Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirsvc.exe virus


  • Please log in to reply
12 replies to this topic

#1 Richardski

Richardski

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 21 January 2014 - 02:42 PM

When I am using Google Chrome, and I open a link in a new tab, suddenly within that tab a pop-up new window appears. The address bar in the new window briefly says www.redirsvc.com with a long string of additional characters after that. Then it redirects to another website which is a survey or other marketing site.

 

Spybot could not find it, nor could Norton Power eraser. An internet search shows that this virus is very hard to get rid of, and requires deletions in the registry. But I could not find any agreement on what registry changes to make. I ran across a repair tool at PC Max Utilities at http://www.pcmaxutilities.com/wikidllfiles/redirsvc-exe-error-fix-guide.html but I don't know any thing about PC Max Utilities. I would post a screen shot but I don't know how. Any help would be appreciated.

 

Richardski

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:11 AM

Posted 21 January 2014 - 02:52 PM

Hello there are 2 of these and one belongs to McAfee..

Lets get a look.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    .
    .
    .
    .
    • Last run ESET.
      • Hold down Control and click on this link to open ESET OnlineScan in a new window.
      • Click the esetonlinebtn.png button.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.
      • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Richardski

Richardski
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 24 January 2014 - 02:20 PM

Thank you so much for your help. I think I got this infection when I replied to a survey on Amazon. I do have McAfee but it has never been a problem. I think I have gotten a rogue redirsvc.exe.

 

No scan showed any threats except the ESET on-line scan. Oddly, AdwCleaner showed no threats, but I told it to remove any threats anyway. I see it made some registry deletion.

 

I have used Chrome today, and so far no redirsvc.exe pop-ups have appeared.

 

Below are the results of MiniToolBox and the scans.

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Eric Feder (administrator) on 23-01-2014 at 10:24:27
Running from "C:\Documents and Settings\Eric Feder\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "localhost,127.0.0.1"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 14640 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : eric

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

 

Ethernet adapter Local Area Connection:

 

        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

        Physical Address. . . . . . . . . : 00-07-E9-43-15-84

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.100

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 64.65.208.6

                                            64.65.196.6

        Lease Obtained. . . . . . . . . . : Thursday, January 23, 2014 10:18:37 AM

        Lease Expires . . . . . . . . . . : Friday, January 24, 2014 10:18:37 AM

Server:  ns4.choiceone.net
Address:  64.65.208.6

Name:    google.com
Addresses:  74.125.225.9, 74.125.225.14, 74.125.225.0, 74.125.225.1
   74.125.225.2, 74.125.225.3, 74.125.225.4, 74.125.225.5, 74.125.225.6
   74.125.225.7, 74.125.225.8

 

Pinging google.com [74.125.225.14] with 32 bytes of data:

 

Reply from 74.125.225.14: bytes=32 time=36ms TTL=56

Reply from 74.125.225.14: bytes=32 time=36ms TTL=56

 

Ping statistics for 74.125.225.14:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 36ms, Maximum = 36ms, Average = 36ms

Server:  ns4.choiceone.net
Address:  64.65.208.6

Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

 

Reply from 98.138.253.109: bytes=32 time=139ms TTL=53

Reply from 98.138.253.109: bytes=32 time=54ms TTL=53

 

Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 54ms, Maximum = 139ms, Average = 96ms

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 07 e9 43 15 84 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.100   20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
      169.254.0.0      255.255.0.0    192.168.1.100   192.168.1.100   20
      192.168.1.0    255.255.255.0    192.168.1.100   192.168.1.100   20
    192.168.1.100  255.255.255.255        127.0.0.1       127.0.0.1   20
    192.168.1.255  255.255.255.255    192.168.1.100   192.168.1.100   20
        224.0.0.0        240.0.0.0    192.168.1.100   192.168.1.100   20
  255.255.255.255  255.255.255.255    192.168.1.100   192.168.1.100   1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/21/2014 01:13:40 PM) (Source: PowerAlert UPS Engine) (User: )
Description: The communications port specified could not be opened.

Error: (01/21/2014 00:45:10 PM) (Source: PowerAlert UPS Engine) (User: )
Description: The communications port specified could not be opened.

Error: (01/20/2014 04:35:59 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ERIC FEDER\MY DOCUMENTS\HELP - VIRUSES\SEARCH REGISTRY.DOC> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (01/20/2014 04:35:59 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ERIC FEDER\MY DOCUMENTS\HELP - VIRUSES\SEARCH REGISTRY.DOC> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (01/20/2014 03:23:06 PM) (Source: PowerAlert UPS Engine) (User: )
Description: The communications port specified could not be opened.

Error: (01/20/2014 03:16:44 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ERIC FEDER\RECENT\HELP - VIRUSES.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (01/20/2014 03:16:44 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ERIC FEDER\RECENT\HELP - VIRUSES.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (01/20/2014 03:04:52 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ERIC FEDER\RECENT\HELP - VIRUSES.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (01/20/2014 03:04:52 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ERIC FEDER\RECENT\HELP - VIRUSES.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (01/17/2014 03:39:19 PM) (Source: PowerAlert UPS Engine) (User: )
Description: The communications port specified could not be opened.

System errors:
=============
Error: (01/21/2014 01:14:21 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
atapi
IntelIde
Lbd
PCIIde

Error: (01/21/2014 00:48:55 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverHOPENetBT_Tcpip_{82F67B9C-07C3-40BB-B0E3

Error: (01/21/2014 00:46:17 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
atapi
IntelIde
Lbd
PCIIde

Error: (01/20/2014 03:23:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (01/20/2014 03:23:09 PM) (Source: Print) (User: NT AUTHORITY)
Description: Sharing printer failed + 1722, Printer Xerox WC M15 Series PCL 6 share name Printer.

Error: (01/20/2014 00:59:28 PM) (Source: 0) (User: )
Description: \Device\LanmanServer

Error: (01/20/2014 00:59:28 PM) (Source: 0) (User: )
Description: \Device\LanmanServer

Error: (01/20/2014 00:59:07 PM) (Source: 0) (User: )
Description: \Device\LanmanServer

Error: (01/20/2014 00:59:07 PM) (Source: 0) (User: )
Description: \Device\LanmanServer

Error: (01/20/2014 00:59:07 PM) (Source: 0) (User: )
Description: \Device\LanmanServer

Microsoft Office Sessions:
=========================
Error: (01/21/2014 01:13:40 PM) (Source: PowerAlert UPS Engine)(User: )
Description: The communications port specified could not be opened.

Error: (01/21/2014 00:45:10 PM) (Source: PowerAlert UPS Engine)(User: )
Description: The communications port specified could not be opened.

Error: (01/20/2014 04:35:59 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ERIC FEDER\MY DOCUMENTS\HELP - VIRUSES\SEARCH REGISTRY.DOC

Error: (01/20/2014 04:35:59 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ERIC FEDER\MY DOCUMENTS\HELP - VIRUSES\SEARCH REGISTRY.DOC

Error: (01/20/2014 03:23:06 PM) (Source: PowerAlert UPS Engine)(User: )
Description: The communications port specified could not be opened.

Error: (01/20/2014 03:16:44 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ERIC FEDER\RECENT\HELP - VIRUSES.LNK

Error: (01/20/2014 03:16:44 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ERIC FEDER\RECENT\HELP - VIRUSES.LNK

Error: (01/20/2014 03:04:52 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ERIC FEDER\RECENT\HELP - VIRUSES.LNK

Error: (01/20/2014 03:04:52 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ERIC FEDER\RECENT\HELP - VIRUSES.LNK

Error: (01/17/2014 03:39:19 PM) (Source: PowerAlert UPS Engine)(User: )
Description: The communications port specified could not be opened.

