43.0948 4348 AMD External Events Utility - ok

19:39:43.0952 4348 AMD FUEL Service - ok

19:39:43.0956 4348 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

19:39:43.0965 4348 amdide - ok

19:39:43.0969 4348 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

19:39:43.0988 4348 amdiox64 - ok

19:39:43.0992 4348 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

19:39:44.0002 4348 AmdK8 - ok

19:39:44.0244 4348 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys

19:39:44.0326 4348 amdkmdag - ok

19:39:44.0357 4348 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys

19:39:44.0372 4348 amdkmdap - ok

19:39:44.0376 4348 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

19:39:44.0386 4348 AmdPPM - ok

19:39:44.0391 4348 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

19:39:44.0401 4348 amdsata - ok

19:39:44.0408 4348 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

19:39:44.0419 4348 amdsbs - ok

19:39:44.0422 4348 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

19:39:44.0431 4348 amdxata - ok

19:39:44.0436 4348 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

19:39:44.0461 4348 AppID - ok

19:39:44.0464 4348 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

19:39:44.0489 4348 AppIDSvc - ok

19:39:44.0495 4348 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

19:39:44.0520 4348 Appinfo - ok

19:39:44.0526 4348 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

19:39:44.0535 4348 Apple Mobile Device - ok

19:39:44.0539 4348 AppleCharger (301aa64f9643bc453d90a66c4c0e7204) C:\Windows\system32\DRIVERS\AppleCharger.sys

19:39:44.0547 4348 AppleCharger - ok

19:39:44.0550 4348 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\Windows\system32\AppleChargerSrv.exe

19:39:44.0558 4348 AppleChargerSrv - ok

19:39:44.0563 4348 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

19:39:44.0572 4348 arc - ok

19:39:44.0577 4348 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

19:39:44.0587 4348 arcsas - ok

19:39:44.0593 4348 aspnet_state - ok

19:39:44.0608 4348 ASTRA64 (748b2514db1438fe16a2ddb56bfcf011) e:\Program Files (x86)\ASTRA32\ASTRA64.sys

19:39:44.0617 4348 ASTRA64 - ok

19:39:44.0620 4348 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys

19:39:44.0629 4348 aswFsBlk - ok

19:39:44.0634 4348 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys

19:39:44.0643 4348 aswMonFlt - ok

19:39:44.0647 4348 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys

19:39:44.0655 4348 aswRdr - ok

19:39:44.0681 4348 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys

19:39:44.0697 4348 aswSnx - ok

19:39:44.0709 4348 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys

19:39:44.0720 4348 aswSP - ok

19:39:44.0724 4348 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys

19:39:44.0733 4348 aswTdi - ok

19:39:44.0736 4348 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

19:39:44.0762 4348 AsyncMac - ok

19:39:44.0765 4348 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

19:39:44.0774 4348 atapi - ok

19:39:44.0782 4348 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys

19:39:44.0790 4348 AtiHDAudioService - ok

19:39:44.0810 4348 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:39:44.0839 4348 AudioEndpointBuilder - ok

19:39:44.0844 4348 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:39:44.0873 4348 AudioSrv - ok

19:39:44.0884 4348 avast! Antivirus (4041d31508a2a084dfb42c595854090f) e:\Program Files\Alwil Software\Avast5\AvastSvc.exe

19:39:44.0893 4348 avast! Antivirus - ok

19:39:44.0899 4348 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

19:39:44.0912 4348 AxInstSV - ok

19:39:44.0927 4348 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

19:39:44.0939 4348 b06bdrv - ok

19:39:44.0949 4348 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

19:39:44.0961 4348 b57nd60a - ok

19:39:44.0968 4348 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

19:39:44.0978 4348 BDESVC - ok

19:39:44.0981 4348 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

19:39:45.0006 4348 Beep - ok

19:39:45.0030 4348 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

19:39:45.0062 4348 BITS - ok

19:39:45.0066 4348 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

19:39:45.0076 4348 blbdrive - ok

19:39:45.0092 4348 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

19:39:45.0104 4348 Bonjour Service - ok

19:39:45.0110 4348 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

19:39:45.0119 4348 bowser - ok

19:39:45.0122 4348 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:39:45.0134 4348 BrFiltLo - ok

19:39:45.0136 4348 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:39:45.0148 4348 BrFiltUp - ok

19:39:45.0153 4348 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

19:39:45.0178 4348 Browser - ok

19:39:45.0188 4348 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

19:39:45.0200 4348 Brserid - ok

19:39:45.0203 4348 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

19:39:45.0215 4348 BrSerWdm - ok

19:39:45.0218 4348 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:39:45.0229 4348 BrUsbMdm - ok

19:39:45.0231 4348 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

19:39:45.0241 4348 BrUsbSer - ok

19:39:45.0243 4348 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys

19:39:45.0252 4348 BTCFilterService - ok

19:39:45.0258 4348 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

19:39:45.0269 4348 BTHMODEM - ok

19:39:45.0277 4348 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

19:39:45.0303 4348 bthserv - ok

19:39:45.0308 4348 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

19:39:45.0333 4348 cdfs - ok

19:39:45.0340 4348 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

19:39:45.0351 4348 cdrom - ok

19:39:45.0356 4348 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:39:45.0381 4348 CertPropSvc - ok

19:39:45.0385 4348 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

19:39:45.0396 4348 circlass - ok

19:39:45.0408 4348 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

19:39:45.0421 4348 CLFS - ok

19:39:45.0427 4348 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:39:45.0435 4348 clr_optimization_v2.0.50727_32 - ok

19:39:45.0441 4348 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:39:45.0449 4348 clr_optimization_v2.0.50727_64 - ok

19:39:45.0459 4348 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:39:45.0468 4348 clr_optimization_v4.0.30319_32 - ok

19:39:45.0475 4348 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:39:45.0484 4348 clr_optimization_v4.0.30319_64 - ok

