ib.adnxs.com Redirect

View previous topic View next topic Go down

ib.adnxs.com Redirect

Post by Hobo on Wed Feb 06, 2013 4:22 pm

My laptop is infected with the ib.adnxs.com redirect malware.

Windows XP
IE8

Please advise.

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29014
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Superdave on Wed Feb 06, 2013 7:23 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Please download [You must be registered and logged in to see this link.]by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

*********************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
***************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Hobo on Thu Feb 07, 2013 1:51 am

AdwCleaner Log File:

# AdwCleaner v2.111 - Logfile created 02/06/2013 at 20:47:27
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : BCB - TOSHIBA-USER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\BCB\Desktop\ib.adnxs.com\AdwCleaner\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\.autoreg
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\BCB\Application Data\Viewpoint
Folder Found : C:\Program Files\Viewpoint

***** [Registry] *****

Key Found : HKCU\Software\Headlight
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v3.0.10 (en-US)

File : C:\Documents and Settings\BCB\Application Data\Mozilla\Firefox\Profiles\54gemttm.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\BCB\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2300 octets] - [06/02/2013 20:47:27]

########## EOF - C:\AdwCleaner[R1].txt - [2360 octets] ##########

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29014
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Superdave on Thu Feb 07, 2013 2:08 am

Remove the Adware:

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Hobo on Thu Feb 07, 2013 4:13 pm

MBAM log:

Malwarebytes Anti-Malware 1.70.0.1100
[You must be registered and logged in to see this link.]

Database version: v2013.02.06.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
BCB :: TOSHIBA-USER [administrator]

2/6/2013 8:58:05 PM
mbam-log-2013-02-06 (20-58-05).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 399622
Time elapsed: 4 hour(s), 47 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP108\A0025266.old (Trojan.Tracur.ED) -> Quarantined and deleted successfully.

(end)

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29014
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Hobo on Thu Feb 07, 2013 6:51 pm

AdwCleaner log after Delete:

# AdwCleaner v2.111 - Logfile created 02/07/2013 at 13:38:11
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : BCB - TOSHIBA-USER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\BCB\Desktop\ib.adnxs.com\AdwCleaner\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\BCB\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Headlight
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v3.0.10 (en-US)

File : C:\Documents and Settings\BCB\Application Data\Mozilla\Firefox\Profiles\54gemttm.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\BCB\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2429 octets] - [06/02/2013 20:47:27]
AdwCleaner[S1].txt - [357 octets] - [07/02/2013 10:45:43]
AdwCleaner[S2].txt - [2457 octets] - [07/02/2013 13:38:11]

########## EOF - C:\AdwCleaner[S2].txt - [2517 octets] ##########

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29014
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Hobo on Thu Feb 07, 2013 6:57 pm

Security Check log:

Results of screen317's Security Check version 0.99.57
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium Maximum Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
AOL Spyware Protection
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.70.0.1100
Java(TM) 6 Update 35
Java 7 Update 9
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader 10.1.5 Adobe Reader out of Date!
Mozilla Firefox (3.0.10) Firefox out of Date!
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29014
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Superdave on Thu Feb 07, 2013 7:08 pm

Update your Adobe Reader. [You must be registered and logged in to see this link.].

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

**************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**************************************************
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
Please do not ignore this warning and run your defragger soon. SSD means Solid State Drive.

*************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Hobo on Sun Apr 07, 2013 1:51 am

Sorry that I have not followed up on your instructions. I ran into problems during the ComboFix and was then called out of town for an extended period of time.

My problems with the redirect malware persist and seem to have gotten worse. Meanwhile I have made changes to the computer (new antivirus program installed when previous version expired). I would like to rid my computer of this malware. Should I start a new thread or continue on this one?

Thanks for your assistance.

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29014
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Superdave on Sun Apr 07, 2013 10:11 pm

Save these instructions so you can have access to them while in Safe Mode.

Please click [You must be registered and logged in to see this link.] to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Hobo on Sun May 05, 2013 2:16 am

5/4/2013 9:02:26 PM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\BCB\local settings\Application Data\Apple\puysnjis.dll

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29014
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Superdave on Sun May 05, 2013 5:02 pm


  • Download [You must be registered and logged in to see this link.] on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Hobo on Mon May 06, 2013 5:51 am

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : [You must be registered and logged in to see this link.]
Website : [You must be registered and logged in to see this link.]
Blog : [You must be registered and logged in to see this link.]