=========================== Installed Programs ============================

2x1/4x1 USB Peripheral Switch
4t Tray Minimizer Free 4.40
Acoustica MP3 CD Burner
Acronis True Image Home (Version: 13.0.7046)
Adobe Acrobat - Reader 6.0.2 Update (Version: 6.0.2)
Adobe Acrobat 6.0.1 Standard (Version: 006.000.001)
Adobe Acrobat and Reader 6.0.3 Update (Version: 6.0.3)
Adobe Acrobat and Reader 6.0.5 Update (Version: 6.0.5)
Adobe Acrobat and Reader 6.0.6 Update (Version: 6.0.6)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader 8.1.7 (Version: 8.1.7)
Adobe Reader 8.3.1 (Version: 8.3.1)
Advanced SystemCare 6 (Version: 6.2)
AnswerWorks Runtime
Anvil Studio
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
Audacity 1.2.3
Audio Xtract Pro 1.0.0.2 (Version: 1.0.0.2)
Audio Xtract Pro 1.0.1.1 (Version: 1.0.1.1)
Belarc Advisor 7.2
Best Case Bankruptcy (Version: 23)
Best Case Bankruptcy for Windows
BestPractice (remove only)
Bonjour (Version: 2.0.5.0)
BOOMBox Internet Radio Player v1.0
CheckIt  Diagnostics (Version: 7.1)
Chronotron Pro (Version: 1.0.0)
CodeStuff Starter (Version: 5.6.2.9)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Corel Applications
Coupon Printer for Windows (Version: 5.0.0.1)
Critical Update for Windows Media Player 11 (KB959772)
Dragon NaturallySpeaking 11 (Version: 11.50.100)
Easy Hi-Q Recorder 1.5
eMusic - 50 Free MP3 offer
Express Burn Uninstall
Express Rip Uninstall
exPressit S.E. 2.1
ExtendNet Connect for TCP/IP (Windows NT/2000/XP)
ExtendView
FileNET Panagon Viewer 3.1
Finale NotePad 2006
Free Loan Calculator (Version: 4.0)
Gadwin PrintScreen (Version: 3.5)
GearDrvs (Version: 1.00.0000)
Google Chrome (Version: 32.0.1700.76)
Google Earth Plug-in (Version: 7.1.2.2041)
Google Toolbar for Firefox (Version: 7.1.20110512)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320)
Google Update Helper (Version: 1.3.22.3)
Google Updater (Version: 2.4.1536.6592)
IBM AFP Viewer Plug-In
Intel Application Accelerator
Intel® Extreme Graphics Driver
Intel® PRO Ethernet Adapter and Software
Intel® Processor ID Utility (Version: 3.6.0000)
InterVideo WinDVD 4
iTunes (Version: 10.2.2.14)
Japanese Fonts Support For Adobe Reader 8 (Version: 8.0)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
LizardTech DjVu Control
Macromedia Shockwave Player (Version: 10.1.0.11)
McAfee Security Scan Plus (Version: 3.0.287.1)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Converter Pack (Version: 11.0.0.0)
Microsoft Office Outlook 2003 with Business Contact Manager Update (Version: 2.0.5324.0)
Microsoft Office Small Business Edition 2003 (Version: 11.0.8173.0)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows Media Video 9 VCM
MidiNotate Player (Version: 1.1.7)
Mozilla Firefox (3.6.13) (Version: 3.6.13 (en-US))
MSN Music Assistant
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero - Burning Rom (Version: 5.5.9)
Nero BurnRights
Norton 360 (Version: 20.4.0.40)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
PaperPort 9.0 (Version: 9.02.0811)
PDFCreator (Version: 1.1.0)
PowerAlert 11.07 (Version: 11.0.7.0000)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
PrintPunk 1.1.2 (Version: 1.1.2.1)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
RecordPad Sound Recorder Uninstall
Remove Hidden Data Tool (Version: 11.0.6361.0)
Savings Bond Wizard
ScanSoft OmniPage Pro 14.0 (Version: 14.01.0000)
ScanSoft PDF Converter (Version: 1.00.0000)
ScanSoft PDF Printer (Version: 1.02.0000)
ScanSoft PDF Professional 3.0 (Version: 3.00.0000)
SideStep
SigmaTel AC97 Audio Drivers
Sizer (remove only)
SlowGold
SmartDraw VP
Speaker Workshop
Spybot - Search & Destroy (Version: 1.6.2)
Switch Uninstall
Symantec Technical Support Advanced Chat Controls (Version: 3.5.3)
TextBridge Pro 9.0
TheRecord Player (Version: 5.4.2.0)
Tips 2000
TopArcadeHits
Total Recorder 5.1
Tweak UI
UltraPlayer
Uniblue Registry Booster
Uninstall Twain Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
URGE (Version: 1.1.9060.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (Version: 11.0.0)
Visual C++ Runtime for Dragon NaturallySpeaking (Version: 10.00.000.038)
WavePad Uninstall
WD SmartWare (Version: 1.2.0.20)
WebFldrs XP (Version: 9.50.6513)
Winamp (Version: 5.623 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0036.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows PowerShell™ 1.0 (Version: 2)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip (Version:  8.1 SR-1  (5266))
WordPipe Evaluation 5.1.4 (Version: 5.1.4)
WordToys
Xerox DocuMate 510 Driver (Version: 4.6.10305)
Xerox WorkCentre M15 Series driver

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 2045.8 MB
Available physical RAM: 1294.55 MB
Total Pagefile: 3429.44 MB
Available Pagefile: 2485.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.8 MB

========================= Partitions: =====================================

2 Drive c: (Eric C) (Fixed) (Total:465.76 GB) (Free:412.66 GB) NTFS

========================= Users: ========================================

User accounts for \\ERIC

admin                    Administrator            ASPNET                  
Eric Feder               Guest                    HelpAssistant           
SUPPORT_388945a0        

**** End of log ****

 

 

