Claro Search redirect problem [Archive]

View Full Version : Claro Search redirect problem

jpc763

2012-11-27, 16:23

Hello,

I have gotten the Claro Search redirect infection on my laptop. It takes over both Chrome and IE8.

I have read the "BEFORE You POST" section.

I ran SpyBot yesterday (twice) and it detected and removed Claro and Babylon but Claro is still there.

Here is the top of the log from yesterday's first SpyBot scan
Search results from Spybot - Search & Destroy

11/26/2012 3:58:11 PM
Scan took 00:18:33.
363 items found.

Babylon.Toolbar: [SBI $DEB52F26] Program directory (Directory, nothing done)
C:\ProgramData\Babylon\

Babylon.Toolbar: [SBI $DEB52F26] Program directory (Directory, nothing done)
C:\Users\johnc\AppData\Roaming\Babylon\
Directory.subfile=C:\Users\johnc\AppData\Roaming\Babylon\log_file.txt
Directory.subfile.size=8708
Directory.subfile.md5=147F0BF1BE261D172DB6EC6B36612A46
Directory.subfile.filedate=1353956505
Directory.subfile.filedatetext=2012-11-26 12:01:45

Claro.Toolbar: [SBI $47170986] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\claro.claroappCore

Here are the results from the second scan

Search results from Spybot - Search & Destroy

11/26/2012 4:16:48 PM
Scan took 00:13:23.
14 items found.

DoubleClick: [SBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-8915387-2129677417-1971066577-7837\Software\Microsoft\DirectInput\MostRecentApplication\Name

Registry Backup - DONE!

DDS Log

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.3.1
Run by JohnC at 16:32:50 on 2012-11-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3262.1503 [GMT -7:00]
.
AV: Symantec Endpoint Protection.cloud *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Symantec Endpoint Protection.cloud *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection.cloud *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\Druva\inSync\inSyncCPHwnet.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Druva\inSync\inSync.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.1.0.24\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.1.0.24\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\RightFax\FaxCtrl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Druva\inSync\inSyncGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Druva\inSync\inSyncUSyncer.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe
C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe
C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe
c:\program files\symantec.cloud\antivirus\ssDVAgent.exe
C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.1.0.24\ccSvcHst.exe
C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\conhost.exe
C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
C:\PROGRA~1\TIGERT~1\HOLIDA~1\HOLIDA~1.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\program files\coupon companion\coupon companion-bg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/;_ylc=X3oDMTB1bTdjdnNyBF9TAzI3MTk0ODEEbG5rA215BHRpZANUcnZsU21wbA--
BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - c:\program files\coupon companion\Coupon Companion.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\symantec.cloud\endpointprotectionagent\engine\20.1.0.24\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec.cloud\endpointprotectionagent\engine\20.1.0.24\ips\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\symantec.cloud\endpointprotectionagent\engine\20.1.0.24\CoIEPlg.dll
uRun: [Google Update] "c:\users\johnc\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [GoogleRdrNotify] "c:\program files\yonizaf\grain google reader notifier\GoogleReaderNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RightFAX Print-to-Fax Driver] c:\program files\rightfax\FaxCtrl.exe
mRun: [CaddieSyncConduit] c:\program files\skygolf\caddiesync express\CaddieSyncExpress.exe
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SymantecPaui] "c:\program files\symantec.cloud\platformagent\PAUI.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Druva inSync] c:\program files\druva\insync\inSyncGUI.exe -l en
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\users\johnc\appdata\roaming\micros~1\windows\startm~1\programs\startup\holida~1.lnk - c:\program files\tiger technologies\holiday lights\Holiday Lights.exe
StartupFolder: c:\users\johnc\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\johnc\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: {01614D85-E2FC-40AC-BAB5-24CE29E94DB4} - hxxp://jpcfishcam.dyndns.org:1024/img/Viewer.cab
DPF: {174793AA-EAE2-4188-AFA5-064BE26901B1} - hxxp://www.digitalgsp.com/xvr/CXRMS_1,1,0,1.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://isecure.spectralogic.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.200.70 192.168.200.71
TCP: Interfaces\{8735282F-B28C-4E68-A87B-0934AB3765E6} : DHCPNameServer = 192.168.200.70 192.168.200.71
TCP: Interfaces\{D08F5DBC-3172-41D1-81C8-54C76756A629} : DHCPNameServer = 192.168.200.70 192.168.200.71
TCP: Interfaces\{D08F5DBC-3172-41D1-81C8-54C76756A629}\3427F677C656976416D696C697 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{D1EA2FC0-4CD4-4335-9279-27AA7301D965} : DHCPNameServer = 192.168.200.70 192.168.200.71
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-9-30 17072]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1401000.018\SymDS.sys [2012-10-15 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1401000.018\SymEFA.sys [2012-10-15 926880]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.0.24\definitions\bashdefs\20121106.001\BHDrvx86.sys [2012-10-23 995488]
R1 ccSet_Cloud;CC Standalone Settings Manager;c:\windows\system32\drivers\symantec.cloud\ccSetx86.sys [2012-8-31 132768]
R1 ccSet_NIS;Endpoint Protection.cloud Settings Manager;c:\windows\system32\drivers\nis\1401000.018\ccSetx86.sys [2012-10-15 134304]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.0.24\definitions\ipsdefs\20121123.001\IDSvix86.sys [2012-11-26 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1401000.018\Ironx86.sys [2012-10-15 175264]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1401000.018\symnets.sys [2012-10-15 338592]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-9-30 81920]
R2 Browser Manager;Browser Manager;c:\programdata\browser manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe [2012-11-26 2402840]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-23 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-23 27040]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 386928]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-9-30 13336]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-9-30 60928]
R2 inSyncCPHService;Druva inSync Client Service;c:\program files\druva\insync\inSyncCPHwnet.exe [2012-9-14 171008]
R2 NIS;Endpoint Protection.cloud;c:\program files\symantec.cloud\endpointprotectionagent\engine\20.1.0.24\ccSvcHst.exe [2012-10-15 143928]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-8-25 59904]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-11-26 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-11-26 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-11-26 168384]
R2 SsPaAdm;Symantec.cloud Cloud Agent;c:\program files\symantec.cloud\platformagent\ccSvcHst.exe [2012-8-31 138272]
R2 ssSpnAv;Symantec.cloud Endpoint Protection;c:\program files\symantec.cloud\antivirus\AVAgent.exe [2012-10-15 409040]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-9-30 2533400]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-9-30 42672]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-8-25 33832]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-8-25 224424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-10 106656]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-11-20 113152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CAATT;AT&T Con App Svc;c:\program files\at&t\communication manager\ConAppsSvc.exe [2008-11-20 125440]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-2-18 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-2-8 59648]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-12-28 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-12-28 269824]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-8-25 48640]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-8-25 38912]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-20 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-12 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-11-26 22:38:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-26 22:37:54 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-11-26 22:37:50 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-11-26 22:36:43 -------- d-----w- c:\users\johnc\appdata\local\Programs
2012-11-26 19:01:45 37888 ----a-w- c:\windows\system32\Holiday Lights.scr
2012-11-26 19:01:37 -------- d-----w- c:\program files\Tiger Technologies
2012-11-26 19:01:33 -------- d-----w- c:\users\johnc\appdata\roaming\Claro
2012-11-26 19:01:32 -------- d-----w- c:\windows\system32\searchplugins
2012-11-26 19:01:32 -------- d-----w- c:\windows\system32\Extensions
2012-11-26 19:01:28 -------- d-----w- c:\users\johnc\appdata\local\Coupon Companion
2012-11-26 19:01:28 -------- d-----w- c:\programdata\Browser Manager
2012-11-26 19:01:23 -------- d-----w- c:\program files\Coupon Companion
2012-11-15 10:49:20 -------- d-----w- c:\users\johnc\inSync Share
2012-11-14 14:53:15 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 14:53:14 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 18:00:16 -------- d-----w- C:\inSync4
2012-11-07 18:00:13 -------- d-----w- c:\program files\Druva
.
==================== Find3M ====================
.
2012-11-15 14:43:03 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-15 14:43:03 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-15 14:17:33 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 19:57:38 132768 ----a-r- c:\windows\system32\drivers\symantec.cloud\ccSetx86.sys
2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: TOSHIBA_ rev.LH00 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83E12000]<< >>UNKNOWN [0x8D59B000]<< >>UNKNOWN [0x8D58A000]<< >>UNKNOWN [0x8D7F7000]<< >>UNKNOWN [0x8CC9A000]<< >>UNKNOWN [0x84225000]<< >>UNKNOWN [0x8CE28000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83E48BC5] -> \Device\Harddisk0\DR0[0x8921F418]
\Driver\Disk[0x8921D550] -> IRP_MJ_CREATE -> 0x8D59F39F
3 [0x8D59F59E] -> ntkrnlpa!IofCallDriver[0x83E48BC5] -> [0x8921F970]
\Driver\stdflt[0x891C76E8] -> IRP_MJ_CREATE -> 0x8D7F752E
5 [0x8D7F870C] -> ntkrnlpa!IofCallDriver[0x83E48BC5] -> [0x8767EA50]
\Driver\ACPI[0x868B6030] -> IRP_MJ_CREATE -> 0x8CCA34CC
7 [0x8CCA33D4] -> ntkrnlpa!IofCallDriver[0x83E48BC5] -> \Device\Ide\IAAStorageDevice-1[0x87262028]
\Driver\iaStor[0x8767CF38] -> IRP_MJ_CREATE -> 0x8CE4EE36
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 16:51:06.50 ===============