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : BCB [Admin rights]
Mode : Scan -- Date : 05/06/2013 01:46:15
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[STARTUP][SUSP PATH] _uninst_.lnk @BCB : C:\Documents and Settings\BCB\Local Settings\temp\_uninst_.bat [-] -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\WINDOWS\ANDYCO~1.SCR) [x] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[41] : NtCreateKey @ 0x80578ACE -> HOOKED (Unknown @ 0x8A5768BC)
SSDT[43] : NtCreateMutant @ 0x805840AD -> HOOKED (Unknown @ 0x8A43E09C)
SSDT[47] : NtCreateProcess @ 0x805B6DB5 -> HOOKED (Unknown @ 0x8A564F6C)
SSDT[48] : NtCreateProcessEx @ 0x8058BA0C -> HOOKED (Unknown @ 0x8A4454CC)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805DFAEA -> HOOKED (Unknown @ 0x8A438B7C)
SSDT[53] : NtCreateThread @ 0x80584D59 -> HOOKED (Unknown @ 0x8A2B7E54)
SSDT[63] : NtDeleteKey @ 0x8059978F -> HOOKED (Unknown @ 0x8A67C9C4)
SSDT[65] : NtDeleteValueKey @ 0x805983AE -> HOOKED (Unknown @ 0x8A5A09D4)
SSDT[68] : NtDuplicateObject @ 0x8057F1A9 -> HOOKED (Unknown @ 0x8A7B0664)
SSDT[97] : NtLoadDriver @ 0x805AF8B6 -> HOOKED (Unknown @ 0x8A1F9964)
SSDT[122] : NtOpenProcess @ 0x8057F956 -> HOOKED (Unknown @ 0x8A43E4F4)
SSDT[125] : NtOpenSection @ 0x805791AE -> HOOKED (Unknown @ 0x8A663BB4)
SSDT[128] : NtOpenThread @ 0x805E4831 -> HOOKED (Unknown @ 0x8A503484)
SSDT[192] : NtRenameKey @ 0x806569DE -> HOOKED (Unknown @ 0x8A67C5C4)
SSDT[204] : NtRestoreKey @ 0x80656ED1 -> HOOKED (Unknown @ 0x8A69037C)
SSDT[240] : NtSetSystemInformation @ 0x805B14E8 -> HOOKED (Unknown @ 0x8A679EC4)
SSDT[247] : NtSetValueKey @ 0x805800A4 -> HOOKED (Unknown @ 0x8A52AEAC)
SSDT[258] : NtTerminateThread @ 0x80584986 -> HOOKED (Unknown @ 0x8A5A572C)
SSDT[277] : NtWriteVirtualMemory @ 0x8058760F -> HOOKED (Unknown @ 0x8A4690EC)
S_SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x890AB6EC)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89075E6C)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HTS541080G9SA00 +++++
--- User ---
[MBR] 205cafc8595938a48bea98687c6cc800
[BSP] d215ff44432a92143bda39b5a0c88861 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05062013_02d0146.txt >>
RKreport[1]_S_05062013_02d0146.txt

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29014
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Superdave on Mon May 06, 2013 7:15 pm

Please run RogueKiller again and delete those items.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Hobo on Tue May 07, 2013 1:48 am

I ran RogueKiller and deleted the infected files that it detected. This time it only found three (instead of four like before). Below is the report. I will run ESET after I complete this post.

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : [You must be registered and logged in to see this link.]
Website : [You must be registered and logged in to see this link.]
Blog : [You must be registered and logged in to see this link.]