14:01:03.0328 0x0324  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
14:01:11.0484 0x0324  ============================================================
14:01:11.0484 0x0324  Current date / time: 2014/01/24 14:01:11.0484
14:01:11.0484 0x0324  SystemInfo:
14:01:11.0484 0x0324 
14:01:11.0484 0x0324  OS Version: 5.1.2600 ServicePack: 3.0
14:01:11.0484 0x0324  Product type: Workstation
14:01:11.0484 0x0324  ComputerName: ERIC
14:01:11.0484 0x0324  UserName: Eric Feder
14:01:11.0484 0x0324  Windows directory: C:\WINDOWS
14:01:11.0484 0x0324  System windows directory: C:\WINDOWS
14:01:11.0484 0x0324  Processor architecture: Intel x86
14:01:11.0484 0x0324  Number of processors: 1
14:01:11.0484 0x0324  Page size: 0x1000
14:01:11.0484 0x0324  Boot type: Normal boot
14:01:11.0484 0x0324  ============================================================
14:01:12.0875 0x0324  KLMD registered as C:\WINDOWS\system32\drivers\82625232.sys
14:01:13.0765 0x0324  System UUID: {CA25FB92-7910-F754-16F2-62EC1C78FF10}
14:01:15.0500 0x0324  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:01:15.0500 0x0324  Drive \Device\Harddisk1\DR2 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:01:15.0515 0x0324  ============================================================
14:01:15.0515 0x0324  \Device\Harddisk0\DR0:
14:01:15.0515 0x0324  MBR partitions:
14:01:15.0515 0x0324  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
14:01:15.0515 0x0324  \Device\Harddisk1\DR2:
14:01:15.0515 0x0324  MBR partitions:
14:01:15.0515 0x0324  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x745B7000
14:01:15.0515 0x0324  ============================================================
14:01:15.0593 0x0324  C: <-> \Device\Harddisk0\DR0\Partition1
14:01:15.0609 0x0324  F: <-> \Device\Harddisk1\DR2\Partition1
14:01:15.0609 0x0324  ============================================================
14:01:15.0609 0x0324  Initialize success
14:01:15.0609 0x0324  ============================================================
14:01:50.0687 0x0cb4  ============================================================
14:01:50.0687 0x0cb4  Scan started
14:01:50.0687 0x0cb4  Mode: Manual;
14:01:50.0687 0x0cb4  ============================================================
14:01:50.0687 0x0cb4  KSN ping started
14:01:53.0296 0x0cb4  KSN ping finished: true
14:01:55.0218 0x0cb4  ================ Scan system memory ========================
14:01:57.0250 0x0cb4  System memory - ok
14:01:57.0265 0x0cb4  ================ Scan services =============================
14:01:57.0484 0x0cb4  Abiosdsk - ok
14:01:57.0515 0x0cb4  abp480n5 - ok
14:01:57.0593 0x0cb4  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:01:57.0609 0x0cb4  ACPI - ok
14:01:57.0765 0x0cb4  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:01:57.0765 0x0cb4  ACPIEC - ok
14:01:57.0906 0x0cb4  [ 42C431FFFC4277F4EE98A9F97ADEE886, E5C94884E67F6CEBF6A055267A637B16DD9CBAC7738F5FA2BC98B22377DCEF4D ] AcrSch2Svc      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
14:01:57.0953 0x0cb4  AcrSch2Svc - ok
14:01:58.0093 0x0cb4  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:01:58.0125 0x0cb4  AdobeFlashPlayerUpdateSvc - ok
14:01:58.0171 0x0cb4  adpu160m - ok
14:01:58.0265 0x0cb4  [ 9243229DFCCC99B5441750EBA49F1B14, 1292D9A049F07E74F3E60068D839E9166BBC090A63972FBE5432D4818AA9DF47 ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
14:01:58.0359 0x0cb4  AdvancedSystemCareService6 - ok
14:01:58.0437 0x0cb4  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:01:58.0453 0x0cb4  aec - ok
14:01:58.0515 0x0cb4  [ 4FA0CA536DAB995BAF48BD41B4E2ED00, 0195BCC844649B74C3B0E992BAF060D8A3185B1DA905024E8FE3D37B7DB1C38A ] afcdp           C:\WINDOWS\system32\DRIVERS\afcdp.sys
14:01:58.0531 0x0cb4  afcdp - ok
14:01:58.0750 0x0cb4  [ 8B333E7FF3147A63B15975B512364466, 8B9DAA3875DA997C08870C1C8A11264DE90B7B17ADF45E71B921BF3CEDFCBCA5 ] afcdpsrv        C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
14:01:58.0937 0x0cb4  afcdpsrv - ok
14:01:59.0031 0x0cb4  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:01:59.0046 0x0cb4  AFD - ok
14:01:59.0078 0x0cb4  Aha154x - ok
14:01:59.0109 0x0cb4  aic78u2 - ok
14:01:59.0140 0x0cb4  aic78xx - ok
14:01:59.0203 0x0cb4  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:01:59.0203 0x0cb4  Alerter - ok
14:01:59.0250 0x0cb4  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
14:01:59.0265 0x0cb4  ALG - ok
14:01:59.0296 0x0cb4  AliIde - ok
14:01:59.0328 0x0cb4  amsint - ok
14:01:59.0406 0x0cb4  [ 20F6F19FE9E753F2780DC2FA083AD597, 5106F0F9BA8A7DE49260A9B13BF8EC45ACA6A166FA8B10B4F69C3BB54F6840A1 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:01:59.0437 0x0cb4  Apple Mobile Device - ok
14:01:59.0500 0x0cb4  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:01:59.0515 0x0cb4  AppMgmt - ok
14:01:59.0546 0x0cb4  asc - ok
14:01:59.0578 0x0cb4  asc3350p - ok
14:01:59.0625 0x0cb4  asc3550 - ok
14:01:59.0718 0x0cb4  [ B979979AB8027F7F53FB16EC4229B7DB, 3D50396B13B494D0082266C29C40715981CA105F6E407288C71410D4B833BB10 ] ASPI32          C:\WINDOWS\system32\drivers\ASPI32.sys
14:01:59.0734 0x0cb4  ASPI32 - ok
14:01:59.0859 0x0cb4  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:01:59.0890 0x0cb4  aspnet_state - ok
14:01:59.0953 0x0cb4  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:01:59.0953 0x0cb4  AsyncMac - ok
14:02:00.0000 0x0cb4  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:02:00.0000 0x0cb4  atapi - ok
14:02:00.0046 0x0cb4  Atdisk - ok
14:02:00.0093 0x0cb4  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:02:00.0093 0x0cb4  Atmarpc - ok
14:02:00.0140 0x0cb4  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:02:00.0156 0x0cb4  AudioSrv - ok
14:02:00.0218 0x0cb4  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:02:00.0218 0x0cb4  audstub - ok
14:02:00.0281 0x0cb4  [ 5D7BE7B19E827125E016325334E58FF1, 76AE80C91BF53DF4EE18C92D47EDC6541C2013E3669278166079D1A4A24F9FB6 ] BANTExt         C:\WINDOWS\System32\Drivers\BANTExt.sys
14:02:00.0281 0x0cb4  BANTExt - ok
14:02:00.0359 0x0cb4  [ 90A87D49205B3893281203A477F66FE5, 47EB932F9700B6FEC0929E612C2462C14DCC8EDB20291993EC1AF704920507AA ] BCMNTIO         C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
14:02:00.0359 0x0cb4  BCMNTIO - ok
14:02:00.0421 0x0cb4  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:02:00.0421 0x0cb4  Beep - ok
14:02:00.0656 0x0cb4  [ B7150272AADDCC6F0EFDB8BEF1CD7376, 9FA3E9AD868F48917BDDBEA7E57FED7DCA699DDC751936CD03864D6D01FB2F7A ] BHDrvx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20140121.001\BHDrvx86.sys
14:02:00.0750 0x0cb4  BHDrvx86 - ok
14:02:00.0859 0x0cb4  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:02:00.0953 0x0cb4  BITS - ok
14:02:01.0093 0x0cb4  [ F2060A34C8A75BC24A9222EB4F8C07BD, 14EE16BF7E55716C1ADC3F133582A03339844088CF01E929B5A8FB8FA515F714 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:02:01.0125 0x0cb4  Bonjour Service - ok
14:02:01.0203 0x0cb4  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
14:02:01.0218 0x0cb4  Browser - ok
14:02:01.0281 0x0cb4  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:02:01.0281 0x0cb4  cbidf2k - ok
14:02:01.0375 0x0cb4  [ 3BEE52611F22C9C0023A98A4425E084F, 974FD5D89C8E06DC0C7E7ADB73E060CFCCA4910E69691F2BC9585B0ED1DCEFC2 ] ccSet_N360      C:\WINDOWS\system32\drivers\N360\1404000.028\ccSetx86.sys
14:02:01.0390 0x0cb4  ccSet_N360 - ok
14:02:01.0421 0x0cb4  cd20xrnt - ok
14:02:01.0468 0x0cb4  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:02:01.0468 0x0cb4  Cdaudio - ok
14:02:01.0562 0x0cb4  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:02:01.0562 0x0cb4  Cdfs - ok
14:02:01.0640 0x0cb4  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:02:01.0640 0x0cb4  Cdrom - ok
14:02:01.0671 0x0cb4  Changer - ok
14:02:01.0734 0x0cb4  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:02:01.0750 0x0cb4  CiSvc - ok
14:02:01.0796 0x0cb4  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:02:01.0796 0x0cb4  ClipSrv - ok
14:02:01.0843 0x0cb4  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:02:01.0984 0x0cb4  clr_optimization_v2.0.50727_32 - ok
14:02:02.0015 0x0cb4  CmdIde - ok
14:02:02.0062 0x0cb4  COMSysApp - ok
14:02:02.0109 0x0cb4  Cpqarray - ok
14:02:02.0156 0x0cb4  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:02:02.0156 0x0cb4  CryptSvc - ok
14:02:02.0187 0x0cb4  dac2w2k - ok
14:02:02.0218 0x0cb4  dac960nt - ok
14:02:02.0328 0x0cb4  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:02:02.0390 0x0cb4  DcomLaunch - ok
14:02:02.0453 0x0cb4  [ 1EC27A51A2F9DF052BC2B4C8376C8FEA, 6B903263C4E5A26FE161EF829FD5C597485DFE1E9DBADD60FBEECE9F6605E79F ] DgiVecp         C:\WINDOWS\system32\Drivers\DgiVecp.sys
14:02:02.0453 0x0cb4  DgiVecp - ok
14:02:02.0515 0x0cb4  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:02:02.0515 0x0cb4  Dhcp - ok
14:02:02.0593 0x0cb4  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:02:02.0593 0x0cb4  Disk - ok
14:02:02.0625 0x0cb4  dmadmin - ok
14:02:02.0796 0x0cb4  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:02:02.0859 0x0cb4  dmboot - ok
14:02:02.0921 0x0cb4  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:02:02.0921 0x0cb4  dmio - ok
14:02:02.0968 0x0cb4  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:02:02.0968 0x0cb4  dmload - ok
14:02:03.0000 0x0cb4  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:02:03.0015 0x0cb4  dmserver - ok
14:02:03.0062 0x0cb4  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:02:03.0078 0x0cb4  DMusic - ok
14:02:03.0125 0x0cb4  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:02:03.0140 0x0cb4  Dnscache - ok
14:02:03.0203 0x0cb4  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:02:03.0218 0x0cb4  Dot3svc - ok
14:02:03.0281 0x0cb4  [ 3E4B043F8BC6BE1D4820CC6C9C500306, 41F5AB9F3D65FEF3AB50562A3B91A3268B887CCF7FE5FC9D49478147700C72F4 ] Dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
14:02:03.0312 0x0cb4  Dot4 - ok
14:02:03.0343 0x0cb4  [ 77CE63A8A34AE23D9FE4C7896D1DEBE7, FC17B00AEDC57AC436EACD2D576642098479E5CE10A42775D339B66A53460DC7 ] Dot4Print       C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
14:02:03.0359 0x0cb4  Dot4Print - ok
14:02:03.0390 0x0cb4  [ 2EBAC67DAD0DA30BCCD0E838BC98DB5B, E9048C4DB08B2EA557F5F9CF2A51A71DDE53BA8D19D7562222AE96A7955681D0 ] dot4ufd         C:\WINDOWS\system32\DRIVERS\hppaufd0.sys
14:02:03.0406 0x0cb4  dot4ufd - ok
14:02:03.0437 0x0cb4  dpti2o - ok
14:02:03.0500 0x0cb4  [ F7BDA38AFBDA04F0A89DEBA767EEDA79, 06C14DFA8DFC004B18D0E1A82C7B4CCFC3E6B1F034123F815CB6C30AB464DB62 ] DragonSvc       C:\Program Files\Common Files\Nuance\dgnsvc.exe
14:02:03.0515 0x0cb4  DragonSvc - ok