19:39:45.0487 4348 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

19:39:45.0496 4348 CmBatt - ok

19:39:45.0499 4348 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

19:39:45.0509 4348 cmdide - ok

19:39:45.0523 4348 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

19:39:45.0541 4348 CNG - ok

19:39:45.0545 4348 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

19:39:45.0554 4348 Compbatt - ok

19:39:45.0557 4348 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

19:39:45.0569 4348 CompositeBus - ok

19:39:45.0571 4348 COMSysApp - ok

19:39:45.0575 4348 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

19:39:45.0585 4348 crcdisk - ok

19:39:45.0593 4348 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

19:39:45.0619 4348 CryptSvc - ok

19:39:45.0623 4348 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys

19:39:45.0632 4348 dc3d - ok

19:39:45.0649 4348 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:39:45.0679 4348 DcomLaunch - ok

19:39:45.0690 4348 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

19:39:45.0718 4348 defragsvc - ok

19:39:45.0723 4348 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

19:39:45.0748 4348 DfsC - ok

19:39:45.0759 4348 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

19:39:45.0786 4348 Dhcp - ok

19:39:45.0790 4348 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

19:39:45.0815 4348 discache - ok

19:39:45.0820 4348 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

19:39:45.0830 4348 Disk - ok

19:39:45.0837 4348 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

19:39:45.0848 4348 Dnscache - ok

19:39:45.0857 4348 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

19:39:45.0883 4348 dot3svc - ok

19:39:45.0890 4348 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

19:39:45.0916 4348 DPS - ok

19:39:45.0919 4348 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

19:39:45.0931 4348 drmkaud - ok

19:39:45.0958 4348 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

19:39:45.0977 4348 DXGKrnl - ok

19:39:45.0982 4348 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

19:39:46.0009 4348 EapHost - ok

19:39:46.0095 4348 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

19:39:46.0128 4348 ebdrv - ok

19:39:46.0149 4348 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

19:39:46.0159 4348 EFS - ok

19:39:46.0180 4348 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

19:39:46.0195 4348 ehRecvr - ok

19:39:46.0202 4348 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

19:39:46.0212 4348 ehSched - ok

19:39:46.0231 4348 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

19:39:46.0245 4348 elxstor - ok

19:39:46.0248 4348 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

19:39:46.0258 4348 ErrDev - ok

19:39:46.0262 4348 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys

19:39:46.0270 4348 etdrv - ok

19:39:46.0284 4348 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

19:39:46.0312 4348 EventSystem - ok

19:39:46.0320 4348 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

19:39:46.0347 4348 exfat - ok

19:39:46.0354 4348 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

19:39:46.0381 4348 fastfat - ok

19:39:46.0401 4348 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

19:39:46.0416 4348 Fax - ok

19:39:46.0419 4348 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

19:39:46.0429 4348 fdc - ok

19:39:46.0432 4348 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

19:39:46.0459 4348 fdPHost - ok

19:39:46.0462 4348 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

19:39:46.0488 4348 FDResPub - ok

19:39:46.0492 4348 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

19:39:46.0502 4348 FileInfo - ok

19:39:46.0505 4348 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

19:39:46.0530 4348 Filetrace - ok

19:39:46.0533 4348 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

19:39:46.0543 4348 flpydisk - ok

19:39:46.0553 4348 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

19:39:46.0564 4348 FltMgr - ok

19:39:46.0596 4348 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

19:39:46.0614 4348 FontCache - ok

19:39:46.0665 4348 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:39:46.0673 4348 FontCache3.0.0.0 - ok

19:39:46.0680 4348 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

19:39:46.0689 4348 FsDepends - ok

19:39:46.0692 4348 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

19:39:46.0701 4348 Fs_Rec - ok

19:39:46.0710 4348 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

19:39:46.0723 4348 fvevol - ok

19:39:46.0728 4348 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

19:39:46.0737 4348 gagp30kx - ok

19:39:46.0740 4348 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys

19:39:46.0747 4348 gdrv - ok

19:39:46.0751 4348 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

19:39:46.0759 4348 GEARAspiWDM - ok

19:39:46.0781 4348 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

19:39:46.0811 4348 gpsvc - ok

19:39:46.0820 4348 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:39:46.0829 4348 gupdate - ok

19:39:46.0833 4348 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:39:46.0841 4348 gupdatem - ok

19:39:46.0848 4348 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

19:39:46.0857 4348 gusvc - ok

19:39:46.0862 4348 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys

19:39:46.0870 4348 GVTDrv64 - ok

19:39:46.0873 4348 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

19:39:46.0882 4348 hcw85cir - ok

19:39:46.0893 4348 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

19:39:46.0907 4348 HdAudAddService - ok

19:39:46.0913 4348 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

19:39:46.0925 4348 HDAudBus - ok

19:39:46.0928 4348 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

19:39:46.0938 4348 HidBatt - ok

19:39:46.0942 4348 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

19:39:46.0954 4348 HidBth - ok

19:39:46.0958 4348 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

19:39:46.0969 4348 HidIr - ok

19:39:46.0973 4348 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

19:39:46.0999 4348 hidserv - ok

19:39:47.0003 4348 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

19:39:47.0013 4348 HidUsb - ok

19:39:47.0018 4348 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

19:39:47.0044 4348 hkmsvc - ok

19:39:47.0052 4348 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

19:39:47.0065 4348 HomeGroupListener - ok

19:39:47.0072 4348 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

19:39:47.0084 4348 HomeGroupProvider - ok

19:39:47.0090 4348 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

19:39:47.0100 4348 HpSAMD - ok

19:39:47.0121 4348 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

19:39:47.0151 4348 HTTP - ok

19:39:47.0154 4348 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

19:39:47.0163 4348 hwpolicy - ok

19:39:47.0168 4348 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

19:39:47.0178 4348 i8042prt - ok

19:39:47.0192 4348 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

19:39:47.0205 4348 iaStorV - ok

19:39:47.0211 4348 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

19:39:47.0215 4348 IDriverT ( UnsignedFile.Multi.Generic ) - warning

19:39:47.0215 4348 IDriverT - detected UnsignedFile.Multi.Generic (1)

19:39:47.0240 4348 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:39:47.0256 4348 idsvc - ok

19:39:47.0278 4348 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

19:39:47.0287 4348 iirsp - ok

19:39:47.0311 4348 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

19:39:47.0342 4348 IKEEXT - ok

19:39:47.0407 4348 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys

19:39:47.0439 4348 IntcAzAudAddService - ok

19:39:47.0462 4348 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

19:39:47.0471 4348 intelide - ok

19:39:47.0475 4348 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

19:39:47.0485 4348 intelppm - ok

19:39:47.0490 4348 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

19:39:47.0517 4348 IPBusEnum - ok

19:39:47.0522 4348 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:39:47.0547 4348 IpFilterDriver - ok