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : BCB [Admin rights]
Mode : Remove -- Date : 05/06/2013 21:44:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\WINDOWS\ANDYCO~1.SCR) [x] -> REPLACED (C:\WINDOWS\system32\logon.scr)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[41] : NtCreateKey @ 0x80578ACE -> HOOKED (Unknown @ 0x8A5F729C)
SSDT[43] : NtCreateMutant @ 0x805840AD -> HOOKED (Unknown @ 0x8A4B9284)
SSDT[47] : NtCreateProcess @ 0x805B6DB5 -> HOOKED (Unknown @ 0x8A2F435C)
SSDT[48] : NtCreateProcessEx @ 0x8058BA0C -> HOOKED (Unknown @ 0x8A654A2C)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805DFAEA -> HOOKED (Unknown @ 0x8A4D55AC)
SSDT[53] : NtCreateThread @ 0x80584D59 -> HOOKED (Unknown @ 0x8A4C72BC)
SSDT[63] : NtDeleteKey @ 0x8059978F -> HOOKED (Unknown @ 0x8A449E9C)
SSDT[65] : NtDeleteValueKey @ 0x805983AE -> HOOKED (Unknown @ 0x8A4F10B4)
SSDT[68] : NtDuplicateObject @ 0x8057F1A9 -> HOOKED (Unknown @ 0x8A73FCBC)
SSDT[97] : NtLoadDriver @ 0x805AF8B6 -> HOOKED (Unknown @ 0x8A49576C)
SSDT[122] : NtOpenProcess @ 0x8057F956 -> HOOKED (Unknown @ 0x8A2B517C)
SSDT[125] : NtOpenSection @ 0x805791AE -> HOOKED (Unknown @ 0x8A5F9864)
SSDT[128] : NtOpenThread @ 0x805E4831 -> HOOKED (Unknown @ 0x8A1E9634)
SSDT[192] : NtRenameKey @ 0x806569DE -> HOOKED (Unknown @ 0x8A450EDC)
SSDT[204] : NtRestoreKey @ 0x80656ED1 -> HOOKED (Unknown @ 0x8A4E500C)
SSDT[240] : NtSetSystemInformation @ 0x805B14E8 -> HOOKED (Unknown @ 0x8A7404B4)
SSDT[247] : NtSetValueKey @ 0x805800A4 -> HOOKED (Unknown @ 0x8A5FE684)
SSDT[258] : NtTerminateThread @ 0x80584986 -> HOOKED (Unknown @ 0x8A49979C)
SSDT[277] : NtWriteVirtualMemory @ 0x8058760F -> HOOKED (Unknown @ 0x8A433F5C)
S_SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x8945C5FC)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8947B464)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HTS541080G9SA00 +++++
--- User ---
[MBR] 205cafc8595938a48bea98687c6cc800
[BSP] d215ff44432a92143bda39b5a0c88861 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_05062013_02d2144.txt >>
RKreport[1]_S_05062013_02d0146.txt ; RKreport[2]_S_05062013_02d2140.txt ; RKreport[3]_D_05062013_02d2144.txt

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29014
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Hobo on Tue May 07, 2013 12:13 pm

C:\Documents and Settings\BCB\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagcgbdddggbdfgbdigegbgbdedbgddi\background.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Documents and Settings\BCB\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagcgbdddggbdfgbdigegbgbdedbgddi\ContentScript.js Win32/Boaxxe.U trojan cleaned by deleting - quarantined
C:\Documents and Settings\BCB\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\19\493b9d3-42dea566 multiple threats cleaned by deleting - quarantined
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP188\A0052489.dll a variant of Win32/Boaxxe.P.Gen trojan cleaned by deleting - quarantined

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29014
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Superdave on Wed May 08, 2013 6:05 pm

How's your computer working now?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Hobo on Wed May 08, 2013 10:36 pm

Much better. Thank you. I have not been redirected and I am no longer getting a new popup that started several days ago.

Is there anything else I need to do?

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29014
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Superdave on Wed May 08, 2013 10:49 pm

Is there anything else I need to do?
I would like to run one more scan and if it comes up empty, we can do some cleanup.


  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.



  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.



  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.



  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Hobo on Thu May 09, 2013 1:10 am