14:02:03.0578 0x0cb4  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:02:03.0593 0x0cb4  drmkaud - ok
14:02:03.0640 0x0cb4  [ FE9CB643A034285031502D3369E5A869, 999704A1BDDD391F928901DCE970C48CE5101DA2D9EDFF7EA6DB29A558DEE723 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:02:03.0640 0x0cb4  E100B - ok
14:02:03.0703 0x0cb4  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
14:02:03.0718 0x0cb4  EapHost - ok
14:02:03.0828 0x0cb4  [ 08EE8892FD19A6A951F40254E97F6EF3, 76F19B49DDC7B1CD7839BF0DF6A417F2DD756C924931F39291BC1D25A3C6077D ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:02:03.0859 0x0cb4  eeCtrl - ok
14:02:03.0906 0x0cb4  [ 050D136C61DBCF36C257206ADBBEC009, 0FD13A4B43534ABF84B637F0749AED30CAF8EB2A50C0ABE70B76608AEE925A30 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:02:03.0921 0x0cb4  EraserUtilRebootDrv - ok
14:02:03.0984 0x0cb4  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:02:03.0984 0x0cb4  ERSvc - ok
14:02:04.0031 0x0cb4  esgiguard - ok
14:02:04.0093 0x0cb4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
14:02:04.0125 0x0cb4  Eventlog - ok
14:02:04.0218 0x0cb4  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\System32\es.dll
14:02:04.0234 0x0cb4  EventSystem - ok
14:02:04.0281 0x0cb4  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:02:04.0296 0x0cb4  Fastfat - ok
14:02:04.0375 0x0cb4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:02:04.0390 0x0cb4  FastUserSwitchingCompatibility - ok
14:02:04.0421 0x0cb4  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
14:02:04.0421 0x0cb4  Fdc - ok
14:02:04.0453 0x0cb4  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:02:04.0453 0x0cb4  Fips - ok
14:02:04.0500 0x0cb4  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:02:04.0500 0x0cb4  Flpydisk - ok
14:02:04.0578 0x0cb4  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
14:02:04.0609 0x0cb4  FltMgr - ok
14:02:04.0687 0x0cb4  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:02:04.0703 0x0cb4  FontCache3.0.0.0 - ok
14:02:04.0734 0x0cb4  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:02:04.0734 0x0cb4  Fs_Rec - ok
14:02:04.0765 0x0cb4  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:02:04.0781 0x0cb4  Ftdisk - ok
14:02:04.0828 0x0cb4  [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA, 383E909FDE99D101F374FCBB207DA26A4FCFECDE676410C959D88E33CE1E7591 ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:02:04.0828 0x0cb4  GEARAspiWDM - ok
14:02:04.0875 0x0cb4  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:02:04.0890 0x0cb4  Gpc - ok
14:02:05.0000 0x0cb4  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:02:05.0000 0x0cb4  gupdate - ok
14:02:05.0031 0x0cb4  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:02:05.0031 0x0cb4  gupdatem - ok
14:02:05.0156 0x0cb4  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:02:05.0187 0x0cb4  gusvc - ok
14:02:05.0296 0x0cb4  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:02:05.0296 0x0cb4  helpsvc - ok
14:02:05.0343 0x0cb4  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:02:05.0343 0x0cb4  HidServ - ok
14:02:05.0390 0x0cb4  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:02:05.0437 0x0cb4  HidUsb - ok
14:02:05.0500 0x0cb4  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
14:02:05.0515 0x0cb4  hkmsvc - ok
14:02:05.0562 0x0cb4  hpn - ok
14:02:05.0625 0x0cb4  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:02:05.0671 0x0cb4  HTTP - ok
14:02:05.0718 0x0cb4  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:02:05.0718 0x0cb4  HTTPFilter - ok
14:02:05.0750 0x0cb4  i2omgmt - ok
14:02:05.0796 0x0cb4  i2omp - ok
14:02:05.0828 0x0cb4  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:02:05.0828 0x0cb4  i8042prt - ok
14:02:05.0953 0x0cb4  [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4, D371103E752EF852BEDE330AB23EED4BFFD4150961EC377B03D69D871368F144 ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:02:06.0046 0x0cb4  ialm - ok
14:02:06.0140 0x0cb4  [ 791F0829DE88DD0CA77192F0DFAD03B6, 21D1F0900F7459CCECDD336DE96F0B801A2F95B450BBE26E14CB3CCD32C82D28 ] IdeBusDr        C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
14:02:06.0140 0x0cb4  IdeBusDr - ok
14:02:06.0187 0x0cb4  [ 7D2B8BE9E89628663C1FB571F7C34062, E14AA54409276A03CAAC236D8F07A7317F174B925D0E9F6235211BF610C6925C ] IdeChnDr        C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
14:02:06.0187 0x0cb4  IdeChnDr - ok
14:02:06.0296 0x0cb4  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:02:06.0296 0x0cb4  IDriverT - ok
14:02:06.0437 0x0cb4  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:02:06.0500 0x0cb4  idsvc - ok
14:02:06.0625 0x0cb4  [ 53380A4F623C73F10DF809D273AB092B, D851B4CE6EFBA4B25E52CD5455D1750016BAC263D8F5C277AB0874BD03923DE3 ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20140123.001\IDSxpx86.sys
14:02:06.0656 0x0cb4  IDSxpx86 - ok
14:02:06.0718 0x0cb4  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:02:06.0718 0x0cb4  Imapi - ok
14:02:06.0781 0x0cb4  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\System32\imapi.exe
14:02:06.0796 0x0cb4  ImapiService - ok
14:02:06.0828 0x0cb4  ini910u - ok
14:02:06.0890 0x0cb4  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
14:02:06.0906 0x0cb4  IntelIde - ok
14:02:06.0953 0x0cb4  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:02:06.0968 0x0cb4  intelppm - ok
14:02:07.0015 0x0cb4  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
14:02:07.0031 0x0cb4  Ip6Fw - ok
14:02:07.0078 0x0cb4  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:02:07.0078 0x0cb4  IpFilterDriver - ok
14:02:07.0140 0x0cb4  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:02:07.0140 0x0cb4  IpInIp - ok
14:02:07.0187 0x0cb4  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:02:07.0187 0x0cb4  IpNat - ok
14:02:07.0312 0x0cb4  [ E51BD095B2FDF56B17EE010BB794D6ED, EEF30B3161A7929E34DE34363CCBCB9E51AD7F1E7FAEE85963075C5775F7E806 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:02:07.0359 0x0cb4  iPod Service - ok
14:02:07.0421 0x0cb4  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:02:07.0421 0x0cb4  IPSec - ok
14:02:07.0531 0x0cb4  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:02:07.0531 0x0cb4  IRENUM - ok
14:02:07.0593 0x0cb4  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:02:07.0593 0x0cb4  isapnp - ok
14:02:07.0625 0x0cb4  ivusb - ok
14:02:07.0796 0x0cb4  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:02:07.0796 0x0cb4  JavaQuickStarterService - ok
14:02:07.0828 0x0cb4  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:02:07.0828 0x0cb4  Kbdclass - ok
14:02:07.0875 0x0cb4  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:02:07.0890 0x0cb4  kmixer - ok
14:02:07.0953 0x0cb4  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:02:07.0953 0x0cb4  KSecDD - ok
14:02:08.0031 0x0cb4  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
14:02:08.0046 0x0cb4  lanmanserver - ok
14:02:08.0125 0x0cb4  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:02:08.0125 0x0cb4  lanmanworkstation - ok
14:02:08.0171 0x0cb4  Lbd - ok
14:02:08.0203 0x0cb4  lbrtfdc - ok
14:02:08.0296 0x0cb4  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:02:08.0312 0x0cb4  LmHosts - ok
14:02:08.0328 0x0cb4  MagicTune - ok
14:02:08.0390 0x0cb4  [ 61330A29BD4230505A7618BC41693CBB, 50782D1A4773E8566EDB7911D7C27E4F6ACD2F4F6BD9918CDDD85284B1CCFAB0 ] MAPMEM          C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
14:02:08.0390 0x0cb4  MAPMEM - ok
14:02:08.0468 0x0cb4  [ 8575512AE3D52A9E57E9E517C1DF09E8, C1A203D94CE28FE5B0156059FD20052967D426707A0D1F282E41A24624EA6C13 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.287\McCHSvc.exe
14:02:08.0500 0x0cb4  McComponentHostService - ok
14:02:08.0562 0x0cb4  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:02:08.0578 0x0cb4  Messenger - ok
14:02:08.0640 0x0cb4  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:02:08.0640 0x0cb4  mnmdd - ok
14:02:08.0718 0x0cb4  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
14:02:08.0718 0x0cb4  mnmsrvc - ok
14:02:08.0765 0x0cb4  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:02:08.0765 0x0cb4  Modem - ok
14:02:08.0796 0x0cb4  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:02:08.0796 0x0cb4  Mouclass - ok
14:02:08.0828 0x0cb4  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:02:08.0828 0x0cb4  MountMgr - ok
14:02:08.0859 0x0cb4  mraid35x - ok
14:02:08.0890 0x0cb4  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:02:08.0906 0x0cb4  MRxDAV - ok
14:02:09.0000 0x0cb4  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:02:09.0031 0x0cb4  MRxSmb - ok
14:02:09.0093 0x0cb4  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
14:02:09.0093 0x0cb4  MSDTC - ok
14:02:09.0140 0x0cb4  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:02:09.0140 0x0cb4  Msfs - ok
14:02:09.0171 0x0cb4  MSIServer - ok
14:02:09.0203 0x0cb4  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:02:09.0203 0x0cb4  MSKSSRV - ok
14:02:09.0234 0x0cb4  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:02:09.0234 0x0cb4  MSPCLOCK - ok
14:02:09.0265 0x0cb4  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:02:09.0265 0x0cb4  MSPQM - ok
14:02:09.0312 0x0cb4  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:02:09.0312 0x0cb4  mssmbios - ok
14:02:09.0359 0x0cb4  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:02:09.0359 0x0cb4  Mup - ok
14:02:09.0468 0x0cb4  [ 1BF9D6476061B31CD7FC2BF848529A56, 95B585543240E823D7850ADEEEA7A4738EF9E18A4B07D921F145F6EF466F0271 ] N360            C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
14:02:09.0484 0x0cb4  N360 - ok
14:02:09.0546 0x0cb4  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
14:02:09.0578 0x0cb4  napagent - ok
14:02:09.0703 0x0cb4  [ 81E928EE3751FAF725C87CC17726C05D, 8AB84270DCB35F239B00FA4B9AC90E9520967B8188085D897F28E994CBF911FB ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20140123.025\NAVENG.SYS
14:02:09.0703 0x0cb4  NAVENG - ok
14:02:09.0828 0x0cb4  [ E0C39FA6C76AE8ED53ABF043F35ECDFF, CD2F87D3CB64F3362508D1855B24F40F1C44CF4132E3626971CCF4E7C49E61D6 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20140123.025\NAVEX15.SYS
14:02:09.0937 0x0cb4  NAVEX15 - ok
14:02:10.0015 0x0cb4  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:02:10.0031 0x0cb4  NDIS - ok
14:02:10.0093 0x0cb4  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:02:10.0109 0x0cb4  NdisTapi - ok
14:02:10.0140 0x0cb4  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:02:10.0140 0x0cb4  Ndisuio - ok