19:39:47.0551 4348 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

19:39:47.0561 4348 IPMIDRV - ok

19:39:47.0567 4348 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

19:39:47.0593 4348 IPNAT - ok

19:39:47.0621 4348 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe

19:39:47.0637 4348 iPod Service - ok

19:39:47.0640 4348 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

19:39:47.0653 4348 IRENUM - ok

19:39:47.0656 4348 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

19:39:47.0665 4348 isapnp - ok

19:39:47.0674 4348 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

19:39:47.0686 4348 iScsiPrt - ok

19:39:47.0690 4348 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

19:39:47.0699 4348 kbdclass - ok

19:39:47.0703 4348 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

19:39:47.0713 4348 kbdhid - ok

19:39:47.0715 4348 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:39:47.0726 4348 KeyIso - ok

19:39:47.0730 4348 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

19:39:47.0740 4348 KSecDD - ok

19:39:47.0747 4348 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

19:39:47.0757 4348 KSecPkg - ok

19:39:47.0760 4348 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

19:39:47.0785 4348 ksthunk - ok

19:39:47.0797 4348 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

19:39:47.0826 4348 KtmRm - ok

19:39:47.0835 4348 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

19:39:47.0863 4348 LanmanServer - ok

19:39:47.0869 4348 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

19:39:47.0896 4348 LanmanWorkstation - ok

19:39:47.0912 4348 LBTServ (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

19:39:47.0924 4348 LBTServ - ok

19:39:47.0931 4348 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys

19:39:47.0940 4348 LHidFilt - ok

19:39:47.0949 4348 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

19:39:47.0952 4348 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

19:39:47.0952 4348 LightScribeService - detected UnsignedFile.Multi.Generic (1)

19:39:47.0957 4348 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

19:39:47.0982 4348 lltdio - ok

19:39:47.0993 4348 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

19:39:48.0021 4348 lltdsvc - ok

19:39:48.0024 4348 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

19:39:48.0050 4348 lmhosts - ok

19:39:48.0055 4348 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys

19:39:48.0064 4348 LMouFilt - ok

19:39:48.0071 4348 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

19:39:48.0081 4348 LSI_FC - ok

19:39:48.0086 4348 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

19:39:48.0096 4348 LSI_SAS - ok

19:39:48.0100 4348 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:39:48.0110 4348 LSI_SAS2 - ok

19:39:48.0115 4348 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:39:48.0126 4348 LSI_SCSI - ok

19:39:48.0131 4348 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

19:39:48.0157 4348 luafv - ok

19:39:48.0192 4348 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

19:39:48.0201 4348 MBAMProtector - ok

19:39:48.0244 4348 MBAMService (ba400ed640bca1eae5c727ae17c10207) e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

19:39:48.0258 4348 MBAMService - ok

19:39:48.0262 4348 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

19:39:48.0274 4348 Mcx2Svc - ok

19:39:48.0277 4348 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

19:39:48.0286 4348 megasas - ok

19:39:48.0296 4348 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

19:39:48.0308 4348 MegaSR - ok

19:39:48.0319 4348 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) E:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

19:39:48.0327 4348 Microsoft Office Groove Audit Service - ok

19:39:48.0331 4348 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:39:48.0358 4348 MMCSS - ok

19:39:48.0361 4348 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

19:39:48.0387 4348 Modem - ok

19:39:48.0391 4348 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

19:39:48.0402 4348 monitor - ok

19:39:48.0406 4348 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys

19:39:48.0417 4348 motandroidusb - ok

19:39:48.0421 4348 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys

19:39:48.0433 4348 motccgp - ok

19:39:48.0437 4348 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys

19:39:48.0449 4348 motccgpfl - ok

19:39:48.0453 4348 MotDev (3cc500c9b0e4d476802d277353cb2c89) C:\Windows\system32\DRIVERS\motodrv.sys

19:39:48.0464 4348 MotDev - ok

19:39:48.0468 4348 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys

19:39:48.0480 4348 motmodem - ok

19:39:48.0489 4348 MotoHelper (9dfd34e6841c460b5d992a1c5327ae69) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

19:39:48.0498 4348 MotoHelper - ok

19:39:48.0501 4348 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys

19:39:48.0510 4348 MotoSwitchService - ok

19:39:48.0514 4348 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys

19:39:48.0523 4348 Motousbnet - ok

19:39:48.0526 4348 motusbdevice (d075b1d964a314d240f5498773ee89df) C:\Windows\system32\DRIVERS\motusbdevice.sys

19:39:48.0538 4348 motusbdevice - ok

19:39:48.0543 4348 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

19:39:48.0552 4348 mouclass - ok

19:39:48.0557 4348 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

19:39:48.0567 4348 mouhid - ok

19:39:48.0571 4348 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

19:39:48.0581 4348 mountmgr - ok

19:39:48.0587 4348 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

19:39:48.0598 4348 mpio - ok

19:39:48.0604 4348 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

19:39:48.0629 4348 mpsdrv - ok

19:39:48.0636 4348 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

19:39:48.0650 4348 MRxDAV - ok

19:39:48.0656 4348 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:39:48.0666 4348 mrxsmb - ok

19:39:48.0676 4348 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:39:48.0687 4348 mrxsmb10 - ok

19:39:48.0693 4348 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:39:48.0703 4348 mrxsmb20 - ok