21:01:07.0109 4492 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:01:07.0515 4492 ============================================================
21:01:07.0515 4492 Current date / time: 2013/05/08 21:01:07.0515
21:01:07.0515 4492 SystemInfo:
21:01:07.0515 4492
21:01:07.0515 4492 OS Version: 5.1.2600 ServicePack: 3.0
21:01:07.0515 4492 Product type: Workstation
21:01:07.0515 4492 ComputerName: TOSHIBA-USER
21:01:07.0515 4492 UserName: BCB
21:01:07.0515 4492 Windows directory: C:\WINDOWS
21:01:07.0515 4492 System windows directory: C:\WINDOWS
21:01:07.0515 4492 Processor architecture: Intel x86
21:01:07.0515 4492 Number of processors: 2
21:01:07.0515 4492 Page size: 0x1000
21:01:07.0515 4492 Boot type: Normal boot
21:01:07.0515 4492 ============================================================
21:01:09.0578 4492 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:01:09.0875 4492 ============================================================
21:01:09.0875 4492 \Device\Harddisk0\DR0:
21:01:09.0875 4492 MBR partitions:
21:01:09.0875 4492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
21:01:09.0875 4492 ============================================================
21:01:09.0921 4492 C: <-> \Device\Harddisk0\DR0\Partition1
21:01:09.0921 4492 ============================================================
21:01:09.0921 4492 Initialize success
21:01:09.0921 4492 ============================================================
21:01:37.0265 2012 ============================================================
21:01:37.0265 2012 Scan started
21:01:37.0265 2012 Mode: Manual;
21:01:37.0265 2012 ============================================================
21:01:38.0343 2012 ================ Scan system memory ========================
21:01:39.0687 2012 System memory - ok
21:01:39.0687 2012 ================ Scan services =============================
21:01:39.0812 2012 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:01:39.0890 2012 !SASCORE - ok
21:01:40.0140 2012 Abiosdsk - ok
21:01:40.0156 2012 abp480n5 - ok
21:01:40.0218 2012 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:01:40.0218 2012 ACPI - ok
21:01:40.0234 2012 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:01:40.0234 2012 ACPIEC - ok
21:01:40.0343 2012 [ 177FF6608B48638D4066726F3A3F8444 ] AdobeActiveFileMonitor5.0 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
21:01:40.0406 2012 AdobeActiveFileMonitor5.0 - ok
21:01:40.0531 2012 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:01:40.0531 2012 AdobeFlashPlayerUpdateSvc - ok
21:01:40.0546 2012 adpu160m - ok
21:01:40.0593 2012 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:01:40.0609 2012 aec - ok
21:01:40.0671 2012 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:01:40.0687 2012 AFD - ok
21:01:40.0750 2012 [ 4458FCB8A00DA31FDCC086449274C40D ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:01:40.0781 2012 AgereSoftModem - ok
21:01:40.0781 2012 Aha154x - ok
21:01:40.0796 2012 aic78u2 - ok
21:01:40.0796 2012 aic78xx - ok
21:01:40.0843 2012 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:01:40.0843 2012 Alerter - ok
21:01:40.0875 2012 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:01:40.0890 2012 ALG - ok
21:01:40.0890 2012 AliIde - ok
21:01:41.0015 2012 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
21:01:41.0062 2012 Ambfilt - ok
21:01:41.0062 2012 amsint - ok
21:01:41.0265 2012 [ F52603B708438E39FF38475807A01CBC ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
21:01:41.0265 2012 Amsp - ok
21:01:41.0375 2012 [ AA2770FD967DAB91A597619C4EADC0C9 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
21:01:41.0375 2012 AOL ACS - ok
21:01:41.0406 2012 [ 7FB54900AA9792AB6307C699EC1859D4 ] AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
21:01:41.0406 2012 AOL TopSpeedMonitor - ok
21:01:41.0453 2012 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:01:41.0468 2012 AppMgmt - ok
21:01:41.0500 2012 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:01:41.0500 2012 Arp1394 - ok
21:01:41.0515 2012 asc - ok
21:01:41.0515 2012 asc3350p - ok
21:01:41.0531 2012 asc3550 - ok
21:01:41.0671 2012 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:01:41.0671 2012 aspnet_state - ok
21:01:41.0687 2012 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:01:41.0703 2012 AsyncMac - ok
21:01:41.0734 2012 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:01:41.0734 2012 atapi - ok
21:01:41.0750 2012 Atdisk - ok
21:01:41.0765 2012 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:01:41.0781 2012 Atmarpc - ok
21:01:41.0812 2012 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:01:41.0812 2012 AudioSrv - ok
21:01:41.0875 2012 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:01:41.0875 2012 audstub - ok
21:01:41.0921 2012 [ F62B70D3209E38A6C19A03109A25B903 ] AWINDIS5 C:\WINDOWS\system32\AWINDIS5.SYS
21:01:41.0953 2012 AWINDIS5 - ok