14:02:10.0171 0x0cb4  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:02:10.0171 0x0cb4  NdisWan - ok
14:02:10.0218 0x0cb4  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:02:10.0218 0x0cb4  NDProxy - ok
14:02:10.0265 0x0cb4  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:02:10.0265 0x0cb4  NetBIOS - ok
14:02:10.0312 0x0cb4  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:02:10.0328 0x0cb4  NetBT - ok
14:02:10.0390 0x0cb4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:02:10.0406 0x0cb4  NetDDE - ok
14:02:10.0437 0x0cb4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:02:10.0437 0x0cb4  NetDDEdsdm - ok
14:02:10.0515 0x0cb4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\System32\lsass.exe
14:02:10.0515 0x0cb4  Netlogon - ok
14:02:10.0593 0x0cb4  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
14:02:10.0625 0x0cb4  Netman - ok
14:02:10.0671 0x0cb4  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:02:10.0687 0x0cb4  NetTcpPortSharing - ok
14:02:10.0765 0x0cb4  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:02:10.0796 0x0cb4  Nla - ok
14:02:10.0875 0x0cb4  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F, 4CCE820F455512C41E4F98109FA6F048907DD3452D5A00D5F885C77F93C9C105 ] NMSAccess       C:\Program Files\FTR\ForTheRecord\NMSAccess32.exe
14:02:10.0890 0x0cb4  NMSAccess - ok
14:02:10.0937 0x0cb4  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:02:10.0937 0x0cb4  Npfs - ok
14:02:11.0015 0x0cb4  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:02:11.0046 0x0cb4  Ntfs - ok
14:02:11.0078 0x0cb4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
14:02:11.0093 0x0cb4  NtLmSsp - ok
14:02:11.0171 0x0cb4  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:02:11.0203 0x0cb4  NtmsSvc - ok
14:02:11.0250 0x0cb4  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:02:11.0250 0x0cb4  Null - ok
14:02:11.0296 0x0cb4  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:02:11.0296 0x0cb4  NwlnkFlt - ok
14:02:11.0343 0x0cb4  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:02:11.0343 0x0cb4  NwlnkFwd - ok
14:02:11.0437 0x0cb4  [ 5508985665418347D8B72DCF57B6CB51, 0540AE901C7C163830A341E34E48E911421839FB90A00E2298F580C02A3FD343 ] OneTouch 4.0 Monitor C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
14:02:11.0453 0x0cb4  OneTouch 4.0 Monitor - ok
14:02:11.0531 0x0cb4  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:02:11.0546 0x0cb4  ose - ok
14:02:11.0593 0x0cb4  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
14:02:11.0593 0x0cb4  Parport - ok
14:02:11.0625 0x0cb4  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:02:11.0640 0x0cb4  PartMgr - ok
14:02:11.0703 0x0cb4  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:02:11.0703 0x0cb4  ParVdm - ok
14:02:11.0718 0x0cb4  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:02:11.0734 0x0cb4  PCI - ok
14:02:11.0765 0x0cb4  PCIDump - ok
14:02:11.0859 0x0cb4  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:02:11.0859 0x0cb4  PCIIde - ok
14:02:11.0906 0x0cb4  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:02:11.0921 0x0cb4  Pcmcia - ok
14:02:11.0937 0x0cb4  PDCOMP - ok
14:02:11.0984 0x0cb4  PDFRAME - ok
14:02:12.0015 0x0cb4  PDRELI - ok
14:02:12.0046 0x0cb4  PDRFRAME - ok
14:02:12.0078 0x0cb4  perc2 - ok
14:02:12.0109 0x0cb4  perc2hib - ok
14:02:12.0218 0x0cb4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:02:12.0234 0x0cb4  PlugPlay - ok
14:02:12.0296 0x0cb4  [ F9D3BB81BDF8B279E1F37282CD52A9B5, 77F26FAD6A82D77A16833D1AC060A57A305EFE746C648613F08BDE0135C00856 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
14:02:12.0296 0x0cb4  Pml Driver HPZ12 - ok
14:02:12.0328 0x0cb4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\System32\lsass.exe
14:02:12.0328 0x0cb4  PolicyAgent - ok
14:02:12.0468 0x0cb4  [ F0C5EB4CF656F3B14679B3B3DCD36BAD, BDA1DA31BC55E092B10D8243BCFD022A699A9BD3656E11475B3979268C5A7748 ] PowerAlert Network Alert Log Engine C:\Program Files\Tripp Lite\PowerAlert\Engine\netalert.exe
14:02:12.0484 0x0cb4  PowerAlert Network Alert Log Engine - ok
14:02:12.0531 0x0cb4  [ 7136ABC4F1E3FED7737A5524A6FC800A, 0CFC9B92DB46CD6A5A1E8B83B37B996AF7A3FDA646D495648917E011301272F3 ] PowerAlert Port Manager Engine C:\Program Files\Tripp Lite\PowerAlert\Engine\portmgr.exe
14:02:12.0546 0x0cb4  PowerAlert Port Manager Engine - ok
14:02:12.0562 0x0cb4  [ 043EA938371971B10A6AED66FB159E2D, 1194C14C715E8402F5353D350CF67CD0FA8899578B37F5F87401E00B0668B325 ] PowerAlert Remote Shutdown Engine C:\Program Files\Tripp Lite\PowerAlert\Engine\remotesd.exe
14:02:12.0578 0x0cb4  PowerAlert Remote Shutdown Engine - ok
14:02:12.0640 0x0cb4  [ 049800EAF616D3E006B7EF17DC29BC2B, 605C33B38EC1FD0D347F30B56A4D8FA364C3509207626B2A951890C77841E3CC ] PowerAlert UPS Engine C:\Program Files\Tripp Lite\PowerAlert\Engine\paserver.exe
14:02:12.0656 0x0cb4  PowerAlert UPS Engine - ok
14:02:12.0796 0x0cb4  [ 55A1DB3628A536ACBA7616F7ED438B4D, F7717DC4F4E2C47B3105B6BADFE978C4DFCACED3DCFCB5F7B87810C1CCC039DE ] PowerAlert Web Engine C:\Program Files\Tripp Lite\PowerAlert\Engine\pawebsvr.exe
14:02:12.0843 0x0cb4  PowerAlert Web Engine - ok
14:02:12.0906 0x0cb4  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:02:12.0906 0x0cb4  PptpMiniport - ok
14:02:12.0937 0x0cb4  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
14:02:12.0953 0x0cb4  Processor - ok
14:02:12.0984 0x0cb4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:02:12.0984 0x0cb4  ProtectedStorage - ok
14:02:13.0031 0x0cb4  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:02:13.0031 0x0cb4  PSched - ok
14:02:13.0078 0x0cb4  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:02:13.0078 0x0cb4  Ptilink - ok
14:02:13.0109 0x0cb4  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20        C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
14:02:13.0109 0x0cb4  PxHelp20 - ok
14:02:13.0140 0x0cb4  ql1080 - ok
14:02:13.0156 0x0cb4  Ql10wnt - ok
14:02:13.0187 0x0cb4  ql12160 - ok
14:02:13.0218 0x0cb4  ql1240 - ok
14:02:13.0234 0x0cb4  ql1280 - ok
14:02:13.0281 0x0cb4  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:02:13.0281 0x0cb4  RasAcd - ok
14:02:13.0343 0x0cb4  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:02:13.0359 0x0cb4  RasAuto - ok
14:02:13.0406 0x0cb4  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:02:13.0406 0x0cb4  Rasl2tp - ok
14:02:13.0484 0x0cb4  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:02:13.0500 0x0cb4  RasMan - ok
14:02:13.0546 0x0cb4  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:02:13.0546 0x0cb4  RasPppoe - ok
14:02:13.0562 0x0cb4  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:02:13.0578 0x0cb4  Raspti - ok
14:02:13.0625 0x0cb4  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:02:13.0625 0x0cb4  Rdbss - ok
14:02:13.0687 0x0cb4  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:02:13.0687 0x0cb4  RDPCDD - ok
14:02:13.0750 0x0cb4  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:02:13.0750 0x0cb4  rdpdr - ok
14:02:13.0859 0x0cb4  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:02:13.0890 0x0cb4  RDPWD - ok
14:02:13.0953 0x0cb4  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:02:13.0968 0x0cb4  RDSessMgr - ok
14:02:14.0031 0x0cb4  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:02:14.0046 0x0cb4  redbook - ok
14:02:14.0109 0x0cb4  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:02:14.0125 0x0cb4  RemoteAccess - ok
14:02:14.0187 0x0cb4  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:02:14.0203 0x0cb4  RemoteRegistry - ok
14:02:14.0250 0x0cb4  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\System32\locator.exe
14:02:14.0250 0x0cb4  RpcLocator - ok
14:02:14.0312 0x0cb4  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:02:14.0328 0x0cb4  RpcSs - ok
14:02:14.0390 0x0cb4  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\System32\rsvp.exe
14:02:14.0406 0x0cb4  RSVP - ok
14:02:14.0437 0x0cb4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:02:14.0437 0x0cb4  SamSs - ok
14:02:14.0484 0x0cb4  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:02:14.0484 0x0cb4  SCardSvr - ok
14:02:14.0546 0x0cb4  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:02:14.0562 0x0cb4  Schedule - ok
14:02:14.0656 0x0cb4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:02:14.0671 0x0cb4  Secdrv - ok
14:02:14.0718 0x0cb4  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:02:14.0718 0x0cb4  seclogon - ok
14:02:14.0781 0x0cb4  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
14:02:14.0781 0x0cb4  SENS - ok
14:02:14.0875 0x0cb4  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:02:14.0875 0x0cb4  serenum - ok
14:02:14.0906 0x0cb4  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:02:14.0921 0x0cb4  Serial - ok
14:02:15.0000 0x0cb4  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:02:15.0000 0x0cb4  Sfloppy - ok
14:02:15.0093 0x0cb4  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:02:15.0125 0x0cb4  SharedAccess - ok
14:02:15.0171 0x0cb4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:02:15.0187 0x0cb4  ShellHWDetection - ok
14:02:15.0218 0x0cb4  Simbad - ok
14:02:15.0312 0x0cb4  [ 4F7ED0C2F594F1B8E9CAFAB21EB86126, E705AFAF921103035321683C6EC5C08227BE14334586D3C9CCD182E487A374FF ] snapman         C:\WINDOWS\system32\DRIVERS\snapman.sys
14:02:15.0312 0x0cb4  snapman - ok
14:02:15.0343 0x0cb4  Sparrow - ok
14:02:15.0421 0x0cb4  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:02:15.0437 0x0cb4  splitter - ok
14:02:15.0484 0x0cb4  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:02:15.0484 0x0cb4  Spooler - ok
14:02:15.0531 0x0cb4  [ F45E10AED3E5FDE997A6B7627BBCFA85, 57F279BAF8E62C436C52397B1625E15FA5EEF6240BEECBD86CD423AD35BC1DAA ] SpPortEx        C:\WINDOWS\system32\Drivers\SpPortEx.sys
14:02:15.0531 0x0cb4  SpPortEx - ok
14:02:15.0562 0x0cb4  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:02:15.0578 0x0cb4  sr - ok
14:02:15.0640 0x0cb4  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\System32\srsvc.dll
14:02:15.0656 0x0cb4  srservice - ok
14:02:15.0750 0x0cb4  [ C743E384E9EFCA10B41C60D406DE39C0, A8872FE127F374D6008D161FFD9792B17E8DA8F6E8C74C52E06B92AB19E9FAFB ] SRTSP           C:\WINDOWS\System32\Drivers\N360\1404000.028\SRTSP.SYS
14:02:15.0796 0x0cb4  SRTSP - ok
14:02:15.0859 0x0cb4  [ FE9BD381778A344F0E39AE2D5E607D7F, 04F7EEE5ADF802BE120CFC730D5D5B97AF561278ABDE3C094E43174886C3867B ] SRTSPX          C:\WINDOWS\system32\drivers\N360\1404000.028\SRTSPX.SYS
14:02:15.0859 0x0cb4  SRTSPX - ok
14:02:15.0937 0x0cb4  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:02:15.0968 0x0cb4  Srv - ok