19:39:48.0707 4348 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

19:39:48.0716 4348 msahci - ok

19:39:48.0722 4348 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

19:39:48.0732 4348 msdsm - ok

19:39:48.0738 4348 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

19:39:48.0750 4348 MSDTC - ok

19:39:48.0757 4348 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

19:39:48.0782 4348 Msfs - ok

19:39:48.0785 4348 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

19:39:48.0810 4348 mshidkmdf - ok

19:39:48.0813 4348 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

19:39:48.0822 4348 msisadrv - ok

19:39:48.0829 4348 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

19:39:48.0856 4348 MSiSCSI - ok

19:39:48.0858 4348 msiserver - ok

19:39:48.0863 4348 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

19:39:48.0888 4348 MSKSSRV - ok

19:39:48.0891 4348 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

19:39:48.0916 4348 MSPCLOCK - ok

19:39:48.0919 4348 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

19:39:48.0944 4348 MSPQM - ok

19:39:48.0956 4348 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

19:39:48.0969 4348 MsRPC - ok

19:39:48.0974 4348 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

19:39:48.0983 4348 mssmbios - ok

19:39:48.0987 4348 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

19:39:49.0012 4348 MSTEE - ok

19:39:49.0015 4348 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

19:39:49.0024 4348 MTConfig - ok

19:39:49.0029 4348 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

19:39:49.0038 4348 Mup - ok

19:39:49.0053 4348 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

19:39:49.0082 4348 napagent - ok

19:39:49.0094 4348 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

19:39:49.0108 4348 NativeWifiP - ok

19:39:49.0135 4348 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

19:39:49.0154 4348 NDIS - ok

19:39:49.0158 4348 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

19:39:49.0184 4348 NdisCap - ok

19:39:49.0187 4348 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

19:39:49.0213 4348 NdisTapi - ok

19:39:49.0217 4348 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

19:39:49.0242 4348 Ndisuio - ok

19:39:49.0249 4348 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

19:39:49.0274 4348 NdisWan - ok

19:39:49.0279 4348 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

19:39:49.0303 4348 NDProxy - ok

19:39:49.0308 4348 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

19:39:49.0333 4348 NetBIOS - ok

19:39:49.0342 4348 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

19:39:49.0368 4348 NetBT - ok

19:39:49.0372 4348 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:39:49.0382 4348 Netlogon - ok

19:39:49.0394 4348 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

19:39:49.0422 4348 Netman - ok

19:39:49.0437 4348 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

19:39:49.0467 4348 netprofm - ok

19:39:49.0474 4348 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:39:49.0483 4348 NetTcpPortSharing - ok

19:39:49.0487 4348 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

19:39:49.0496 4348 nfrd960 - ok

19:39:49.0508 4348 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

19:39:49.0536 4348 NlaSvc - ok

19:39:49.0539 4348 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

19:39:49.0565 4348 Npfs - ok

19:39:49.0569 4348 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

19:39:49.0596 4348 nsi - ok

19:39:49.0599 4348 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

19:39:49.0624 4348 nsiproxy - ok

19:39:49.0671 4348 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

19:39:49.0696 4348 Ntfs - ok

19:39:49.0719 4348 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

19:39:49.0744 4348 Null - ok

19:39:49.0750 4348 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

19:39:49.0761 4348 nvraid - ok

19:39:49.0767 4348 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

19:39:49.0778 4348 nvstor - ok

19:39:49.0784 4348 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

19:39:49.0794 4348 nv_agp - ok

19:39:49.0809 4348 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

19:39:49.0821 4348 odserv - ok

19:39:49.0825 4348 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

19:39:49.0836 4348 ohci1394 - ok

19:39:49.0842 4348 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:39:49.0851 4348 ose - ok

19:39:49.0864 4348 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:39:49.0877 4348 p2pimsvc - ok

19:39:49.0890 4348 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

19:39:49.0904 4348 p2psvc - ok

19:39:49.0910 4348 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

19:39:49.0920 4348 Parport - ok

19:39:49.0924 4348 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

19:39:49.0934 4348 partmgr - ok

19:39:49.0941 4348 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

19:39:49.0957 4348 PcaSvc - ok

19:39:49.0961 4348 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys

19:39:49.0969 4348 pccsmcfd - ok

19:39:49.0977 4348 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

19:39:49.0987 4348 pci - ok

19:39:49.0990 4348 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

19:39:49.0999 4348 pciide - ok

19:39:50.0007 4348 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

19:39:50.0019 4348 pcmcia - ok

19:39:50.0022 4348 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

19:39:50.0032 4348 pcw - ok

19:39:50.0050 4348 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

19:39:50.0080 4348 PEAUTH - ok

19:39:50.0100 4348 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

19:39:50.0111 4348 PerfHost - ok

19:39:50.0169 4348 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

19:39:50.0205 4348 pla - ok

19:39:50.0218 4348 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

19:39:50.0232 4348 PlugPlay - ok

19:39:50.0236 4348 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

19:39:50.0246 4348 PNRPAutoReg - ok

19:39:50.0257 4348 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:39:50.0270 4348 PNRPsvc - ok

19:39:50.0277 4348 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys

19:39:50.0285 4348 Point64 - ok

19:39:50.0300 4348 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

19:39:50.0329 4348 PolicyAgent - ok

19:39:50.0337 4348 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

19:39:50.0366 4348 Power - ok

19:39:50.0372 4348 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

19:39:50.0397 4348 PptpMiniport - ok

19:39:50.0401 4348 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

19:39:50.0411 4348 Processor - ok

19:39:50.0419 4348 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

19:39:50.0446 4348 ProfSvc - ok

19:39:50.0450 4348 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:39:50.0460 4348 ProtectedStorage - ok

19:39:50.0467 4348 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

19:39:50.0492 4348 Psched - ok

19:39:50.0533 4348 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

19:39:50.0557 4348 ql2300 - ok

19:39:50.0583 4348 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

19:39:50.0593 4348 ql40xx - ok

19:39:50.0602 4348 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

19:39:50.0618 4348 QWAVE - ok

19:39:50.0622 4348 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

19:39:50.0635 4348 QWAVEdrv - ok

19:39:50.0637 4348 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

19:39:50.0663 4348 RasAcd - ok

19:39:50.0667 4348 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:39:50.0693 4348 RasAgileVpn - ok

19:39:50.0698 4348 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

19:39:50.0726 4348 RasAuto - ok

19:39:50.0732 4348 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:39:50.0757 4348 Rasl2tp - ok

19:39:50.0768 4348 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

19:39:50.0796 4348 RasMan - ok

19:39:50.0802 4348 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

19:39:50.0828 4348 RasPppoe - ok

19:39:50.0833 4348 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

19:39:50.0859 4348 RasSstp - ok

19:39:50.0869 4348 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

19:39:50.0895 4348 rdbss - ok

19:39:50.0899 4348 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

19:39:50.0910 4348 rdpbus - ok

19:39:50.0913 4348 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:39:50.0938 4348 RDPCDD - ok