aswMBR LOG

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-27 07:43:39
-----------------------------
07:43:39.668 OS Version: Windows 6.1.7601 Service Pack 1
07:43:39.668 Number of processors: 8 586 0x1E05
07:43:39.668 ComputerName: JOHNCROWLEY1 UserName: JohnC
07:44:11.540 Initialize success
07:44:19.418 AVAST engine defs: 12112601
07:44:24.660 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:44:24.675 Disk 0 Vendor: TOSHIBA_ LH00 Size: 476940MB BusType: 8
07:44:25.159 Disk 0 MBR read successfully
07:44:25.175 Disk 0 MBR scan
07:44:25.190 Disk 0 Windows VISTA default MBR code
07:44:25.190 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
07:44:25.206 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 30021 MB offset 81920
07:44:25.237 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 446870 MB offset 61577145
07:44:25.253 Disk 0 scanning sectors +976768065
07:44:25.331 Disk 0 scanning C:\Windows\system32\drivers
07:44:37.265 Service scanning
07:45:08.279 Modules scanning
07:45:16.095 Disk 0 trace - called modules:
07:45:16.126 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdfltn.sys ACPI.sys halmacpi.dll iaStor.sys
07:45:16.469 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89220030]
07:45:16.469 3 CLASSPNP.SYS[8d59459e] -> nt!IofCallDriver -> [0x8921f780]
07:45:16.485 5 stdfltn.sys[8d7c570c] -> nt!IofCallDriver -> [0x872c0908]
07:45:16.500 7 ACPI.sys[8cca93d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x872c6028]
07:45:19.027 AVAST engine scan C:\Windows
07:45:22.304 AVAST engine scan C:\Windows\system32
07:48:22.423 AVAST engine scan C:\Windows\system32\drivers
07:48:39.677 AVAST engine scan C:\Users\johnc
08:02:28.285 AVAST engine scan C:\ProgramData
08:03:24.570 Scan finished successfully
08:04:53.101 Disk 0 MBR has been saved successfully to "C:\Users\johnc\Desktop\MBR.dat"
08:04:53.132 The log file has been saved successfully to "C:\Users\johnc\Desktop\aswMBR.txt"

Thanks in advance for your help.

John

shelf life

2012-12-02, 19:31

hi jpc763,

Your post is a few days old. If you still need help simple reply back.

jpc763

2012-12-02, 19:43

I do still need help. I was waiting for a response.

shelf life

2012-12-02, 22:32

ok. Start with this:

Please download Junkware Removal tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shutdown your antivirus to avoid any conflicts.
Double click the icon or Right click for Vista/W7,8 and select Run as administrator.
The tool will open and start scanning.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your reply

jpc763

2012-12-03, 16:36

I have run JRT and here are the results.

Of note: IE seems to be better. When I open an additional tab, it does not got to Claro. Chrome on the other hand still opens to Claro regardless of how I set the browser up.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.7.7 (12.02.2012:4)
OS: Windows 7 Professional x86
Ran by JohnC on Mon 12/03/2012 at 8:16:33.31
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] Browser Manager
Successfully deleted: [Service] Browser Manager