14:02:16.0015 0x0cb4  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:02:16.0031 0x0cb4  SSDPSRV - ok
14:02:16.0109 0x0cb4  [ 37DCF0D0EFA88B05D07CC6C46BDCA797, 358042B912F9CE362865D74C49D1D19C006C52D510BB583C771CBA7F366B6911 ] STAC97          C:\WINDOWS\system32\drivers\STAC97.sys
14:02:16.0125 0x0cb4  STAC97 - ok
14:02:16.0187 0x0cb4  [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
14:02:16.0187 0x0cb4  StillCam - ok
14:02:16.0296 0x0cb4  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:02:16.0328 0x0cb4  stisvc - ok
14:02:16.0437 0x0cb4  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:02:16.0437 0x0cb4  swenum - ok
14:02:16.0500 0x0cb4  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:02:16.0500 0x0cb4  swmidi - ok
14:02:16.0531 0x0cb4  SwPrv - ok
14:02:16.0718 0x0cb4  [ EDAFA57C298461A5EA448F4B546AFB4B, DD20B3EDDA22B1C3BC8AA92EEC5E9738BE03FC6E9E60F22E0B2CF148CF3C8640 ] Symantec RemoteAssist C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
14:02:16.0796 0x0cb4  Symantec RemoteAssist - ok
14:02:16.0828 0x0cb4  symc810 - ok
14:02:16.0906 0x0cb4  symc8xx - ok
14:02:16.0984 0x0cb4  [ 5A193E5E0F0A776430E5D62A051C1E16, A65E927581CD92F9769F540D3292EF12299273F9EEE99DECAE01E2B52B8DB465 ] SymDS           C:\WINDOWS\system32\drivers\N360\1404000.028\SYMDS.SYS
14:02:17.0015 0x0cb4  SymDS - ok
14:02:17.0125 0x0cb4  [ 1773FB2920EBB3A8BAD0360618091470, 82ABB41801BB4DBADEC8AED8579F0B2BC4D704B1559F768DC223FCB0B13C6A01 ] SymEFA          C:\WINDOWS\system32\drivers\N360\1404000.028\SYMEFA.SYS
14:02:17.0187 0x0cb4  SymEFA - ok
14:02:17.0296 0x0cb4  [ F50D81D3E0C7A353F205562B89CD06D6, 5D5B3685A6D9B16575C01FCC7A701458524B875F3FBC0EE6D42008E6087D93CC ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
14:02:17.0312 0x0cb4  SymEvent - ok
14:02:17.0390 0x0cb4  [ 8C9B9036E301A9965CF15BEC91C58A12, B96C5FF47880552277596FB3CBEEBCFE91115331DB9A77B2A0D8ABA2AFCDF0AF ] SymIRON         C:\WINDOWS\system32\drivers\N360\1404000.028\Ironx86.SYS
14:02:17.0406 0x0cb4  SymIRON - ok
14:02:17.0484 0x0cb4  [ E9C316262C48BF299E02FC8B1CE2B925, DC005E4EFC8D71919BDBE02256664DE25413C8BC0482A26DB40F7CB7A60439AA ] SYMTDI          C:\WINDOWS\System32\Drivers\N360\1404000.028\SYMTDI.SYS
14:02:17.0531 0x0cb4  SYMTDI - ok
14:02:17.0562 0x0cb4  sym_hi - ok
14:02:17.0609 0x0cb4  sym_u3 - ok
14:02:17.0656 0x0cb4  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:02:17.0671 0x0cb4  sysaudio - ok
14:02:17.0734 0x0cb4  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:02:17.0750 0x0cb4  SysmonLog - ok
14:02:17.0828 0x0cb4  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:02:17.0859 0x0cb4  TapiSrv - ok
14:02:17.0937 0x0cb4  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:02:17.0953 0x0cb4  Tcpip - ok
14:02:18.0015 0x0cb4  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:02:18.0015 0x0cb4  TDPIPE - ok
14:02:18.0140 0x0cb4  [ 8DE3E45000BA8C9EBB16737D3F83E216, 03A0F0FEA921185DFBF1F86DA9E7A3DB6D95EAE6F59D2F84A6CBEE102FE40D45 ] tdrpman258      C:\WINDOWS\system32\DRIVERS\tdrpm258.sys
14:02:18.0203 0x0cb4  tdrpman258 - ok
14:02:18.0265 0x0cb4  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:02:18.0281 0x0cb4  TDTCP - ok
14:02:18.0343 0x0cb4  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:02:18.0343 0x0cb4  TermDD - ok
14:02:18.0421 0x0cb4  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
14:02:18.0453 0x0cb4  TermService - ok
14:02:18.0515 0x0cb4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:02:18.0515 0x0cb4  Themes - ok
14:02:18.0593 0x0cb4  [ 3E06987FEDBCDFBFF8E85EF8108565F9, 63A06B73FA729F1609822EF08DF288FE91F0CA5295F73706C83B812476A7EF96 ] timounter       C:\WINDOWS\system32\DRIVERS\timntr.sys
14:02:18.0640 0x0cb4  timounter - ok
14:02:18.0703 0x0cb4  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
14:02:18.0718 0x0cb4  TlntSvr - ok
14:02:18.0750 0x0cb4  TosIde - ok
14:02:18.0796 0x0cb4  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:02:18.0796 0x0cb4  TrkWks - ok
14:02:18.0875 0x0cb4  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:02:18.0875 0x0cb4  Udfs - ok
14:02:18.0953 0x0cb4  ultra - ok
14:02:19.0031 0x0cb4  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:02:19.0046 0x0cb4  Update - ok
14:02:19.0093 0x0cb4  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:02:19.0125 0x0cb4  upnphost - ok
14:02:19.0171 0x0cb4  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
14:02:19.0187 0x0cb4  UPS - ok
14:02:19.0250 0x0cb4  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
14:02:19.0250 0x0cb4  usbaudio - ok
14:02:19.0328 0x0cb4  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:02:19.0328 0x0cb4  usbccgp - ok
14:02:19.0359 0x0cb4  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:02:19.0375 0x0cb4  usbehci - ok
14:02:19.0406 0x0cb4  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:02:19.0406 0x0cb4  usbhub - ok
14:02:19.0453 0x0cb4  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:02:19.0453 0x0cb4  usbprint - ok
14:02:19.0515 0x0cb4  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:02:19.0531 0x0cb4  usbscan - ok
14:02:19.0562 0x0cb4  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:02:19.0562 0x0cb4  USBSTOR - ok
14:02:19.0609 0x0cb4  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:02:19.0609 0x0cb4  usbuhci - ok
14:02:19.0656 0x0cb4  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:02:19.0671 0x0cb4  VgaSave - ok
14:02:19.0703 0x0cb4  ViaIde - ok
14:02:19.0750 0x0cb4  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:02:19.0750 0x0cb4  VolSnap - ok
14:02:19.0828 0x0cb4  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
14:02:19.0859 0x0cb4  VSS - ok
14:02:19.0921 0x0cb4  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\System32\w32time.dll
14:02:19.0937 0x0cb4  W32Time - ok
14:02:20.0000 0x0cb4  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:02:20.0000 0x0cb4  Wanarp - ok
14:02:20.0078 0x0cb4  [ D6EFAF429FD30C5DF613D220E344CCE7, 807D4563E8AD4073688691078EB13AF240E14BA5E0C8506A48B3060A20B90082 ] WDC_SAM         C:\WINDOWS\system32\DRIVERS\wdcsam.sys
14:02:20.0078 0x0cb4  WDC_SAM - ok
14:02:20.0156 0x0cb4  [ 0220362DEB2A21551B418D61F3153347, 54DDF6EB091074626FB825D93E0245DF0F5E196DA766AF41A31DAE70A13C2C8D ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
14:02:20.0156 0x0cb4  WDDMService - ok
14:02:20.0187 0x0cb4  WDICA - ok
14:02:20.0234 0x0cb4  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:02:20.0250 0x0cb4  wdmaud - ok
14:02:20.0281 0x0cb4  [ 138AB06ADBBF300AA804D7974A5AEC82, 61A99CB8176C291E858F9D964A9B2EC36970F3BFFF3D5F933A16E9B28BF922DD ] WDSmartWareBackgroundService C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
14:02:20.0281 0x0cb4  WDSmartWareBackgroundService - ok
14:02:20.0328 0x0cb4  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:02:20.0328 0x0cb4  WebClient - ok
14:02:20.0453 0x0cb4  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:02:20.0468 0x0cb4  winmgmt - ok
14:02:20.0562 0x0cb4  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
14:02:20.0578 0x0cb4  WmdmPmSN - ok
14:02:20.0687 0x0cb4  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:02:20.0750 0x0cb4  Wmi - ok
14:02:20.0828 0x0cb4  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
14:02:20.0843 0x0cb4  WmiApSrv - ok
14:02:20.0968 0x0cb4  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
14:02:21.0062 0x0cb4  WMPNetworkSvc - ok
14:02:21.0125 0x0cb4  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:02:21.0156 0x0cb4  WpdUsb - ok
14:02:21.0218 0x0cb4  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:02:21.0250 0x0cb4  wscsvc - ok
14:02:21.0281 0x0cb4  WSearch - ok
14:02:21.0359 0x0cb4  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:02:21.0359 0x0cb4  wuauserv - ok
14:02:21.0437 0x0cb4  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:02:21.0437 0x0cb4  WudfPf - ok
14:02:21.0500 0x0cb4  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WUDFRd          C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
14:02:21.0515 0x0cb4  WUDFRd - ok
14:02:21.0562 0x0cb4  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
14:02:21.0578 0x0cb4  WudfSvc - ok
14:02:21.0671 0x0cb4  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:02:21.0750 0x0cb4  WZCSVC - ok
14:02:21.0828 0x0cb4  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:02:21.0843 0x0cb4  xmlprov - ok
14:02:21.0906 0x0cb4  [ 9B808527870EBAE0B1DFB90EF3F861B9, BCC655EDD1C2B3618B9F494EE8B485BBC4EB3DF5A6912FC5B00BF521FCB7E987 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
14:02:21.0906 0x0cb4  {6080A529-897E-4629-A488-ABA0C29B635E} - ok
14:02:21.0984 0x0cb4  [ DBA29FE70D66F5A82C860894C91B42C7, 3BBF160A6D43ED9E3B9C4273494BA244E7B7959C5F76FD2B8110ABEA3D29FB4F ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
14:02:21.0984 0x0cb4  {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
14:02:22.0000 0x0cb4  ================ Scan global ===============================
14:02:22.0046 0x0cb4  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
14:02:22.0125 0x0cb4  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
14:02:22.0187 0x0cb4  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
14:02:22.0234 0x0cb4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
14:02:22.0234 0x0cb4  [ Global ] - ok
14:02:22.0250 0x0cb4  ================ Scan MBR ==================================
14:02:22.0281 0x0cb4  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:02:22.0484 0x0cb4  \Device\Harddisk0\DR0 - ok
14:02:22.0515 0x0cb4  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR2
14:02:22.0531 0x0cb4  \Device\Harddisk1\DR2 - ok
14:02:22.0531 0x0cb4  ================ Scan VBR ==================================
14:02:22.0546 0x0cb4  [ B89156CEE5F184A82C14F1EFB95E800D ] \Device\Harddisk0\DR0\Partition1
14:02:22.0546 0x0cb4  \Device\Harddisk0\DR0\Partition1 - ok
14:02:22.0562 0x0cb4  [ EE3DC49BBC7BDFB67117D318E9B51AA1 ] \Device\Harddisk1\DR2\Partition1
14:02:22.0562 0x0cb4  \Device\Harddisk1\DR2\Partition1 - ok
14:02:22.0578 0x0cb4  Waiting for KSN requests completion. In queue: 213
14:02:23.0578 0x0cb4  Waiting for KSN requests completion. In queue: 213
14:02:24.0578 0x0cb4  Waiting for KSN requests completion. In queue: 213
14:02:25.0734 0x0cb4  AV detected via SS1: Norton 360, 20.4.0.40, enabled, updated
14:02:25.0750 0x0cb4  FW detected via SS1: Norton 360, 20.4.0.40, enabled
14:02:28.0218 0x0cb4  ============================================================
14:02:28.0218 0x0cb4  Scan finished
14:02:28.0218 0x0cb4  ============================================================
14:02:28.0265 0x13a4  Detected object count: 0
14:02:28.0265 0x13a4  Actual detected object count: 0
 