19:39:50.0943 4348 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

19:39:50.0969 4348 RDPENCDD - ok

19:39:50.0973 4348 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

19:39:50.0998 4348 RDPREFMP - ok

19:39:51.0006 4348 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

19:39:51.0017 4348 RDPWD - ok

19:39:51.0025 4348 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

19:39:51.0036 4348 rdyboost - ok

19:39:51.0042 4348 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

19:39:51.0068 4348 RemoteAccess - ok

19:39:51.0076 4348 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

19:39:51.0103 4348 RemoteRegistry - ok

19:39:51.0106 4348 RimUsb - ok

19:39:51.0111 4348 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

19:39:51.0119 4348 RimVSerPort - ok

19:39:51.0123 4348 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys

19:39:51.0148 4348 ROOTMODEM - ok

19:39:51.0152 4348 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

19:39:51.0180 4348 RpcEptMapper - ok

19:39:51.0182 4348 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

19:39:51.0193 4348 RpcLocator - ok

19:39:51.0210 4348 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:39:51.0240 4348 RpcSs - ok

19:39:51.0245 4348 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

19:39:51.0271 4348 rspndr - ok

19:39:51.0280 4348 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys

19:39:51.0290 4348 RTHDMIAzAudService - ok

19:39:51.0301 4348 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys

19:39:51.0312 4348 RTL8167 - ok

19:39:51.0316 4348 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:39:51.0326 4348 SamSs - ok

19:39:51.0332 4348 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

19:39:51.0342 4348 sbp2port - ok

19:39:51.0391 4348 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

19:39:51.0410 4348 SBSDWSCService - ok

19:39:51.0418 4348 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

19:39:51.0446 4348 SCardSvr - ok

19:39:51.0450 4348 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

19:39:51.0474 4348 scfilter - ok

19:39:51.0565 4348 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

19:39:51.0599 4348 Schedule - ok

19:39:51.0604 4348 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:39:51.0629 4348 SCPolicySvc - ok

19:39:51.0636 4348 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

19:39:51.0648 4348 SDRSVC - ok

19:39:51.0654 4348 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:39:51.0680 4348 secdrv - ok

19:39:51.0683 4348 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

19:39:51.0710 4348 seclogon - ok

19:39:51.0714 4348 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

19:39:51.0741 4348 SENS - ok

19:39:51.0745 4348 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

19:39:51.0756 4348 SensrSvc - ok

19:39:51.0763 4348 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

19:39:51.0773 4348 Serenum - ok

19:39:51.0778 4348 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

19:39:51.0788 4348 Serial - ok

19:39:51.0792 4348 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

19:39:51.0802 4348 sermouse - ok

19:39:51.0825 4348 ServiceLayer (668043f192ab9659761a349a4703600d) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

19:39:51.0839 4348 ServiceLayer - ok

19:39:51.0850 4348 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

19:39:51.0877 4348 SessionEnv - ok

19:39:51.0880 4348 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

19:39:51.0891 4348 sffdisk - ok

19:39:51.0894 4348 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

19:39:51.0906 4348 sffp_mmc - ok

19:39:51.0909 4348 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

19:39:51.0920 4348 sffp_sd - ok

19:39:51.0923 4348 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

19:39:51.0933 4348 sfloppy - ok

19:39:51.0945 4348 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

19:39:51.0974 4348 SharedAccess - ok

19:39:51.0986 4348 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

19:39:52.0016 4348 ShellHWDetection - ok

19:39:52.0020 4348 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:39:52.0029 4348 SiSRaid2 - ok

19:39:52.0034 4348 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

19:39:52.0044 4348 SiSRaid4 - ok

19:39:52.0049 4348 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

19:39:52.0075 4348 Smb - ok

19:39:52.0082 4348 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

19:39:52.0094 4348 SNMPTRAP - ok

19:39:52.0097 4348 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

19:39:52.0106 4348 spldr - ok

19:39:52.0123 4348 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

19:39:52.0153 4348 Spooler - ok

19:39:52.0246 4348 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

19:39:52.0299 4348 sppsvc - ok

19:39:52.0320 4348 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

19:39:52.0348 4348 sppuinotify - ok

19:39:52.0375 4348 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\system32\Drivers\sptd.sys

19:39:52.0376 4348 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51de15ca5c05bca46d8b110cd00a02fb

19:39:52.0377 4348 sptd ( LockedFile.Multi.Generic ) - warning

19:39:52.0377 4348 sptd - detected LockedFile.Multi.Generic (1)

19:39:52.0392 4348 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

19:39:52.0404 4348 srv - ok

19:39:52.0418 4348 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

19:39:52.0430 4348 srv2 - ok

19:39:52.0437 4348 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

19:39:52.0448 4348 srvnet - ok

19:39:52.0455 4348 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

19:39:52.0484 4348 SSDPSRV - ok

19:39:52.0488 4348 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

19:39:52.0516 4348 SstpSvc - ok

19:39:52.0540 4348 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) e:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

19:39:52.0546 4348 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning

19:39:52.0546 4348 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)

19:39:52.0550 4348 Steam Client Service - ok

19:39:52.0555 4348 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

19:39:52.0564 4348 stexstor - ok

19:39:52.0582 4348 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

19:39:52.0601 4348 stisvc - ok

19:39:52.0604 4348 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

19:39:52.0613 4348 swenum - ok

19:39:52.0629 4348 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

19:39:52.0660 4348 swprv - ok

19:39:52.0708 4348 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

19:39:52.0735 4348 SysMain - ok

19:39:52.0758 4348 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

19:39:52.0773 4348 TabletInputService - ok

19:39:52.0784 4348 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

19:39:52.0812 4348 TapiSrv - ok

19:39:52.0817 4348 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

19:39:52.0845 4348 TBS - ok

19:39:52.0899 4348 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

19:39:52.0927 4348 Tcpip - ok

19:39:52.0999 4348 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

19:39:53.0027 4348 TCPIP6 - ok

19:39:53.0052 4348 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

19:39:53.0077 4348 tcpipreg - ok

19:39:53.0082 4348 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

19:39:53.0091 4348 TDPIPE - ok

19:39:53.0094 4348 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

19:39:53.0104 4348 TDTCP - ok

19:39:53.0110 4348 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

19:39:53.0135 4348 tdx - ok

19:39:53.0139 4348 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

19:39:53.0149 4348 TermDD - ok

19:39:53.0169 4348 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

19:39:53.0200 4348 TermService - ok

19:39:53.0204 4348 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

19:39:53.0219 4348 Themes - ok

19:39:53.0242 4348 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:39:53.0269 4348 THREADORDER - ok