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bProtector Start Page
Failed to delete: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bProtectorDefaultScope
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-8915387-2129677417-1971066577-7837\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_classes_root\escort.escortiepane"
Successfully deleted: [Registry Key] "hkey_classes_root\escort.escortiepane.1"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\crossrider"
Successfully deleted: [Registry Key] "hkey_current_user\software\cr_installer"
Failed to delete: [Registry Key]"hkey_current_user\software\datamngr"
Failed to delete: [Registry Key]"hkey_current_user\software\datamngr_toolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\installedbrowserextensions"
Failed to delete: [Registry Key]"hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings"
Successfully deleted: [Registry Key] "hkey_local_machine\software\babylon"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escort.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escortapp.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escorteng.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escortlbr.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\esrv.exe"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\prod.cap"
Failed to delete: [Registry Key]"hkey_local_machine\software\datamngr"
Successfully deleted: [Registry Key] "hkey_local_machine\software\freeze.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs"
Failed to delete: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{11111111-1111-1111-1111-110011441193}

~~~ Files

~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\browser manager"
Successfully deleted: [Folder] "C:\Users\johnc\AppData\Roaming\claro"
Successfully deleted: [Folder] "C:\Users\johnc\appdata\local\coupon companion"
Successfully deleted: [Folder] "C:\Users\johnc\appdata\locallow\claro ltd"
Successfully deleted: [Folder] "C:\Program Files\coupon companion"
Successfully deleted: [Folder] "C:\Users\johnc\AppData\Roaming\microsoft\windows\start menu\programs\browser manager"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/03/2012 at 8:31:53.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks, John

shelf life

2012-12-03, 22:22

One more download to get.

Please Download:

TDSSkiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) .exe to your desktop

Right Click the icon and select run as admin. then click Change Parameters. Check the option: Detect TDLFS file system, then click ok and Start Scan

Once the scan is done you will find a .txt file in your root drive Local Disk, usually (C) labeled as: TDSSKILLER.2.8.13.0_15.10.2012_17.34.06_log.txt (version,date time)

Please copy/paste the log file in your reply.

jpc763

2012-12-03, 22:52

The log is too big either to attach or to cut/paste.

Should I zip it?

shelf life

2012-12-04, 00:52

Yes a zip attachment or just break it up into several posts, either way.

jpc763

2012-12-04, 00:54

14:35:43.0681 1260 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:35:44.0040 1260 ============================================================
14:35:44.0040 1260 Current date / time: 2012/12/03 14:35:44.0040
14:35:44.0040 1260 SystemInfo:
14:35:44.0040 1260
14:35:44.0040 1260 OS Version: 6.1.7601 ServicePack: 1.0
14:35:44.0040 1260 Product type: Workstation
14:35:44.0040 1260 ComputerName: JOHNCROWLEY1
14:35:44.0040 1260 UserName: JohnC
14:35:44.0040 1260 Windows directory: C:\Windows
14:35:44.0040 1260 System windows directory: C:\Windows
14:35:44.0040 1260 Processor architecture: Intel x86
14:35:44.0040 1260 Number of processors: 8
14:35:44.0040 1260 Page size: 0x1000
14:35:44.0040 1260 Boot type: Normal boot
14:35:44.0040 1260 ============================================================
14:35:44.0867 1260 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:35:44.0929 1260 ============================================================
14:35:44.0929 1260 \Device\Harddisk0\DR0:
14:35:44.0929 1260 MBR partitions:
14:35:44.0929 1260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x3AA2800
14:35:44.0929 1260 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3AB97B9, BlocksNum 0x368CB488
14:35:44.0929 1260 ============================================================
14:35:45.0007 1260 C: <-> \Device\Harddisk0\DR0\Partition2
14:35:45.0007 1260 ============================================================
14:35:45.0007 1260 Initialize success
14:35:45.0007 1260 ============================================================
14:36:09.0702 5948 ============================================================
14:36:09.0702 5948 Scan started
14:36:09.0702 5948 Mode: Manual; TDLFS;
14:36:09.0702 5948 ============================================================
14:36:11.0715 5948 ================ Scan system memory ========================
14:36:11.0715 5948 System memory - ok
14:36:11.0715 5948 ================ Scan services =============================
14:36:12.0136 5948 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:36:12.0136 5948 1394ohci - ok
14:36:12.0230 5948 [ AF1F178B0218B44876E63BF0B019E96B ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
14:36:12.0230 5948 Acceler - ok
14:36:12.0276 5948 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:36:12.0276 5948 ACPI - ok
14:36:12.0323 5948 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:36:12.0323 5948 AcpiPmi - ok
14:36:12.0417 5948 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:36:12.0417 5948 AdobeARMservice - ok
14:36:12.0495 5948 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:36:12.0495 5948 AdobeFlashPlayerUpdateSvc - ok
14:36:12.0542 5948 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:36:12.0557 5948 adp94xx - ok
14:36:12.0588 5948 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:36:12.0604 5948 adpahci - ok
14:36:12.0620 5948 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:36:12.0620 5948 adpu320 - ok
14:36:12.0682 5948 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:36:12.0682 5948 AeLookupSvc - ok
14:36:12.0698 5948 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Program Files\IDT\WDM\aestsrv.exe
14:36:12.0713 5948 AESTFilters - ok
14:36:12.0776 5948 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
14:36:12.0776 5948 AFD - ok
14:36:12.0791 5948 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
14:36:12.0807 5948 agp440 - ok
14:36:12.0822 5948 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
14:36:12.0822 5948 aic78xx - ok
14:36:12.0838 5948 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
14:36:12.0838 5948 ALG - ok
14:36:12.0838 5948 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
14:36:12.0838 5948 aliide - ok
14:36:12.0869 5948 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:36:12.0869 5948 amdagp - ok
14:36:12.0885 5948 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
14:36:12.0885 5948 amdide - ok
14:36:12.0916 5948 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:36:12.0916 5948 AmdK8 - ok
14:36:12.0932 5948 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:36:12.0932 5948 AmdPPM - ok
14:36:12.0963 5948 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:36:12.0963 5948 amdsata - ok
14:36:12.0978 5948 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:36:12.0994 5948 amdsbs - ok
14:36:13.0010 5948 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:36:13.0010 5948 amdxata - ok
14:36:13.0041 5948 [ 83299C470907B54BB861B7AD55011871 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
14:36:13.0056 5948 ApfiltrService - ok
14:36:13.0072 5948 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
14:36:13.0072 5948 AppID - ok
14:36:13.0103 5948 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:36:13.0119 5948 AppIDSvc - ok
14:36:13.0134 5948 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
14:36:13.0134 5948 Appinfo - ok
14:36:13.0228 5948 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:36:13.0228 5948 Apple Mobile Device - ok
14:36:13.0290 5948 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
14:36:13.0290 5948 AppMgmt - ok
14:36:13.0322 5948 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
14:36:13.0322 5948 arc - ok
14:36:13.0353 5948 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:36:13.0353 5948 arcsas - ok
14:36:13.0384 5948 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:36:13.0384 5948 AsyncMac - ok
14:36:13.0431 5948 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
14:36:13.0431 5948 atapi - ok
14:36:13.0493 5948 [ 4EB5ADF22AC7B2B7721BA361B8D6603F ] ATTRcAppSvc C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
14:36:13.0509 5948 ATTRcAppSvc - ok
14:36:13.0540 5948 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:36:13.0540 5948 AudioEndpointBuilder - ok
14:36:13.0556 5948 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:36:13.0571 5948 Audiosrv - ok
14:36:13.0587 5948 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:36:13.0602 5948 AxInstSV - ok
14:36:13.0634 5948 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
14:36:13.0634 5948 b06bdrv - ok
14:36:13.0665 5948 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
14:36:13.0680 5948 b57nd60x - ok
14:36:13.0712 5948 BCM42RLY - ok
14:36:13.0821 5948 [ 00D52A116EA425D36E614B273F62DAD3 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
14:36:13.0836 5948 BCM43XX - ok
14:36:13.0868 5948 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
14:36:13.0868 5948 BDESVC - ok
14:36:13.0883 5948 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
14:36:13.0883 5948 Beep - ok
14:36:13.0930 5948 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
14:36:13.0930 5948 BFE - ok
14:36:14.0133 5948 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20121106.001\BHDrvx86.sys
14:36:14.0148 5948 BHDrvx86 - ok
14:36:14.0180 5948 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
14:36:14.0195 5948 BITS - ok
14:36:14.0242 5948 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:36:14.0258 5948 blbdrive - ok
14:36:14.0320 5948 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:36:14.0320 5948 Bonjour Service - ok
14:36:14.0382 5948 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:36:14.0382 5948 bowser - ok
14:36:14.0414 5948 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:36:14.0414 5948 BrFiltLo - ok
14:36:14.0429 5948 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:36:14.0429 5948 BrFiltUp - ok
14:36:14.0460 5948 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
14:36:14.0460 5948 Browser - ok
14:36:14.0507 5948 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:36:14.0507 5948 Brserid - ok
14:36:14.0538 5948 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:36:14.0538 5948 BrSerWdm - ok
14:36:14.0554 5948 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:36:14.0554 5948 BrUsbMdm - ok
14:36:14.0570 5948 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:36:14.0570 5948 BrUsbSer - ok
14:36:14.0601 5948 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
14:36:14.0601 5948 BthEnum - ok
14:36:14.0632 5948 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:36:14.0632 5948 BTHMODEM - ok
14:36:14.0679 5948 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:36:14.0679 5948 BthPan - ok
14:36:14.0741 5948 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
14:36:14.0757 5948 BTHPORT - ok
14:36:14.0772 5948 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
14:36:14.0772 5948 bthserv - ok
14:36:14.0788 5948 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
14:36:14.0788 5948 BTHUSB - ok
14:36:14.0850 5948 [ D9846A19208E76604E1074BB30228AC8 ] buttonsvc32 c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
14:36:14.0850 5948 buttonsvc32 - ok
14:36:14.0897 5948 [ AB544970F0BAE8D7FEA708155226936A ] CAATT C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
14:36:14.0913 5948 CAATT - ok
14:36:14.0975 5948 [ 79C0FE53D0E1FA53F83ED333F2E9ED1E ] ccSet_Cloud C:\Windows\system32\Drivers\Symantec.cloud\ccSetx86.sys
14:36:14.0975 5948 ccSet_Cloud - ok
14:36:15.0053 5948 [ 41CD31307E054F878EA3FD7F7D2C2922 ] ccSet_NIS C:\Windows\system32\drivers\NIS\1401000.018\ccSetx86.sys
14:36:15.0069 5948 ccSet_NIS - ok
14:36:15.0084 5948 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:36:15.0084 5948 cdfs - ok
14:36:15.0131 5948 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:36:15.0131 5948 cdrom - ok
14:36:15.0178 5948 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