 

# AdwCleaner v3.017 - Report created 23/01/2014 at 11:25:01
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Eric Feder - ERIC
# Running from : C:\Documents and Settings\Eric Feder\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\PC Optimizer Pro
Folder Deleted : C:\Program Files\Toolbar Cleaner
[!] Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Documents and Settings\Eric Feder\Application Data\Mozilla\Firefox\Profiles\55gp9383.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\safesearch.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\Uniblue
Key Deleted : HKCU\Software\Updater By Sweetpacks
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Updater By Sweetpacks
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v3.6.13 (en-US)

[ File : C:\Documents and Settings\Eric Feder\Application Data\Mozilla\Firefox\Profiles\55gp9383.default\prefs.js ]

Line Deleted : user_pref("keyword.URL", "hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10045&barid={78B7C965-BD69-11E2-BE10-0007E9431584}&q=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.com/");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=");
Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={78B7C965-BD69-11E2-BE10-0007E9431584}");

-\\ Google Chrome v

[ File : C:\Documents and Settings\Eric Feder\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [5102 octets] - [23/01/2014 11:10:55]
AdwCleaner[S0].txt - [5135 octets] - [23/01/2014 11:25:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5195 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by Eric Feder on Thu 01/23/2014 at 11:33:54.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ToolbarActivator.ToolbarActivateBHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ToolbarActivator.ToolbarActivateBHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}

 

~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"

 