19:39:53.0275 4348 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

19:39:53.0303 4348 TrkWks - ok

19:39:53.0311 4348 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

19:39:53.0336 4348 TrustedInstaller - ok

19:39:53.0342 4348 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:39:53.0366 4348 tssecsrv - ok

19:39:53.0371 4348 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

19:39:53.0381 4348 TsUsbFlt - ok

19:39:53.0387 4348 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

19:39:53.0412 4348 tunnel - ok

19:39:53.0417 4348 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

19:39:53.0426 4348 uagp35 - ok

19:39:53.0437 4348 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

19:39:53.0464 4348 udfs - ok

19:39:53.0472 4348 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

19:39:53.0485 4348 UI0Detect - ok

19:39:53.0489 4348 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

19:39:53.0499 4348 uliagpkx - ok

19:39:53.0504 4348 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

19:39:53.0514 4348 umbus - ok

19:39:53.0517 4348 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

19:39:53.0527 4348 UmPass - ok

19:39:53.0539 4348 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

19:39:53.0568 4348 upnphost - ok

19:39:53.0576 4348 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

19:39:53.0585 4348 USBAAPL64 - ok

19:39:53.0591 4348 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

19:39:53.0604 4348 usbaudio - ok

19:39:53.0609 4348 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

19:39:53.0619 4348 usbccgp - ok

19:39:53.0625 4348 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

19:39:53.0637 4348 usbcir - ok

19:39:53.0641 4348 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

19:39:53.0651 4348 usbehci - ok

19:39:53.0663 4348 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

19:39:53.0674 4348 usbhub - ok

19:39:53.0678 4348 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

19:39:53.0688 4348 usbohci - ok

19:39:53.0691 4348 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

19:39:53.0703 4348 usbprint - ok

19:39:53.0707 4348 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

19:39:53.0719 4348 usbscan - ok

19:39:53.0723 4348 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys

19:39:53.0733 4348 usbser - ok

19:39:53.0738 4348 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:39:53.0748 4348 USBSTOR - ok

19:39:53.0751 4348 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

19:39:53.0761 4348 usbuhci - ok

19:39:53.0765 4348 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

19:39:53.0793 4348 UxSms - ok

19:39:53.0796 4348 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:39:53.0807 4348 VaultSvc - ok

19:39:53.0811 4348 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

19:39:53.0820 4348 vdrvroot - ok

19:39:53.0836 4348 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

19:39:53.0866 4348 vds - ok

19:39:53.0871 4348 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

19:39:53.0882 4348 vga - ok

19:39:53.0886 4348 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

19:39:53.0911 4348 VgaSave - ok

19:39:53.0919 4348 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

19:39:53.0930 4348 vhdmp - ok

19:39:53.0934 4348 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

19:39:53.0943 4348 viaide - ok

19:39:53.0947 4348 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

19:39:53.0957 4348 volmgr - ok

19:39:53.0969 4348 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

19:39:53.0982 4348 volmgrx - ok

19:39:53.0992 4348 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

19:39:54.0004 4348 volsnap - ok

19:39:54.0011 4348 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

19:39:54.0022 4348 vsmraid - ok

19:39:54.0065 4348 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

19:39:54.0103 4348 VSS - ok

19:39:54.0126 4348 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

19:39:54.0138 4348 vwifibus - ok

19:39:54.0151 4348 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

19:39:54.0181 4348 W32Time - ok

19:39:54.0186 4348 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

19:39:54.0196 4348 WacomPen - ok

19:39:54.0202 4348 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:39:54.0227 4348 WANARP - ok

19:39:54.0229 4348 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:39:54.0254 4348 Wanarpv6 - ok

19:39:54.0291 4348 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

19:39:54.0312 4348 WatAdminSvc - ok

19:39:54.0354 4348 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

19:39:54.0376 4348 wbengine - ok

19:39:54.0401 4348 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

19:39:54.0417 4348 WbioSrvc - ok

19:39:54.0429 4348 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

19:39:54.0447 4348 wcncsvc - ok

19:39:54.0451 4348 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

19:39:54.0462 4348 WcsPlugInService - ok

19:39:54.0468 4348 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

19:39:54.0478 4348 Wd - ok

19:39:54.0497 4348 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

19:39:54.0513 4348 Wdf01000 - ok

19:39:54.0518 4348 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:39:54.0534 4348 WdiServiceHost - ok

19:39:54.0536 4348 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:39:54.0551 4348 WdiSystemHost - ok

19:39:54.0561 4348 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

19:39:54.0578 4348 WebClient - ok

19:39:54.0587 4348 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

19:39:54.0616 4348 Wecsvc - ok

19:39:54.0621 4348 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

19:39:54.0649 4348 wercplsupport - ok

19:39:54.0654 4348 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

19:39:54.0682 4348 WerSvc - ok

19:39:54.0689 4348 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

19:39:54.0714 4348 WfpLwf - ok

19:39:54.0718 4348 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

19:39:54.0727 4348 WIMMount - ok

19:39:54.0731 4348 WinHttpAutoProxySvc - ok

19:39:54.0743 4348 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

19:39:54.0770 4348 Winmgmt - ok

19:39:54.0825 4348 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

19:39:54.0866 4348 WinRM - ok

19:39:54.0893 4348 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

19:39:54.0905 4348 WinUsb - ok

19:39:54.0930 4348 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

19:39:54.0952 4348 Wlansvc - ok

19:39:54.0955 4348 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

19:39:54.0965 4348 WmiAcpi - ok

19:39:54.0976 4348 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

19:39:54.0988 4348 wmiApSrv - ok

19:39:54.0991 4348 WMPNetworkSvc - ok

19:39:54.0996 4348 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

19:39:55.0007 4348 WPCSvc - ok

19:39:55.0013 4348 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

19:39:55.0026 4348 WPDBusEnum - ok

19:39:55.0030 4348 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

19:39:55.0055 4348 ws2ifsl - ok

19:39:55.0058 4348 WSearch - ok

19:39:55.0123 4348 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

19:39:55.0168 4348 wuauserv - ok

19:39:55.0193 4348 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

19:39:55.0219 4348 WudfPf - ok

19:39:55.0226 4348 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:39:55.0252 4348 WUDFRd - ok