21:01:42.0015 2012 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:01:42.0015 2012 Beep - ok
21:01:42.0140 2012 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:01:42.0187 2012 BITS - ok
21:01:42.0265 2012 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:01:42.0265 2012 Browser - ok
21:01:42.0500 2012 catchme - ok
21:01:42.0531 2012 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:01:42.0531 2012 cbidf2k - ok
21:01:42.0578 2012 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:01:42.0578 2012 CCDECODE - ok
21:01:42.0578 2012 cd20xrnt - ok
21:01:42.0609 2012 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:01:42.0625 2012 Cdaudio - ok
21:01:42.0671 2012 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:01:42.0671 2012 Cdfs - ok
21:01:42.0718 2012 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:01:42.0718 2012 Cdrom - ok
21:01:42.0859 2012 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
21:01:43.0015 2012 CFSvcs - ok
21:01:43.0031 2012 Changer - ok
21:01:43.0078 2012 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:01:43.0078 2012 CiSvc - ok
21:01:43.0109 2012 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:01:43.0109 2012 ClipSrv - ok
21:01:43.0125 2012 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:01:43.0140 2012 clr_optimization_v2.0.50727_32 - ok
21:01:43.0156 2012 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:01:43.0156 2012 CmBatt - ok
21:01:43.0171 2012 CmdIde - ok
21:01:43.0187 2012 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:01:43.0187 2012 Compbatt - ok
21:01:43.0203 2012 COMSysApp - ok
21:01:43.0218 2012 Cpqarray - ok
21:01:43.0250 2012 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:01:43.0250 2012 CryptSvc - ok
21:01:43.0265 2012 dac2w2k - ok
21:01:43.0265 2012 dac960nt - ok
21:01:43.0328 2012 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:01:43.0328 2012 DcomLaunch - ok
21:01:43.0390 2012 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:01:43.0390 2012 Dhcp - ok
21:01:43.0390 2012 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:01:43.0406 2012 Disk - ok
21:01:43.0406 2012 dmadmin - ok
21:01:43.0515 2012 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:01:43.0640 2012 dmboot - ok
21:01:43.0671 2012 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:01:43.0671 2012 dmio - ok
21:01:43.0687 2012 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:01:43.0687 2012 dmload - ok
21:01:43.0703 2012 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:01:43.0703 2012 dmserver - ok
21:01:43.0718 2012 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:01:43.0718 2012 DMusic - ok
21:01:43.0765 2012 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:01:43.0765 2012 Dnscache - ok
21:01:43.0843 2012 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:01:43.0843 2012 Dot3svc - ok
21:01:43.0859 2012 dpti2o - ok
21:01:43.0875 2012 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:01:43.0890 2012 drmkaud - ok
21:01:43.0921 2012 [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32 C:\WINDOWS\system32\Drivers\DrvAgent32.sys
21:01:43.0968 2012 DrvAgent32 - ok
21:01:44.0015 2012 [ C9FFBD6B8EDC46CD3D13E3C6DB914FB7 ] DVD-RAM_Service C:\WINDOWS\system32\DVDRAMSV.exe
21:01:44.0359 2012 DVD-RAM_Service - ok
21:01:44.0390 2012 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:01:44.0390 2012 EapHost - ok
21:01:44.0484 2012 [ B03BCD810A2EE089FA08E47B5200BE31 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
21:01:44.0500 2012 ehRecvr - ok
21:01:44.0500 2012 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
21:01:44.0500 2012 ehSched - ok
21:01:44.0562 2012 [ 66029E6C4B19223C24D8710EED3AAEAB ] EMSCR C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
21:01:44.0562 2012 EMSCR - ok
21:01:44.0609 2012 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:01:44.0609 2012 ERSvc - ok
21:01:44.0625 2012 [ 9F0FA60836E1D1148CC0C1B6E67AA6F7 ] ESDCR C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
21:01:44.0625 2012 ESDCR - ok
21:01:44.0671 2012 esgiguard - ok
21:01:44.0671 2012 [ D9DA881BE71B74B328471CCF28B5F0A9 ] ESMCR C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
21:01:44.0671 2012 ESMCR - ok
21:01:44.0718 2012 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:01:44.0718 2012 Eventlog - ok
21:01:44.0750 2012 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:01:44.0812 2012 EventSystem - ok
21:01:44.0890 2012 [ 2B1284C4EC97CC204F8430F5CCC2992F ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
21:01:44.0984 2012 EvtEng - ok
21:01:45.0046 2012 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:01:45.0046 2012 Fastfat - ok
21:01:45.0125 2012 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:01:45.0140 2012 FastUserSwitchingCompatibility - ok
21:01:45.0187 2012 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
21:01:45.0187 2012 Fax - ok