14:36:15.0178 5948 CertPropSvc - ok
14:36:15.0209 5948 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:36:15.0209 5948 circlass - ok
14:36:15.0272 5948 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
14:36:15.0287 5948 CLFS - ok
14:36:15.0365 5948 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:36:15.0381 5948 clr_optimization_v2.0.50727_32 - ok
14:36:15.0459 5948 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:36:15.0474 5948 clr_optimization_v4.0.30319_32 - ok
14:36:15.0490 5948 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:36:15.0490 5948 CmBatt - ok
14:36:15.0506 5948 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:36:15.0506 5948 cmdide - ok
14:36:15.0568 5948 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
14:36:15.0584 5948 CNG - ok
14:36:15.0599 5948 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:36:15.0599 5948 Compbatt - ok
14:36:15.0630 5948 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:36:15.0630 5948 CompositeBus - ok
14:36:15.0630 5948 COMSysApp - ok
14:36:15.0646 5948 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:36:15.0646 5948 crcdisk - ok
14:36:15.0708 5948 [ 09FEA7FBD6A29E3941A2FFC6F7AEB818 ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
14:36:15.0724 5948 Credential Vault Host Control Service - ok
14:36:15.0724 5948 [ 45BF153D51ED8790DE8F8446B11DEB57 ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
14:36:15.0724 5948 Credential Vault Host Storage - ok
14:36:15.0771 5948 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:36:15.0771 5948 CryptSvc - ok
14:36:15.0818 5948 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
14:36:15.0833 5948 CSC - ok
14:36:15.0849 5948 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
14:36:15.0849 5948 CscService - ok
14:36:15.0880 5948 [ D1697063E2CDB6575AA46D668FFEE825 ] cvusbdrv C:\Windows\system32\Drivers\cvusbdrv.sys
14:36:15.0896 5948 cvusbdrv - ok
14:36:15.0927 5948 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
14:36:15.0942 5948 DcomLaunch - ok
14:36:16.0005 5948 [ 55AFBB8E560018221911E9FF9F5CF637 ] dcpsysmgrsvc c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
14:36:16.0005 5948 dcpsysmgrsvc - ok
14:36:16.0036 5948 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
14:36:16.0052 5948 defragsvc - ok
14:36:16.0098 5948 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:36:16.0098 5948 DfsC - ok
14:36:16.0130 5948 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:36:16.0130 5948 Dhcp - ok
14:36:16.0145 5948 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
14:36:16.0161 5948 discache - ok
14:36:16.0176 5948 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:36:16.0192 5948 Disk - ok
14:36:16.0208 5948 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:36:16.0208 5948 Dnscache - ok
14:36:16.0239 5948 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
14:36:16.0239 5948 dot3svc - ok
14:36:16.0270 5948 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
14:36:16.0270 5948 DPS - ok
14:36:16.0301 5948 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:36:16.0301 5948 drmkaud - ok
14:36:16.0348 5948 [ E6B6DD5A355C432045219FAD8512FB70 ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
14:36:16.0348 5948 dsNcAdpt - ok
14:36:16.0426 5948 [ CE235D0AF501D4A622B0B8CFE7963B32 ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
14:36:16.0442 5948 dsNcService - ok
14:36:16.0488 5948 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:36:16.0504 5948 DXGKrnl - ok
14:36:16.0520 5948 [ 19E30C3C80D8CE29944B3F30FF9C8B76 ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys
14:36:16.0535 5948 e1kexpress - ok
14:36:16.0582 5948 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
14:36:16.0582 5948 EapHost - ok
14:36:16.0676 5948 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
14:36:16.0707 5948 ebdrv - ok
14:36:16.0769 5948 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:36:16.0769 5948 eeCtrl - ok
14:36:16.0800 5948 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
14:36:16.0800 5948 EFS - ok
14:36:16.0847 5948 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:36:16.0863 5948 ehRecvr - ok
14:36:16.0894 5948 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
14:36:16.0910 5948 ehSched - ok
14:36:16.0941 5948 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:36:16.0956 5948 elxstor - ok
14:36:16.0988 5948 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:36:16.0988 5948 EraserUtilRebootDrv - ok
14:36:17.0003 5948 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:36:17.0019 5948 ErrDev - ok
14:36:17.0066 5948 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
14:36:17.0066 5948 EventSystem - ok
14:36:17.0190 5948 [ A57BE3307ADA2FC086B5B43135735283 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:36:17.0206 5948 EvtEng - ok
14:36:17.0253 5948 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
14:36:17.0253 5948 exfat - ok
14:36:17.0315 5948 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:36:17.0315 5948 fastfat - ok
14:36:17.0346 5948 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
14:36:17.0346 5948 Fax - ok
14:36:17.0378 5948 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:36:17.0378 5948 fdc - ok
14:36:17.0409 5948 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
14:36:17.0409 5948 fdPHost - ok
14:36:17.0424 5948 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
14:36:17.0424 5948 FDResPub - ok
14:36:17.0471 5948 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:36:17.0471 5948 FileInfo - ok
14:36:17.0487 5948 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:36:17.0487 5948 Filetrace - ok
14:36:17.0502 5948 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:36:17.0518 5948 flpydisk - ok
14:36:17.0534 5948 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:36:17.0534 5948 FltMgr - ok
14:36:17.0596 5948 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll
14:36:17.0612 5948 FontCache - ok
14:36:17.0658 5948 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:36:17.0658 5948 FontCache3.0.0.0 - ok
14:36:17.0690 5948 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:36:17.0690 5948 FsDepends - ok
14:36:17.0705 5948 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:36:17.0705 5948 Fs_Rec - ok
14:36:17.0721 5948 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:36:17.0736 5948 fvevol - ok
14:36:17.0768 5948 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:36:17.0768 5948 gagp30kx - ok
14:36:17.0799 5948 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:36:17.0799 5948 GEARAspiWDM - ok
14:36:17.0846 5948 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
14:36:17.0846 5948 gpsvc - ok
14:36:17.0908 5948 [ 20A940D96E69BE65F9B6E4695BAAC6DC ] GT72NDISIPXP C:\Windows\system32\DRIVERS\Gt51Ip.sys
14:36:17.0908 5948 GT72NDISIPXP - ok
14:36:17.0924 5948 [ 1678D49EA3E76CCABDE89D7B26D5061C ] GT72UBUS C:\Windows\system32\DRIVERS\gt72ubus.sys
14:36:17.0924 5948 GT72UBUS - ok
14:36:17.0955 5948 [ 346DDAEFA04E49AD804EE12D4BAA0ED3 ] GTPTSER C:\Windows\system32\DRIVERS\gtptser.sys
14:36:17.0955 5948 GTPTSER - ok
14:36:18.0017 5948 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:36:18.0017 5948 gupdate - ok
14:36:18.0033 5948 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:36:18.0033 5948 gupdatem - ok
14:36:18.0080 5948 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:36:18.0080 5948 gusvc - ok
14:36:18.0111 5948 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:36:18.0111 5948 hcw85cir - ok
14:36:18.0189 5948 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:36:18.0204 5948 HdAudAddService - ok
14:36:18.0236 5948 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:36:18.0236 5948 HDAudBus - ok
14:36:18.0267 5948 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
14:36:18.0267 5948 HECI - ok
14:36:18.0282 5948 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:36:18.0282 5948 HidBatt - ok
14:36:18.0298 5948 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:36:18.0314 5948 HidBth - ok
14:36:18.0329 5948 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:36:18.0329 5948 HidIr - ok
14:36:18.0345 5948 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
14:36:18.0360 5948 hidserv - ok
14:36:18.0376 5948 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:36:18.0376 5948 HidUsb - ok
14:36:18.0392 5948 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:36:18.0407 5948 hkmsvc - ok
14:36:18.0423 5948 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:36:18.0423 5948 HomeGroupListener - ok
14:36:18.0454 5948 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:36:18.0454 5948 HomeGroupProvider - ok
14:36:18.0470 5948 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:36:18.0470 5948 HpSAMD - ok
14:36:18.0516 5948 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:36:18.0532 5948 HTTP - ok
14:36:18.0548 5948 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:36:18.0548 5948 hwpolicy - ok
14:36:18.0594 5948 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:36:18.0594 5948 i8042prt - ok
14:36:18.0641 5948 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:36:18.0641 5948 iaStor - ok
14:36:18.0688 5948 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:36:18.0688 5948 IAStorDataMgrSvc - ok
14:36:18.0719 5948 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:36:18.0735 5948 iaStorV - ok
14:36:18.0828 5948 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:36:18.0844 5948 IDriverT - ok
14:36:18.0891 5948 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:36:18.0906 5948 idsvc - ok
14:36:18.0984 5948 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20121130.001\IDSvix86.sys
14:36:18.0984 5948 IDSVix86 - ok
14:36:19.0203 5948 [ 0202FBCCD44A92E3A8205123B2D4E8D8 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
14:36:19.0328 5948 igfx - ok
14:36:19.0359 5948 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:36:19.0359 5948 iirsp - ok
14:36:19.0390 5948 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
14:36:19.0406 5948 IKEEXT - ok
14:36:19.0452 5948 [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
14:36:19.0452 5948 Impcd - ok
14:36:19.0499 5948 [ 987A2CC8EC0E86CAA2D8068B1ED7B441 ] InstallFilterService C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
14:36:19.0499 5948 InstallFilterService - ok
14:36:19.0593 5948 [ B8AEB016C2F9B4B90CAA93C9402D36B6 ] inSyncCPHService C:\Program Files\Druva\inSync\inSyncCPHwnet.exe
14:36:19.0593 5948 inSyncCPHService - ok
14:36:19.0640 5948 [ 58AD25D624AF3A05DA5BE3E5739F01BF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
14:36:19.0640 5948 IntcDAud - ok
14:36:19.0671 5948 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
14:36:19.0671 5948 intelide - ok
14:36:19.0702 5948 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:36:19.0702 5948 intelppm - ok
14:36:19.0733 5948 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:36:19.0749 5948 IPBusEnum - ok
14:36:19.0764 5948 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:36:19.0764 5948 IpFilterDriver - ok
14:36:19.0796 5948 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:36:19.0811 5948 iphlpsvc - ok
14:36:19.0842 5948 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:36:19.0842 5948 IPMIDRV - ok
14:36:19.0858 5948 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:36:19.0858 5948 IPNAT - ok
14:36:19.0921 5948 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:36:19.0921 5948 iPod Service - ok
14:36:19.0942 5948 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:36:19.0942 5948 IRENUM - ok
14:36:19.0962 5948 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:36:19.0962 5948 isapnp - ok
14:36:19.0982 5948 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:36:19.0982 5948 iScsiPrt - ok
14:36:20.0002 5948 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:36:20.0012 5948 kbdclass - ok
14:36:20.0038 5948 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:36:20.0054 5948 kbdhid - ok
14:36:20.0054 5948 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
14:36:20.0054 5948 KeyIso - ok
14:36:20.0100 5948 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:36:20.0100 5948 KSecDD - ok
14:36:20.0116 5948 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:36:20.0132 5948 KSecPkg - ok
14:36:20.0163 5948 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
14:36:20.0163 5948 KtmRm - ok
14:36:20.0194 5948 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