19:39:55.0257 4348 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

19:39:55.0284 4348 wudfsvc - ok

19:39:55.0293 4348 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

19:39:55.0309 4348 WwanSvc - ok

19:39:55.0318 4348 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

19:39:55.0335 4348 \Device\Harddisk0\DR0 - ok

19:39:55.0338 4348 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1

19:39:55.0359 4348 \Device\Harddisk1\DR1 - ok

19:39:55.0361 4348 Boot (0x1200) (28ab4e145d94a5d0e4546e9adb132c41) \Device\Harddisk0\DR0\Partition0

19:39:55.0362 4348 \Device\Harddisk0\DR0\Partition0 - ok

19:39:55.0365 4348 Boot (0x1200) (9821bf7f2763306ab5fa84f3080d3cc4) \Device\Harddisk0\DR0\Partition1

19:39:55.0366 4348 \Device\Harddisk0\DR0\Partition1 - ok

19:39:55.0368 4348 Boot (0x1200) (4e09bdd97d682251f5510ed0bf0bb6e8) \Device\Harddisk1\DR1\Partition0

19:39:55.0369 4348 \Device\Harddisk1\DR1\Partition0 - ok

19:39:55.0371 4348 Boot (0x1200) (61b1b40b18537a221ec1e04955ac8e9c) \Device\Harddisk1\DR1\Partition1

19:39:55.0378 4348 \Device\Harddisk1\DR1\Partition1 - ok

19:39:55.0378 4348 ============================================================

19:39:55.0378 4348 Scan finished

19:39:55.0378 4348 ============================================================

19:39:55.0385 3604 Detected object count: 4

19:39:55.0385 3604 Actual detected object count: 4

19:39:58.0082 3604 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

19:39:58.0082 3604 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:39:58.0083 3604 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

19:39:58.0083 3604 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:39:58.0084 3604 sptd ( LockedFile.Multi.Generic ) - skipped by user

19:39:58.0084 3604 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

19:39:58.0086 3604 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user

19:39:58.0086 3604 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:40:00.0107 4108 Deinitialize success

[MrCharlie]

That scan was clean, just some unsigned files.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[alasdairt]

ComboFix 12-05-03.02 - Al 03/05/2012 20:06:48.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16381.12663 [GMT 1:00]

Running from: c:\users\Al\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Al\AppData\Local\assembly\tmp

c:\users\Al\AppData\Local\Temp\mietp.dll

c:\windows\assembly\temp\@

c:\windows\assembly\temp\cfg.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-04-03 to 2012-05-03 )))))))))))))))))))))))))))))))

.

.

2012-05-03 19:09 . 2012-05-03 19:09 -------- d-----w- c:\users\Kids\AppData\Local\temp

2012-05-03 19:09 . 2012-05-03 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-02 17:07 . 2012-05-02 17:07 -------- d-sh--w- c:\users\Al\AppData\Roaming\Common

2012-04-30 18:52 . 2012-04-30 18:52 457632 ----a-w- C:\FixExec.exe

2012-04-30 18:44 . 2012-04-30 18:48 -------- d-----w- c:\programdata\B7E85B3B00000AA700005E17B4EB2367

2012-04-30 18:32 . 2012-04-30 18:32 -------- d-----w- c:\windows\Sun

2012-04-30 17:36 . 2012-04-30 17:36 -------- d--h--w- c:\programdata\CanonIJScan

2012-04-30 17:36 . 2012-04-30 17:36 -------- d-----w- c:\users\Al\AppData\Roaming\Canon

2012-04-30 17:36 . 2012-04-30 17:36 -------- d-----w- c:\program files (x86)\Canon

2012-04-30 17:20 . 2012-04-30 17:20 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2012-04-30 17:19 . 2008-07-16 08:39 235008 ----a-w- c:\windows\system32\CNQ9601O.DLL

2012-04-30 17:19 . 2010-12-17 14:32 495104 ----a-w- c:\windows\system32\CNQ9601L.DLL

2012-04-30 17:19 . 2008-10-07 10:21 92672 ----a-w- c:\windows\system32\CNQ9601I.DLL

2012-04-30 17:19 . 2008-10-07 10:21 1342976 ----a-w- c:\windows\system32\CNQ9601C.DLL

2012-04-30 17:19 . 2008-08-25 17:02 17920 ----a-w- c:\windows\system32\CNHMCA6.DLL

2012-04-29 12:42 . 2012-04-29 12:42 -------- d-----w- c:\users\Kids\AppData\Roaming\Logitech

2012-04-29 12:42 . 2012-04-29 12:42 -------- d-----w- c:\users\Kids\AppData\Roaming\Apple Computer

2012-04-29 12:42 . 2012-04-29 12:42 -------- d-----w- c:\users\Kids\AppData\Local\Adobe

2012-04-29 07:46 . 2012-04-29 07:46 -------- d-----w- c:\programdata\CCP

2012-04-28 16:28 . 2012-04-28 17:34 -------- d-----w- c:\users\Al\AppData\Roaming\PCF-VLC

2012-04-28 16:27 . 2012-04-28 16:27 -------- d-----w- c:\users\Al\AppData\Roaming\Participatory Culture Foundation

2012-04-28 16:26 . 2012-04-28 16:26 -------- d-----w- c:\program files (x86)\Participatory Culture Foundation

2012-04-28 15:42 . 2012-04-28 15:42 -------- d-----w- c:\users\Al\AppData\Local\CCP

2012-04-27 21:33 . 2012-04-27 21:33 -------- d-----w- c:\program files (x86)\iLivid

2012-04-27 19:35 . 2012-04-27 19:35 -------- d-----w- c:\users\Al\AppData\Local\Skyrim

2012-04-27 16:33 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C32B9BEE-0D50-476F-916E-55408480AF77}\mpengine.dll