~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{c4cfc0de-134f-4466-b2a2-ff7c59a8bfad}
Successfully deleted the following from C:\Documents and Settings\Eric Feder\Application Data\mozilla\firefox\profiles\55gp9383.default\prefs.js

user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAIAEBAAAAEAIABoBAAAJgAAACAgAAABACAAqBAAAI4EAAAoAAAAEAAAACAAAAABACAAAAAAAAAEAAASCwAAEgsAAAAAAAAAAAAA9IVCS

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/23/2014 at 12:11:07.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

ESET:

 

C:\3 Downloads\PrimoPDF\InternationalPrimoPDF.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\3 Downloads\Registry Cleaner ARO 2011\ARO2011_bt.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\3 Downloads\Registry Fix\registryfix.exe a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined
C:\3 Downloads\WinAmp\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SweetIM33.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SweetIM96.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\Eric Feder\My Documents\Downloads\Advanced SystemCare 6 Free\cbsidlm-cbsi5_4_0_104-Advanced_SystemCare-BP-10407614.exe a variant of Win32/CNETInstaller.B application cleaned by deleting - quarantined
C:\Documents and Settings\Eric Feder\My Documents\Downloads\GridinSoft Trojan Killer\gtk2159-setup.exe probably a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\Documents and Settings\Eric Feder\My Documents\Downloads\System Explorer\cbsidlm-tr1_13-System_Explorer-SEO-10784281.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MAVOUUAL\7092-023755628394[1].pdf PDF/Exploit.Pidief.PDU.Gen trojan cleaned by deleting - quarantined
C:\Program Files\BOOMBox Radio Player\GrandCasino\GPpoker.exe a variant of Win32/GHInstaller.A application cleaned by deleting - quarantined
C:\WINDOWS\system32\123.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
 

Thank you,

 

Richardski

 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:11 AM

Posted 24 January 2014 - 09:15 PM

How is it running?
You were very Infected and I feel we should run some more.


In Control Panel Add / Remove .... remove these

Adobe Reader 8.1.7 (Version: 8.1.7)
Adobe Reader 8.3.1 (Version: 8.3.1)
Japanese Fonts Support For Adobe Reader 8 (Version: 8.0)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Uniblue Registry Booster

Reboot



Now please run...

Download Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
>>>


Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Richardski

Richardski
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 27 January 2014 - 05:43 PM

So far I have not had any redirsvc.exe pop-ups. I downloaded Malwarebytes Anti-Root kit and unzipped it. But when I tried to run mbar.exe, it did not run and I got a message, "Runtime error R6030 - CRT not initialized. I downloaded it again and got the same message. What should I do?

 

I had another question. Originally, I was going to take my PC to a local computer store who has technicians. They said they could remove the infection, but it would take a week. I cannot afford the downtime because it is my work computer. I said I would reinstall XP, but they said even though the process wipes the harddrive, the virus may remain on the harddrive somewhere and could reappear. That sounds unlikely to me. Is it possible?

 

Thank you.

 

Richardski.



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:11 AM

Posted 27 January 2014 - 07:46 PM

You're welcome

You will probably want to install.
Adobe Reader XI
NOTE: do not install anything extra they may offer you.. Toolbars,browsers etc... 
 
Last step....

Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Richardski

Richardski
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 28 January 2014 - 05:47 PM

I forgot to mention that I was unable to find Java Auto Updater (Version: 2.1.9.8) in control panel. However, after removing Java, the annoying pop-up in the system tray for Java updates disappeared. I was able to run Malwarebytes Anti-Rootkit logged in as administrator. Oddly, even though my user account has administrative privileges, I had a run-time error - CRT not initialized. It found malware - Adware.Minibug  I have posted the logs below.

 

What anti-virus program do you recommend? I currently have Norton 360.

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.01.28.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: ERIC [administrator]

1/28/2014 5:11:04 PM
mbar-log-2014-01-28 (17-11-04).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 278143
Time elapsed: 20 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\CLASSES\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.400000 GHz
Memory total: 2145173504, free: 1245798400

I/O error
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.400000 GHz
Memory total: 2145173504, free: 511471616

Could not load protection driver
Downloaded database version: v2014.01.28.08
Downloaded database version: v2013.12.18.01
Initializing...
=======================================
------------ Kernel report ------------
     01/28/2014 17:10:39
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
IdeBusDr.sys
VolSnap.sys
atapi.sys
IdeChnDr.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
SYMDS.SYS
sr.sys
SYMEFA.SYS
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
timntr.sys
tdrpm258.sys
snapman.sys
Mup.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\ialmnt5.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\e100b325.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\drivers\STAC97.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\system32\drivers\N360\1404000.028\ccSetx86.sys
\SystemRoot\system32\drivers\N360\1404000.028\Ironx86.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\N360\1404000.028\SYMTDI.SYS
\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\usbscan.sys
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20140127.001\IDSxpx86.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\system32\drivers\N360\1404000.028\SRTSPX.SYS
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20140121.001\BHDrvx86.sys
\SystemRoot\System32\Drivers\BANTExt.sys
\SystemRoot\System32\Drivers\ASPI32.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hppaufd0.sys
\SystemRoot\system32\DRIVERS\Dot4.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\Dot4Prt.sys
\SystemRoot\System32\Drivers\dump_IdeChnDr.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\System32\Drivers\DgiVecp.sys
\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\SpPortEx.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\N360\1404000.028\SRTSP.SYS
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20140128.002\NAVEX15.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20140128.002\NAVENG.SYS
\SystemRoot\System32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a5f7030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T1L0\
Lower Device Object: 0xffffffff8a5ea030
Lower Device Driver Name: \Driver\IdeChnDr\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a5f7030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a61b410, DeviceName: Unknown, DriverName: \Driver\tdrpman258\
DevicePointer: 0xffffffff8a61bf10, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a5f7768, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a5f85c0, DeviceName: Unknown, DriverName: \Driver\tdrpman258\
DevicePointer: 0xffffffff8a5f7030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a5f48a0, DeviceName: \Device\0000006a\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a5ea030, DeviceName: \Device\Ide\IdeDeviceP0T1L0\, DriverName: \Driver\IdeChnDr\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 98432C39

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 976768002
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} --> [Adware.Minibug]
Scan finished
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

 

Thank you,

 

Richardski



#8 Richardski

Richardski
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 28 January 2014 - 05:59 PM

Sorry for 2 replies in a row. See the previous reply for the Malwarebytes logs. Neither rkill.exe or IExplorer.exe would run. I got a message, "There was a problem retrieving the necessary environmental variable: appdata. rkill terminated.

 

Richardski



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:11 AM

Posted 28 January 2014 - 07:46 PM

Ok I am looking at these issues.

Can you do a File search for
redirsvc.exe
 
It looks like it is McAfee Redirector Service and should be located here.
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
 
 
For the CRT ERROR
Try to download the Microsoft [/size]Visual[/size] C++ Runtime and reboot your machine.

Edited by boopme, 28 January 2014 - 08:11 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Richardski

Richardski
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 29 January 2014 - 02:52 PM

I searched C drive and did not find redirsvc.exe. McAfee Redirector Service is not located in c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe. No mcafee folder exists in c:\PROGRA~1\COMMON~1.

 

I was able to run Rkill today and it found no malware.

 

I read that Adware.Minibug is a malicious virus that causes pop-ups in Chrome and should be removed. Should I run Malwarebytes Anti-Root kit again and remove it?

 

I read something interesting - somehow the rogue redirsvc.exe deletes itself automatically after each pop-up so it cannot be found on the harddrive. Perhaps some other program was creating or hi-jacking redirsvc.exe each time a pop-up appeared?

 

Richardski 

 



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:11 AM

Posted 29 January 2014 - 07:18 PM

Yes rerun MBAM and after it's done make sure that everything is checked and then click Remove Selected.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Richardski

Richardski
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 04 February 2014 - 02:13 PM

I have had no reoccurrancs of redirsvc.exe. I looks like the problem is solved. I ran the trial version of Malwarebytes and it found some additional instances of Adware that Malwarebytes Anti-Root kit did not find. I posted the log below. 

 

Thank you very much for your help.

 

Richardski

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.02.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Eric Feder :: ERIC [administrator]

Protection: Enabled

2/3/2014 12:39:34 PM
mbam-log-2014-02-03 (12-39-34).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 409126
Time elapsed: 18 hour(s), 36 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D714A94F-123A-45CC-8F03-040BCAF82AD6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D714A94F-123A-45CC-8F03-040BCAF82AD6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\System Volume Information\_restore{6B3B3726-2AA8-491A-AB2F-BEC81C3EF515}\RP1128\A0135092.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6B3B3726-2AA8-491A-AB2F-BEC81C3EF515}\RP1128\A0135093.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6B3B3726-2AA8-491A-AB2F-BEC81C3EF515}\RP1130\A0135264.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6B3B3726-2AA8-491A-AB2F-BEC81C3EF515}\RP1130\A0135265.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6B3B3726-2AA8-491A-AB2F-BEC81C3EF515}\RP1132\A0135718.exe (Adware.GameVance) -> Quarantined and deleted successfully.



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:11 AM

Posted 04 February 2014 - 02:21 PM

Hi, this is good.. Most of those are in the System Restore points.


Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7
  • ◾Reboot and see how it is.
You're Welcome!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users