14:36:20.0194 5948 LanmanServer - ok
14:36:20.0225 5948 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:36:20.0225 5948 LanmanWorkstation - ok
14:36:20.0272 5948 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:36:20.0272 5948 lltdio - ok
14:36:20.0288 5948 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:36:20.0288 5948 lltdsvc - ok
14:36:20.0319 5948 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
14:36:20.0319 5948 lmhosts - ok
14:36:20.0350 5948 [ 19787BF6E2588620C19B5F582B40F652 ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:36:20.0350 5948 LMS - ok
14:36:20.0366 5948 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:36:20.0381 5948 LSI_FC - ok
14:36:20.0381 5948 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:36:20.0381 5948 LSI_SAS - ok
14:36:20.0724 5948 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:36:20.0724 5948 LSI_SAS2 - ok
14:36:20.0740 5948 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:36:20.0740 5948 LSI_SCSI - ok
14:36:20.0771 5948 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
14:36:20.0771 5948 luafv - ok
14:36:20.0802 5948 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:36:20.0802 5948 Mcx2Svc - ok
14:36:20.0880 5948 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
14:36:20.0880 5948 MDM - ok
14:36:20.0912 5948 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:36:20.0912 5948 megasas - ok
14:36:20.0927 5948 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:36:20.0927 5948 MegaSR - ok
14:36:21.0005 5948 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:36:21.0005 5948 Microsoft Office Groove Audit Service - ok
14:36:21.0317 5948 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
14:36:21.0333 5948 MMCSS - ok
14:36:21.0364 5948 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
14:36:21.0364 5948 Modem - ok
14:36:21.0411 5948 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:36:21.0411 5948 monitor - ok
14:36:21.0426 5948 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:36:21.0426 5948 mouclass - ok
14:36:21.0458 5948 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:36:21.0473 5948 mouhid - ok
14:36:21.0489 5948 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:36:21.0489 5948 mountmgr - ok
14:36:21.0520 5948 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
14:36:21.0536 5948 mpio - ok
14:36:21.0551 5948 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:36:21.0551 5948 mpsdrv - ok
14:36:21.0598 5948 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:36:21.0598 5948 MpsSvc - ok
14:36:21.0629 5948 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:36:21.0629 5948 MRxDAV - ok
14:36:21.0660 5948 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:36:21.0660 5948 mrxsmb - ok
14:36:21.0707 5948 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:36:21.0707 5948 mrxsmb10 - ok
14:36:21.0738 5948 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:36:21.0738 5948 mrxsmb20 - ok
14:36:21.0770 5948 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
14:36:21.0770 5948 msahci - ok
14:36:21.0816 5948 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:36:21.0816 5948 msdsm - ok
14:36:21.0832 5948 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
14:36:21.0848 5948 MSDTC - ok
14:36:21.0894 5948 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:36:21.0894 5948 Msfs - ok
14:36:21.0894 5948 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:36:21.0894 5948 mshidkmdf - ok
14:36:21.0926 5948 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:36:21.0926 5948 msisadrv - ok
14:36:21.0941 5948 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:36:21.0941 5948 MSiSCSI - ok
14:36:21.0957 5948 msiserver - ok
14:36:21.0972 5948 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:36:21.0972 5948 MSKSSRV - ok
14:36:21.0988 5948 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:36:21.0988 5948 MSPCLOCK - ok
14:36:21.0988 5948 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:36:21.0988 5948 MSPQM - ok
14:36:22.0004 5948 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:36:22.0004 5948 MsRPC - ok
14:36:22.0019 5948 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:36:22.0019 5948 mssmbios - ok
14:36:22.0035 5948 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:36:22.0035 5948 MSTEE - ok
14:36:22.0050 5948 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:36:22.0050 5948 MTConfig - ok
14:36:22.0066 5948 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
14:36:22.0066 5948 Mup - ok
14:36:22.0113 5948 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
14:36:22.0113 5948 napagent - ok
14:36:22.0144 5948 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:36:22.0160 5948 NativeWifiP - ok
14:36:22.0253 5948 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20121202.007\NAVENG.SYS
14:36:22.0253 5948 NAVENG - ok
14:36:22.0347 5948 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20121202.007\NAVEX15.SYS
14:36:22.0362 5948 NAVEX15 - ok
14:36:22.0409 5948 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:36:22.0425 5948 NDIS - ok
14:36:22.0440 5948 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:36:22.0440 5948 NdisCap - ok
14:36:22.0456 5948 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:36:22.0456 5948 NdisTapi - ok
14:36:22.0503 5948 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:36:22.0518 5948 Ndisuio - ok
14:36:22.0565 5948 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:36:22.0565 5948 NdisWan - ok
14:36:22.0581 5948 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:36:22.0581 5948 NDProxy - ok
14:36:22.0596 5948 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:36:22.0596 5948 NetBIOS - ok
14:36:22.0612 5948 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:36:22.0612 5948 NetBT - ok
14:36:22.0628 5948 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
14:36:22.0643 5948 Netlogon - ok
14:36:22.0659 5948 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
14:36:22.0659 5948 Netman - ok
14:36:22.0674 5948 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
14:36:22.0690 5948 netprofm - ok
14:36:22.0706 5948 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:36:22.0706 5948 NetTcpPortSharing - ok
14:36:22.0846 5948 [ EF51B405AD8ACAAE6F0231290D20F516 ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
14:36:22.0909 5948 NETw5s32 - ok
14:36:22.0950 5948 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:36:22.0950 5948 nfrd960 - ok
14:36:23.0028 5948 [ 8D11DA92F83D8C8281689739BEF05FD5 ] NIS C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.1.0.24\ccSvcHst.exe
14:36:23.0028 5948 NIS - ok
14:36:23.0075 5948 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:36:23.0075 5948 NlaSvc - ok
14:36:23.0091 5948 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:36:23.0091 5948 Npfs - ok
14:36:23.0106 5948 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
14:36:23.0106 5948 nsi - ok
14:36:23.0122 5948 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:36:23.0122 5948 nsiproxy - ok
14:36:23.0200 5948 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:36:23.0216 5948 Ntfs - ok
14:36:23.0262 5948 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
14:36:23.0262 5948 Null - ok
14:36:23.0294 5948 [ 79E97CDAE5449A59A4798FC5B006C58F ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
14:36:23.0294 5948 NVHDA - ok
14:36:23.0652 5948 [ B52A13041ACDB9D9C0D4E092A53C8869 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:36:23.0824 5948 nvlddmkm - ok
14:36:23.0840 5948 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:36:23.0855 5948 nvraid - ok
14:36:23.0871 5948 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:36:23.0871 5948 nvstor - ok
14:36:23.0886 5948 [ D3277C8D726C219D04C56551FCC688DF ] nvsvc C:\Windows\system32\nvvsvc.exe
14:36:23.0886 5948 nvsvc - ok
14:36:23.0902 5948 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:36:23.0902 5948 nv_agp - ok
14:36:23.0964 5948 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:36:23.0964 5948 odserv - ok
14:36:23.0996 5948 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:36:23.0996 5948 ohci1394 - ok
14:36:24.0011 5948 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:36:24.0011 5948 ose - ok
14:36:24.0058 5948 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:36:24.0074 5948 p2pimsvc - ok
14:36:24.0089 5948 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
14:36:24.0105 5948 p2psvc - ok
14:36:24.0152 5948 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:36:24.0152 5948 Parport - ok
14:36:24.0167 5948 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:36:24.0183 5948 partmgr - ok
14:36:24.0214 5948 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
14:36:24.0214 5948 Parvdm - ok
14:36:24.0261 5948 [ 4088C1ECD1F54281A92FA663B0FDC36F ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys
14:36:24.0261 5948 PBADRV - ok
14:36:24.0276 5948 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:36:24.0276 5948 PcaSvc - ok
14:36:24.0308 5948 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
14:36:24.0308 5948 pci - ok
14:36:24.0323 5948 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
14:36:24.0323 5948 pciide - ok
14:36:24.0339 5948 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:36:24.0339 5948 pcmcia - ok
14:36:24.0386 5948 [ 1E715247EFFFDDA938C085913045D599 ] PCTINDIS5 C:\Windows\system32\PCTINDIS5.SYS
14:36:24.0386 5948 PCTINDIS5 - ok
14:36:24.0401 5948 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
14:36:24.0401 5948 pcw - ok

jpc763

2012-12-04, 00:55

14:36:24.0417 5948 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:36:24.0417 5948 PEAUTH - ok
14:36:24.0448 5948 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:36:24.0464 5948 PeerDistSvc - ok
14:36:24.0510 5948 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
14:36:24.0526 5948 pla - ok
14:36:24.0557 5948 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:36:24.0557 5948 PlugPlay - ok
14:36:24.0573 5948 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:36:24.0573 5948 PNRPAutoReg - ok
14:36:24.0588 5948 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:36:24.0588 5948 PNRPsvc - ok
14:36:24.0604 5948 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:36:24.0620 5948 PolicyAgent - ok
14:36:24.0635 5948 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
14:36:24.0651 5948 Power - ok
14:36:24.0666 5948 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:36:24.0666 5948 PptpMiniport - ok
14:36:24.0682 5948 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:36:24.0682 5948 Processor - ok
14:36:24.0713 5948 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
14:36:24.0713 5948 ProfSvc - ok
14:36:24.0729 5948 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:36:24.0729 5948 ProtectedStorage - ok
14:36:24.0776 5948 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:36:24.0776 5948 Psched - ok
14:36:24.0791 5948 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
14:36:24.0791 5948 PxHelp20 - ok
14:36:24.0838 5948 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:36:24.0854 5948 ql2300 - ok
14:36:24.0869 5948 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:36:24.0869 5948 ql40xx - ok
14:36:24.0885 5948 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
14:36:24.0900 5948 QWAVE - ok
14:36:24.0900 5948 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:36:24.0900 5948 QWAVEdrv - ok
14:36:24.0916 5948 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:36:24.0916 5948 RasAcd - ok
14:36:24.0947 5948 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:36:24.0947 5948 RasAgileVpn - ok
14:36:24.0947 5948 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
14:36:24.0963 5948 RasAuto - ok
14:36:24.0978 5948 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:36:24.0978 5948 Rasl2tp - ok
14:36:24.0994 5948 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
14:36:25.0010 5948 RasMan - ok
14:36:25.0025 5948 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:36:25.0025 5948 RasPppoe - ok
14:36:25.0041 5948 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:36:25.0041 5948 RasSstp - ok
14:36:25.0088 5948 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:36:25.0088 5948 rdbss - ok
14:36:25.0103 5948 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:36:25.0103 5948 rdpbus - ok
14:36:25.0119 5948 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:36:25.0119 5948 RDPCDD - ok