2012-04-26 02:00 . 2012-04-26 02:00 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-04-25 20:46 . 2012-04-25 20:46 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-04-24 18:30 . 2012-04-25 21:28 -------- d-----w- c:\users\Al\AppData\Local\Motosftemp

2012-04-24 18:23 . 2012-05-03 19:10 -------- d-----w- C:\Temp

2012-04-24 18:23 . 2012-04-24 18:23 -------- d-----w- c:\program files\Motorola Inc

2012-04-19 15:24 . 2012-04-19 15:36 -------- d-----w- c:\users\Al\.android

2012-04-11 02:01 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 02:01 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-11 02:01 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-11 02:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 02:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 02:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 02:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 02:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-11 02:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-11 02:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-10 12:26 . 2012-04-10 12:26 -------- d-----w- c:\users\Kids\AppData\Local\Apple

2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 14:56 . 2011-12-04 09:42 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr

2012-03-06 23:15 . 2011-02-14 22:21 41184 ----a-w- c:\windows\avastSS.scr

2012-03-06 23:15 . 2011-02-14 22:21 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-03-06 23:15 . 2011-02-14 22:21 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-06 23:04 . 2011-02-26 18:02 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-06 23:04 . 2011-02-14 22:21 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-06 23:02 . 2012-03-27 15:54 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-03-06 23:01 . 2011-02-14 22:21 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-06 23:01 . 2011-02-14 22:21 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-03-06 23:01 . 2011-02-14 22:21 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-02-24 12:19 . 2012-02-24 12:19 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-02-24 12:19 . 2012-02-24 12:19 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-02-24 12:19 . 2012-02-24 12:19 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-02-24 12:19 . 2012-02-24 12:19 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-02-23 09:18 . 2011-02-14 18:46 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-13 19:06 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-13 19:06 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-13 19:06 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-13 19:06 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-13 19:09 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-13 19:09 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-07 10:02 . 2012-02-07 10:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Al\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Al\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Al\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcoholAutomount"="e:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]

"SpybotSD TeaTimer"="e:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"DisplayFusion"="e:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2012-05-02 4419488]

"Steam"="e:\program files (x86)\Steam\steam.exe" [2011-10-17 1242448]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="e:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="e:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"avast"="e:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]

"GrooveMonitor"="e:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

.

c:\users\Al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2011-11-25 0]

Dropbox.lnk - c:\users\Al\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-26 27264496]

.

c:\users\Al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled

OneNote 2007 Screen Clipper and Launcher.lnk - e:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled

PS3 Media Server.lnk - e:\program files (x86)\PS3 Media Server\PMS.exe [2011-7-5 432749]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19 136176]

R2 MBAMService;MBAMService;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-02-18 25640]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19 136176]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-06-07 30528]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]

R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-24 365568]

S2 ASTRA64;ASTRA64 Kernel Driver 1.0.0.1;e:\program files (x86)\ASTRA32\ASTRA64.sys [2007-02-22 21200]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]

S2 SBSDWSCService;SBSD Security Center Service;e:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8408e57-3867-11e0-a278-1c6f658bd1c1}]

\shell\AutoRun\command - G:\INSTALL.EXE

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19 09:09]

.

2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19 09:09]

.

2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3569113882-3445991305-3262552411-1000Core.job

- c:\users\Al\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-14 18:30]

.

2012-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3569113882-3445991305-3262552411-1000UA.job

- c:\users\Al\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-14 18:30]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 135408 ----a-w- e:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Al\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Al\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Al\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Al\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;192.168.*.*

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{AA1CF23E-6632-41D9-B700-20B5D1B1738F}: NameServer = 208.67.222.222,208.67.220.220

.

- - - - ORPHANS REMOVED - - - -

.

Notify-LBTWlgn - (no file)

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

AddRemove-Smart Fortress 2012 - c:\programdata\B7E85B3B00000AA700005E17B4EB2367\B7E85B3B00000AA700005E17B4EB2367.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

e:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

e:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

.

**************************************************************************

.

Completion time: 2012-05-03 20:13:17 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-03 19:13

.

Pre-Run: 16,005,185,536 bytes free

Post-Run: 16,782,917,632 bytes free

.

- - End Of File - - 77AA7DE8610AB3CA0B0B89FDB6DA5176

[alasdairt]

HI. Just a note. I did disable all the Avast! shields (as per the guidance in link), but ComboFIx still reported that Avast! was still running - I think this was just the UI minmised to the tray as I couldnt find anything else to disable and it doesnt have a convenient option to turn it off! Cheers

[MrCharlie]

HI. Just a note. I did disable all the Avast! shields (as per the guidance in link), but ComboFIx still reported that Avast! was still running - I think this was just the UI minmised to the tray as I couldnt find anything else to disable and it doesnt have a convenient option to turn it off! Cheers

Don't worry about it.

------------------------------------------------------------

Can you have a look at this folder and see what's it and do you recognize it.

c:\programdata\B7E85B3B00000AA700005E17B4EB2367

-------------------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

[alasdairt]

No idea what that folder is in ProgramData

Extras.Txt

OTL.Txt

[MrCharlie]

Not much showing....

Please do this:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  
  :OTL
  O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
  O3 - HKU\S-1-5-21-3569113882-3445991305-3262552411-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
  
  :Commands
  [EMPTYJAVA]
  [emptytemp]
  

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  

Let me know if there's any improvement, MrC

[alasdairt]

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.

Registry value HKEY_USERS\S-1-5-21-3569113882-3445991305-3262552411-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.

========== COMMANDS ==========

[EMPTYJAVA]

User: Al

->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Kids

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Al

->Temp folder emptied: 634 bytes

->Temporary Internet Files folder emptied: 35502659 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 35922214 bytes

->Flash cache emptied: 172004 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56466 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Kids

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 113762702 bytes

->Flash cache emptied: 82310 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 5 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 6032 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 177.00 mb

OTL by OldTimer - Version 3.2.42.2 log created on 05032012_222939

[MrCharlie]

Is there any improvement?? MrC

[alasdairt]

Hard to say as the warning comes up at random intervals. I havent had the warning box come up whilst we've been running all these scans but that could be because I havent really been looking at any web pages except for refreshing this one. I'll spend some time online tomorrow night and see if the problem has gone away. Thanks for all the help!

[MrCharlie]

OK, let me know.....MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!