14:36:25.0134 5948 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:36:25.0134 5948 RDPDR - ok
14:36:25.0150 5948 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:36:25.0150 5948 RDPENCDD - ok
14:36:25.0213 5948 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:36:25.0213 5948 RDPREFMP - ok
14:36:25.0259 5948 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:36:25.0259 5948 RDPWD - ok
14:36:25.0322 5948 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:36:25.0322 5948 rdyboost - ok
14:36:25.0400 5948 [ A171029D6B6C2D93C22861A347F43C2A ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:36:25.0415 5948 RegSrvc - ok
14:36:25.0447 5948 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
14:36:25.0462 5948 RemoteAccess - ok
14:36:25.0478 5948 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:36:25.0478 5948 RemoteRegistry - ok
14:36:25.0509 5948 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:36:25.0509 5948 RFCOMM - ok
14:36:25.0525 5948 [ E891F07815AF88075705EF6A248711F6 ] rimspci C:\Windows\system32\DRIVERS\rimspe86.sys
14:36:25.0525 5948 rimspci - ok
14:36:25.0556 5948 [ D9B34325EE5DF78B8F28A3DE9F577C7D ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
14:36:25.0556 5948 RimVSerPort - ok
14:36:25.0571 5948 [ 5312F15DBEB47D906DCA2E334DC4C97D ] risdpcie C:\Windows\system32\DRIVERS\risdpe86.sys
14:36:25.0571 5948 risdpcie - ok
14:36:25.0587 5948 [ CF2DE2365FD99E5B8E38C9F3467DCDB8 ] rixdpcie C:\Windows\system32\DRIVERS\rixdpe86.sys
14:36:25.0587 5948 rixdpcie - ok
14:36:25.0618 5948 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
14:36:25.0634 5948 ROOTMODEM - ok
14:36:25.0634 5948 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:36:25.0634 5948 RpcEptMapper - ok
14:36:25.0649 5948 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
14:36:25.0665 5948 RpcLocator - ok
14:36:25.0681 5948 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
14:36:25.0681 5948 RpcSs - ok
14:36:25.0712 5948 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:36:25.0727 5948 rspndr - ok
14:36:25.0743 5948 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:36:25.0743 5948 s3cap - ok
14:36:25.0759 5948 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
14:36:25.0759 5948 SamSs - ok
14:36:25.0774 5948 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:36:25.0774 5948 sbp2port - ok
14:36:25.0821 5948 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:36:25.0821 5948 SCardSvr - ok
14:36:25.0837 5948 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:36:25.0837 5948 scfilter - ok
14:36:25.0868 5948 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
14:36:25.0883 5948 Schedule - ok
14:36:25.0899 5948 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:36:25.0899 5948 SCPolicySvc - ok
14:36:25.0946 5948 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:36:25.0946 5948 SDRSVC - ok
14:36:26.0071 5948 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
14:36:26.0086 5948 SDScannerService - ok
14:36:26.0149 5948 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
14:36:26.0164 5948 SDUpdateService - ok
14:36:26.0180 5948 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
14:36:26.0180 5948 SDWSCService - ok
14:36:26.0211 5948 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:36:26.0211 5948 secdrv - ok
14:36:26.0242 5948 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
14:36:26.0242 5948 seclogon - ok
14:36:26.0320 5948 [ E396FBC469DF73692318DC90AD13CE86 ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
14:36:26.0336 5948 SecureStorageService - ok
14:36:26.0367 5948 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
14:36:26.0367 5948 SENS - ok
14:36:26.0398 5948 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:36:26.0398 5948 SensrSvc - ok
14:36:26.0414 5948 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:36:26.0414 5948 Serenum - ok
14:36:26.0429 5948 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:36:26.0429 5948 Serial - ok
14:36:26.0445 5948 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:36:26.0445 5948 sermouse - ok
14:36:26.0476 5948 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
14:36:26.0476 5948 SessionEnv - ok
14:36:26.0507 5948 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:36:26.0507 5948 sffdisk - ok
14:36:26.0523 5948 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:36:26.0523 5948 sffp_mmc - ok
14:36:26.0539 5948 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:36:26.0539 5948 sffp_sd - ok
14:36:26.0554 5948 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:36:26.0554 5948 sfloppy - ok
14:36:26.0617 5948 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:36:26.0632 5948 SharedAccess - ok
14:36:26.0648 5948 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:36:26.0663 5948 ShellHWDetection - ok
14:36:26.0679 5948 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:36:26.0679 5948 sisagp - ok
14:36:26.0710 5948 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:36:26.0710 5948 SiSRaid2 - ok
14:36:26.0726 5948 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:36:26.0726 5948 SiSRaid4 - ok
14:36:26.0757 5948 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:36:26.0757 5948 Smb - ok
14:36:26.0819 5948 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:36:26.0819 5948 SNMPTRAP - ok
14:36:26.0835 5948 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
14:36:26.0835 5948 spldr - ok
14:36:26.0866 5948 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
14:36:26.0866 5948 Spooler - ok
14:36:26.0929 5948 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
14:36:26.0960 5948 sppsvc - ok
14:36:26.0991 5948 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:36:26.0991 5948 sppuinotify - ok
14:36:27.0069 5948 [ 5CAC2130C217FF7DDBE6D59AC6131F1D ] SRTSP C:\Windows\System32\Drivers\NIS\1401000.018\SRTSP.SYS
14:36:27.0069 5948 SRTSP - ok
14:36:27.0100 5948 [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX C:\Windows\system32\drivers\NIS\1401000.018\SRTSPX.SYS
14:36:27.0100 5948 SRTSPX - ok
14:36:27.0147 5948 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:36:27.0163 5948 srv - ok
14:36:27.0272 5948 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:36:27.0272 5948 srv2 - ok
14:36:27.0287 5948 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:36:27.0287 5948 srvnet - ok
14:36:27.0334 5948 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:36:27.0334 5948 SSDPSRV - ok
14:36:27.0412 5948 [ BE4FEE49B574C1C22A4C0D6503F5EADA ] ssSpnAv C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe
14:36:27.0428 5948 ssSpnAv - ok
14:36:27.0443 5948 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:36:27.0443 5948 SstpSvc - ok
14:36:27.0475 5948 [ 7FFB500CDE13B0706F8AA109961AF22D ] STacSV C:\Program Files\IDT\WDM\STacSV.exe
14:36:27.0475 5948 STacSV - ok
14:36:27.0521 5948 [ A5B83C8050572622E5C43B5B3326A129 ] stdflt C:\Windows\system32\DRIVERS\stdfltn.sys
14:36:27.0521 5948 stdflt - ok
14:36:27.0553 5948 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:36:27.0553 5948 stexstor - ok
14:36:27.0599 5948 [ 698E186AC2DF982B2D26428428155DE1 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
14:36:27.0615 5948 STHDA - ok
14:36:27.0662 5948 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
14:36:27.0677 5948 StiSvc - ok
14:36:27.0724 5948 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:36:27.0724 5948 stllssvr - ok
14:36:27.0755 5948 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:36:27.0755 5948 storflt - ok
14:36:27.0787 5948 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
14:36:27.0802 5948 StorSvc - ok
14:36:27.0818 5948 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:36:27.0818 5948 storvsc - ok
14:36:27.0865 5948 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
14:36:27.0865 5948 swenum - ok
14:36:27.0911 5948 [ 57BBAEF27DC790160245B43EB6DCD576 ] swmsflt C:\Windows\System32\drivers\swmsflt.sys
14:36:27.0911 5948 swmsflt - ok
14:36:27.0958 5948 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
14:36:27.0974 5948 swprv - ok
14:36:28.0036 5948 [ 0004CCDD046A873CFF06427B06BE0B28 ] SymDS C:\Windows\system32\drivers\NIS\1401000.018\SYMDS.SYS
14:36:28.0052 5948 SymDS - ok
14:36:28.0083 5948 [ 4C24298500C31E84F5FDFAE6339902CD ] SymEFA C:\Windows\system32\drivers\NIS\1401000.018\SYMEFA.SYS
14:36:28.0099 5948 SymEFA - ok
14:36:28.0130 5948 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
14:36:28.0130 5948 SymEvent - ok
14:36:28.0161 5948 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\Windows\system32\drivers\NIS\1401000.018\Ironx86.SYS
14:36:28.0161 5948 SymIRON - ok
14:36:28.0192 5948 [ 21698476A90ACAA056B8CFE09A82785F ] SymNetS C:\Windows\System32\Drivers\NIS\1401000.018\SYMNETS.SYS
14:36:28.0192 5948 SymNetS - ok
14:36:28.0239 5948 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
14:36:28.0255 5948 SysMain - ok
14:36:28.0270 5948 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:36:28.0270 5948 TabletInputService - ok
14:36:28.0301 5948 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
14:36:28.0301 5948 TapiSrv - ok
14:36:28.0317 5948 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
14:36:28.0317 5948 TBS - ok
14:36:28.0379 5948 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:36:28.0411 5948 Tcpip - ok
14:36:28.0426 5948 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:36:28.0426 5948 TCPIP6 - ok
14:36:28.0473 5948 [ 9B05AA8089F4EA1BC31208EDE33969F3 ] tcpipBM C:\Windows\system32\drivers\tcpipBM.sys
14:36:28.0489 5948 tcpipBM - ok
14:36:28.0504 5948 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:36:28.0504 5948 tcpipreg - ok
14:36:28.0567 5948 [ 69F1A38A6DBFE682491CB61A596662E3 ] tcsd_win32.exe C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
14:36:28.0598 5948 tcsd_win32.exe - ok
14:36:28.0660 5948 [ A405D39F4DD131954C39114FBA31A5E0 ] TdmService C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
14:36:28.0676 5948 TdmService - ok
14:36:28.0691 5948 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:36:28.0691 5948 TDPIPE - ok
14:36:28.0723 5948 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:36:28.0723 5948 TDTCP - ok
14:36:28.0754 5948 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:36:28.0754 5948 tdx - ok
14:36:28.0785 5948 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:36:28.0785 5948 TermDD - ok
14:36:28.0816 5948 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
14:36:28.0832 5948 TermService - ok
14:36:28.0863 5948 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
14:36:28.0879 5948 Themes - ok
14:36:28.0894 5948 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
14:36:28.0894 5948 THREADORDER - ok
14:36:28.0910 5948 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
14:36:28.0910 5948 TrkWks - ok
14:36:28.0957 5948 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:36:28.0957 5948 TrustedInstaller - ok
14:36:28.0957 5948 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:36:28.0957 5948 tssecsrv - ok
14:36:29.0003 5948 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:36:29.0003 5948 TsUsbFlt - ok
14:36:29.0019 5948 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:36:29.0019 5948 tunnel - ok
14:36:29.0035 5948 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:36:29.0035 5948 uagp35 - ok
14:36:29.0050 5948 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:36:29.0066 5948 udfs - ok
14:36:29.0081 5948 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:36:29.0081 5948 UI0Detect - ok
14:36:29.0113 5948 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:36:29.0113 5948 uliagpkx - ok
14:36:29.0144 5948 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:36:29.0144 5948 umbus - ok
14:36:29.0159 5948 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:36:29.0159 5948 UmPass - ok
14:36:29.0206 5948 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
14:36:29.0222 5948 UmRdpService - ok
14:36:29.0393 5948 [ C82EDE428CBA73D248AF7C3DC5FD048B ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:36:29.0409 5948 UNS - ok
14:36:29.0440 5948 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
14:36:29.0440 5948 upnphost - ok
14:36:29.0471 5948 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
14:36:29.0471 5948 USBAAPL - ok
14:36:29.0518 5948 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:36:29.0518 5948 usbaudio - ok
14:36:29.0581 5948 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:36:29.0581 5948 usbccgp - ok
14:36:29.0596 5948 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:36:29.0612 5948 usbcir - ok
14:36:29.0627 5948 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:36:29.0627 5948 usbehci - ok
14:36:29.0643 5948 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:36:29.0659 5948 usbhub - ok
14:36:29.0690 5948 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:36:29.0690 5948 usbohci - ok
14:36:29.0705 5948 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:36:29.0721 5948 usbprint - ok
14:36:29.0768 5948 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\Windows\system32\DRIVERS\usbser.sys
14:36:29.0768 5948 usbser - ok
14:36:29.0799 5948 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:36:29.0799 5948 USBSTOR - ok
14:36:29.0815 5948 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:36:29.0815 5948 usbuhci - ok
14:36:29.0877 5948 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:36:29.0893 5948 usbvideo - ok
14:36:29.0924 5948 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
14:36:29.0924 5948 UxSms - ok
14:36:29.0939 5948 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
14:36:29.0955 5948 VaultSvc - ok
14:36:29.0955 5948 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:36:29.0955 5948 vdrvroot - ok
14:36:29.0986 5948 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
14:36:30.0002 5948 vds - ok
14:36:30.0033 5948 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:36:30.0033 5948 vga - ok
14:36:30.0049 5948 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:36:30.0049 5948 VgaSave - ok
14:36:30.0080 5948 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:36:30.0080 5948 vhdmp - ok
14:36:30.0095 5948 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:36:30.0095 5948 viaagp - ok
14:36:30.0111 5948 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
14:36:30.0111 5948 ViaC7 - ok
14:36:30.0127 5948 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
14:36:30.0127 5948 viaide - ok
14:36:30.0158 5948 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:36:30.0158 5948 vmbus - ok
14:36:30.0173 5948 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:36:30.0189 5948 VMBusHID - ok
14:36:30.0205 5948 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:36:30.0205 5948 volmgr - ok
14:36:30.0236 5948 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:36:30.0251 5948 volmgrx - ok
14:36:30.0267 5948 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:36:30.0267 5948 volsnap - ok
14:36:30.0283 5948 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:36:30.0283 5948 vsmraid - ok
14:36:30.0314 5948 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
14:36:30.0329 5948 VSS - ok
14:36:30.0329 5948 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:36:30.0345 5948 vwifibus - ok
14:36:30.0376 5948 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:36:30.0376 5948 vwififlt - ok
14:36:30.0392 5948 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:36:30.0392 5948 vwifimp - ok
14:36:30.0423 5948 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
14:36:30.0439 5948 W32Time - ok
14:36:30.0454 5948 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:36:30.0454 5948 WacomPen - ok
14:36:30.0485 5948 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:36:30.0485 5948 WANARP - ok
14:36:30.0485 5948 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:36:30.0485 5948 Wanarpv6 - ok
14:36:30.0563 5948 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:36:30.0579 5948 WatAdminSvc - ok
14:36:30.0626 5948 [ FBF43B275EFC98799E76D57E5437EDEE ] WavxDMgr C:\Windows\system32\DRIVERS\WavxDMgr.sys
14:36:30.0641 5948 WavxDMgr - ok
14:36:30.0688 5948 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
14:36:30.0719 5948 wbengine - ok
14:36:30.0719 5948 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:36:30.0735 5948 WbioSrvc - ok
14:36:30.0751 5948 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:36:30.0766 5948 wcncsvc - ok
14:36:30.0829 5948 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:36:31.0094 5948 WcsPlugInService - ok
14:36:31.0141 5948 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:36:31.0141 5948 Wd - ok
14:36:31.0156 5948 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:36:31.0172 5948 Wdf01000 - ok
14:36:31.0203 5948 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:36:31.0219 5948 WdiServiceHost - ok
14:36:31.0219 5948 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:36:31.0234 5948 WdiSystemHost - ok
14:36:31.0265 5948 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
14:36:31.0265 5948 WebClient - ok
14:36:31.0312 5948 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:36:31.0328 5948 Wecsvc - ok
14:36:31.0359 5948 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:36:31.0375 5948 wercplsupport - ok
14:36:31.0687 5948 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
14:36:31.0702 5948 WerSvc - ok
14:36:31.0718 5948 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:36:31.0733 5948 WfpLwf - ok
14:36:31.0749 5948 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:36:31.0749 5948 WIMMount - ok
14:36:31.0843 5948 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:36:31.0858 5948 WinDefend - ok
14:36:31.0858 5948 WinHttpAutoProxySvc - ok
14:36:31.0936 5948 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:36:31.0936 5948 Winmgmt - ok
14:36:31.0983 5948 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
14:36:31.0999 5948 WinRM - ok
14:36:32.0045 5948 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:36:32.0045 5948 WinUsb - ok
14:36:32.0077 5948 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:36:32.0092 5948 Wlansvc - ok
14:36:32.0186 5948 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:36:32.0186 5948 wlcrasvc - ok
14:36:32.0295 5948 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:36:32.0311 5948 wlidsvc - ok
14:36:32.0326 5948 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:36:32.0326 5948 WmiAcpi - ok
14:36:32.0342 5948 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:36:32.0342 5948 wmiApSrv - ok
14:36:32.0420 5948 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:36:32.0435 5948 WMPNetworkSvc - ok
14:36:32.0482 5948 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:36:32.0498 5948 WPCSvc - ok
14:36:32.0513 5948 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:36:32.0529 5948 WPDBusEnum - ok
14:36:32.0560 5948 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:36:32.0560 5948 ws2ifsl - ok
14:36:32.0576 5948 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
14:36:32.0591 5948 wscsvc - ok
14:36:32.0591 5948 WSearch - ok
14:36:32.0669 5948 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:36:32.0701 5948 wuauserv - ok
14:36:32.0716 5948 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:36:32.0732 5948 WudfPf - ok
14:36:32.0763 5948 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:36:32.0763 5948 WUDFRd - ok
14:36:32.0794 5948 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:36:32.0794 5948 wudfsvc - ok
14:36:32.0810 5948 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:36:32.0825 5948 WwanSvc - ok
14:36:32.0903 5948 ================ Scan global ===============================
14:36:32.0950 5948 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
14:36:32.0966 5948 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
14:36:32.0981 5948 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
14:36:33.0013 5948 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
14:36:33.0044 5948 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
14:36:33.0044 5948 [Global] - ok
14:36:33.0044 5948 ================ Scan MBR ==================================
14:36:33.0059 5948 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:36:34.0354 5948 \Device\Harddisk0\DR0 - ok
14:36:34.0354 5948 ================ Scan VBR ==================================
14:36:34.0385 5948 [ 6C04F1E12CA1737C8CDCE51085E691DB ] \Device\Harddisk0\DR0\Partition1
14:36:34.0385 5948 \Device\Harddisk0\DR0\Partition1 - ok
14:36:34.0401 5948 [ 83562A2C25941A2D32BB97B846E6B9EF ] \Device\Harddisk0\DR0\Partition2
14:36:34.0401 5948 \Device\Harddisk0\DR0\Partition2 - ok
14:36:34.0401 5948 ============================================================
14:36:34.0401 5948 Scan finished
14:36:34.0401 5948 ============================================================
14:36:34.0432 4896 Detected object count: 0
14:36:34.0432 4896 Actual detected object count: 0
14:52:57.0111 5600 Deinitialize success

shelf life

2012-12-04, 01:59

Did you check for any extensions in chrome and try disabling them? settings > extensions

Another download which you can keep and use as a antimalware app;

Please download the free version of Malwarebytes (http://www.malwarebytes.org/products/malwarebytes_free/) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
NOTE: The free version must be updated manually.

jpc763

2012-12-04, 22:17

I checked chrome and I do not have any extensions. I downloaded Malwarebytes and here is the log. It found nothing.

I am going to post a follow up with more info that I have found.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.04.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
JohnC :: JOHNCROWLEY1 [administrator]

12/4/2012 12:27:39 PM
mbam-log-2012-12-04 (12-27-39).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 422505
Time elapsed: 1 hour(s), 25 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

jpc763

2012-12-04, 22:23

In Google Chrome, when I launch the program it starts up in a Claro Search page. When I go to settings, it lists Sign In, On Startup, Appearance, Search Users and Default Browser.

The "On Startup" secion has selected the radio button "Open a specific page or set of pages". When clicking on Set pages, I get:

Claro Search with an address. If I delete that, the next time I go back it is there again.

Internet Explorer *seems* to be fixed but I cannot figure out how to fix chrome.

shelf life

2012-12-05, 01:20

Try this first;

Please download Adwcleaner.exe (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
Right click on AdwCleaner.exe, select run as admin
Click on Search
A logfile will automatically open after the scan has finished
Copy and paste the contents in your reply
You can find the logfile at C:\AdwCleaner[R1].txt as well

jpc763

2012-12-05, 18:49

Here is the AdwCleaner log but I have a question. I subscribe to this thread with email notification. I received an email last night from this thread with a post that said:

"I would completely remove Chrome, reboot and reinstall.

Go to Start > All Programs > Google Chrome > Uninstall Google Chrome.
select the "Also delete browser data" checkbox. After the process is over, reboot machine and reinstall chrome."

When I went to the post, I saw that the above post, not the one in the email. Did you change your mind?

The log:

# AdwCleaner v2.011 - Logfile created 12/05/2012 at 10:46:18
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : JohnC - JOHNCROWLEY1
# Boot Mode : Normal
# Running from : C:\Users\johnc\Desktop\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\Browser Manager

***** [Registry] *****

Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\Claro LTD
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Found : HKLM\Software\Claro LTD
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\johnc\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2638 octets] - [05/12/2012 10:46:18]

########## EOF - C:\AdwCleaner[R1].txt - [2698 octets] ##########

shelf life

2012-12-05, 23:49

Yes i did change my mind. Wanted to try Adwcleaner first. So rerun adwcleaner and this time after the scan click on the Delete button. Machine will reboot and produce a new log after the restart. Post the new log. See if that did the trick.

jpc763

2012-12-06, 00:02

Here is the log. I did see a message during the delete process that said that Google Chrome stopped someone from changing the default search.

Chrome still starts up on the Claro Search page :(

# AdwCleaner v2.011 - Logfile created 12/05/2012 at 15:54:02
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : JohnC - JOHNCROWLEY1
# Boot Mode : Normal
# Running from : C:\Users\johnc\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager

***** [Registry] *****

Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\Claro LTD
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKLM\Software\Claro LTD
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\johnc\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2767 octets] - [05/12/2012 10:46:18]
AdwCleaner[R2].txt - [2827 octets] - [05/12/2012 15:53:26]
AdwCleaner[S1].txt - [2815 octets] - [05/12/2012 15:54:02]

########## EOF - C:\AdwCleaner[S1].txt - [2875 octets] ##########

shelf life

2012-12-06, 01:32

Try setting it back to its defaults by following this link. (http://www.windowsvalley.com/reset-google-chrome-to-default-configuration-without-re-installation/)

jpc763

2012-12-06, 16:20

Try setting it back to its defaults by following this link. (http://www.windowsvalley.com/reset-google-chrome-to-default-configuration-without-re-installation/)

This appears to have fixed the final part of the problem! Thank you!

Is there anything else I should check?

John

shelf life

2012-12-06, 23:07

Ok. Good. Lets revisit something in your initial DDS log. Please rescan and post a new DDS log like you did in your initial post.

jpc763

2012-12-07, 18:28

Here is the new DDS log

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.3.1
Run by JohnC at 10:24:17 on 2012-12-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3262.1797 [GMT -7:00]
.
AV: Symantec Endpoint Protection.cloud *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Symantec Endpoint Protection.cloud *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection.cloud *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\Druva\inSync\inSyncCPHwnet.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Druva\inSync\inSync.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.1.0.24\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe
c:\program files\symantec.cloud\antivirus\ssDVAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.1.0.24\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\20.1.0.24\ccSvcHst.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\RightFax\FaxCtrl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Druva\inSync\inSyncGUI.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tiger Technologies\Holiday Lights\Holiday Lights.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Druva\inSync\inSyncUSyncer.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/;_ylc=X3oDMTB1bTdjdnNyBF9TAzI3MTk0ODEEbG5rA215BHRpZANUcnZsU21wbA--
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\symantec.cloud\endpointprotectionagent\engine\20.1.0.24\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec.cloud\endpointprotectionagent\engine\20.1.0.24\ips\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\symantec.cloud\endpointprotectionagent\engine\20.1.0.24\CoIEPlg.dll
uRun: [Google Update] "c:\users\johnc\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [GoogleRdrNotify] "c:\program files\yonizaf\grain google reader notifier\GoogleReaderNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RightFAX Print-to-Fax Driver] c:\program files\rightfax\FaxCtrl.exe
mRun: [CaddieSyncConduit] c:\program files\skygolf\caddiesync express\CaddieSyncExpress.exe
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SymantecPaui] "c:\program files\symantec.cloud\platformagent\PAUI.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Druva inSync] c:\program files\druva\insync\inSyncGUI.exe -l en
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\users\johnc\appdata\roaming\micros~1\windows\startm~1\programs\startup\holida~1.lnk - c:\program files\tiger technologies\holiday lights\Holiday Lights.exe
StartupFolder: c:\users\johnc\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\johnc\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: {01614D85-E2FC-40AC-BAB5-24CE29E94DB4} - hxxp://jpcfishcam.dyndns.org:1024/img/Viewer.cab
DPF: {174793AA-EAE2-4188-AFA5-064BE26901B1} - hxxp://www.digitalgsp.com/xvr/CXRMS_1,1,0,1.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://isecure.spectralogic.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8735282F-B28C-4E68-A87B-0934AB3765E6} : DHCPNameServer = 192.168.200.70 192.168.200.71
TCP: Interfaces\{D08F5DBC-3172-41D1-81C8-54C76756A629} : DHCPNameServer = 192.168.200.70 192.168.200.71
TCP: Interfaces\{D08F5DBC-3172-41D1-81C8-54C76756A629}\3427F677C656976416D696C697 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{D1EA2FC0-4CD4-4335-9279-27AA7301D965} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-9-30 17072]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1401000.018\SymDS.sys [2012-10-15 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1401000.018\SymEFA.sys [2012-10-15 926880]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.0.24\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
R1 ccSet_Cloud;CC Standalone Settings Manager;c:\windows\system32\drivers\symantec.cloud\ccSetx86.sys [2012-8-31 132768]
R1 ccSet_NIS;Endpoint Protection.cloud Settings Manager;c:\windows\system32\drivers\nis\1401000.018\ccSetx86.sys [2012-10-15 134304]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.0.24\definitions\ipsdefs\20121205.001\IDSvix86.sys [2012-12-6 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1401000.018\Ironx86.sys [2012-10-15 175264]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1401000.018\symnets.sys [2012-10-15 338592]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-9-30 81920]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-23 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-23 27040]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 386928]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-9-30 13336]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-9-30 60928]
R2 inSyncCPHService;Druva inSync Client Service;c:\program files\druva\insync\inSyncCPHwnet.exe [2012-9-14 171008]
R2 NIS;Endpoint Protection.cloud;c:\program files\symantec.cloud\endpointprotectionagent\engine\20.1.0.24\ccSvcHst.exe [2012-10-15 143928]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-8-25 59904]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-11-26 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-11-26 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-11-26 168384]
R2 SsPaAdm;Symantec.cloud Cloud Agent;c:\program files\symantec.cloud\platformagent\ccSvcHst.exe [2012-8-31 138272]
R2 ssSpnAv;Symantec.cloud Endpoint Protection;c:\program files\symantec.cloud\antivirus\AVAgent.exe [2012-10-15 409040]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-9-30 2533400]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-9-30 42672]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-8-25 33832]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-8-25 224424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-10 106656]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-11-20 113152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CAATT;AT&T Con App Svc;c:\program files\at&t\communication manager\ConAppsSvc.exe [2008-11-20 125440]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-2-18 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-2-8 59648]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-12-28 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-12-28 269824]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-8-25 48640]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-8-25 38912]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-20 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-12 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-12-04 19:26:22 -------- d-----w- c:\users\johnc\appdata\roaming\Malwarebytes
2012-12-04 19:25:48 -------- d-----w- c:\programdata\Malwarebytes
2012-12-04 19:25:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-04 19:25:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-03 15:16:24 -------- d-----w- c:\windows\ERUNT
2012-12-03 15:16:09 -------- d-----w- C:\JRT
2012-11-26 22:38:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-26 22:37:54 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-11-26 22:37:50 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-11-26 22:36:43 -------- d-----w- c:\users\johnc\appdata\local\Programs
2012-11-26 19:01:45 37888 ----a-w- c:\windows\system32\Holiday Lights.scr
2012-11-26 19:01:37 -------- d-----w- c:\program files\Tiger Technologies
2012-11-26 19:01:32 -------- d-----w- c:\windows\system32\searchplugins
2012-11-26 19:01:32 -------- d-----w- c:\windows\system32\Extensions
2012-11-26 19:01:28 -------- d-----w- c:\programdata\Browser Manager
2012-11-15 10:49:20 -------- d-----w- c:\users\johnc\inSync Share
2012-11-14 14:53:15 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 14:53:14 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 18:00:16 -------- d-----w- C:\inSync4
2012-11-07 18:00:13 -------- d-----w- c:\program files\Druva
.
==================== Find3M ====================
.
2012-11-15 14:43:03 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-15 14:43:03 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-15 14:17:33 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 10:25:03.91 ===============

shelf life

2012-12-07, 23:44

Sorry its the aswmbr log I wanted to see again not DDS like I asked.

Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe).exe to your desktop.

Double click the aswMBR.exe to run it. Vista W7 right click and run as admin
For the question: Would you like to download latest Avast! virus definitions?" Click YES to download the additional files..then
Click the "Scan" button to start scan.
Once the scan is done click the"Save log", save it to your desktop and post it in your next reply.

jpc763

2012-12-08, 01:00

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-07 16:30:37
-----------------------------
16:30:37.093 OS Version: Windows 6.1.7601 Service Pack 1
16:30:37.093 Number of processors: 8 586 0x1E05
16:30:37.093 ComputerName: JOHNCROWLEY1 UserName: JohnC
16:30:39.948 Initialize success
16:30:46.282 AVAST engine defs: 12120700
16:30:49.932 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:30:49.948 Disk 0 Vendor: TOSHIBA_ LH00 Size: 476940MB BusType: 8
16:30:50.026 Disk 0 MBR read successfully
16:30:50.041 Disk 0 MBR scan
16:30:50.057 Disk 0 Windows VISTA default MBR code
16:30:50.073 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
16:30:50.088 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 30021 MB offset 81920
16:30:50.119 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 446870 MB offset 61577145
16:30:50.119 Disk 0 scanning sectors +976768065
16:30:50.213 Disk 0 scanning C:\Windows\system32\drivers
16:31:01.336 Service scanning
16:31:31.116 Modules scanning
16:31:40.336 Disk 0 trace - called modules:
16:31:40.367 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdfltn.sys ACPI.sys halmacpi.dll iaStor.sys
16:31:40.383 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89220030]
16:31:40.383 3 CLASSPNP.SYS[8d5a759e] -> nt!IofCallDriver -> [0x8921f780]
16:31:40.398 5 stdfltn.sys[8d7fc70c] -> nt!IofCallDriver -> [0x872c0c08]
16:31:40.414 7 ACPI.sys[8ccb23d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x872c4028]
16:31:42.738 AVAST engine scan C:\Windows
16:31:47.605 AVAST engine scan C:\Windows\system32
16:34:57.941 AVAST engine scan C:\Windows\system32\drivers
16:35:20.717 AVAST engine scan C:\Users\johnc
16:55:07.795 AVAST engine scan C:\ProgramData
16:56:37.744 Scan finished successfully
16:57:17.899 Disk 0 MBR has been saved successfully to "C:\Users\johnc\Desktop\MBR.dat"
16:57:17.930 The log file has been saved successfully to "C:\Users\johnc\Desktop\aswMBR.txt"

shelf life

2012-12-08, 02:29

Ok. Your good. You can delete the tdsskiller icon, adwcleaner, aswMBR and JRT icons and logs. The free version of Malwarebytes keep and note that it must be updated manually and a scan started manually. It dosnt run in the background.
If all is good some tips;

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here. ( http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing tricks. (http://www.fraud.org/tips/internet/phishing.htm)

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista, Windows 7 and Windows 8 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) Your browser risks: The why and how (http://www.cert.org/tech_tips/securing_browser/) to secure your browser for safer surfing. For added protection disable Java (http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse) in your browser.

10) Warez, cracks, keygens etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Do you really trust the source of the file?
More info/tips with pictures, links below

Happy Safe Surfing.