21:01:45.0265 2012 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:01:45.0265 2012 Fdc - ok
21:01:45.0296 2012 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:01:45.0296 2012 Fips - ok
21:01:45.0359 2012 [ E3B56ACF65DCDC4393C55CDBBF10F486 ] FLIRUSBNET C:\WINDOWS\system32\DRIVERS\FLIRUSB.sys
21:01:45.0421 2012 FLIRUSBNET - ok
21:01:45.0421 2012 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:01:45.0421 2012 Flpydisk - ok
21:01:45.0484 2012 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:01:45.0484 2012 FltMgr - ok
21:01:45.0593 2012 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:01:45.0593 2012 FontCache3.0.0.0 - ok
21:01:45.0640 2012 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:01:45.0640 2012 Fs_Rec - ok
21:01:45.0703 2012 [ 782F67CFC6C362257916BBB50BC55DE9 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
21:01:45.0718 2012 FTDIBUS - ok
21:01:45.0718 2012 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:01:45.0718 2012 Ftdisk - ok
21:01:45.0765 2012 [ 4A995111F44CD6F35775865903F4F41E ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
21:01:45.0812 2012 FTSER2K - ok
21:01:45.0859 2012 [ B969A0706E677997798C8F9B5CFD00BD ] GearAspiWDM C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
21:01:45.0906 2012 GearAspiWDM - ok
21:01:45.0937 2012 [ 17B77D83C53AE007C11ED811D992E727 ] GEARSecurity C:\WINDOWS\system32\gearsec.exe
21:01:46.0125 2012 GEARSecurity - ok
21:01:46.0156 2012 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:01:46.0156 2012 Gpc - ok
21:01:46.0312 2012 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:01:46.0312 2012 gupdate - ok
21:01:46.0328 2012 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:01:46.0328 2012 gupdatem - ok
21:01:46.0390 2012 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:01:46.0390 2012 gusvc - ok
21:01:46.0406 2012 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:01:46.0421 2012 HDAudBus - ok
21:01:46.0515 2012 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:01:46.0515 2012 helpsvc - ok
21:01:46.0562 2012 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:01:46.0562 2012 HidServ - ok
21:01:46.0578 2012 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:01:46.0593 2012 HidUsb - ok
21:01:46.0656 2012 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:01:46.0656 2012 hkmsvc - ok
21:01:46.0656 2012 hpn - ok
21:01:46.0718 2012 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:01:46.0718 2012 HTTP - ok
21:01:46.0750 2012 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:01:46.0750 2012 HTTPFilter - ok
21:01:46.0750 2012 i2omgmt - ok
21:01:46.0765 2012 i2omp - ok
21:01:46.0812 2012 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:01:46.0812 2012 i8042prt - ok
21:01:46.0906 2012 [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:01:46.0937 2012 ialm - ok
21:01:47.0015 2012 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:01:47.0281 2012 IDriverT - ok
21:01:47.0375 2012 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:01:47.0390 2012 idsvc - ok
21:01:47.0421 2012 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:01:47.0421 2012 Imapi - ok
21:01:47.0468 2012 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:01:47.0484 2012 ImapiService - ok
21:01:47.0484 2012 ini910u - ok
21:01:47.0828 2012 [ 4D8B60B116E8213E44CC7797B648F277 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:01:48.0125 2012 IntcAzAudAddService - ok
21:01:48.0125 2012 IntelIde - ok
21:01:48.0187 2012 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:01:48.0187 2012 intelppm - ok
21:01:48.0234 2012 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:01:48.0234 2012 Ip6Fw - ok
21:01:48.0265 2012 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:01:48.0265 2012 IpFilterDriver - ok
21:01:48.0296 2012 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:01:48.0296 2012 IpInIp - ok
21:01:48.0328 2012 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:01:48.0343 2012 IpNat - ok
21:01:48.0390 2012 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:01:48.0390 2012 IPSec - ok
21:01:48.0421 2012 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:01:48.0421 2012 IRENUM - ok
21:01:48.0484 2012 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:01:48.0484 2012 isapnp - ok
21:01:48.0500 2012 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
21:01:48.0546 2012 Iviaspi - ok
21:01:48.0593 2012 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:01:48.0593 2012 Kbdclass - ok
21:01:48.0625 2012 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:01:48.0625 2012 kmixer - ok
21:01:48.0656 2012 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:01:48.0656 2012 KSecDD - ok
21:01:48.0703 2012 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:01:48.0703 2012 lanmanserver - ok
21:01:48.0765 2012 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:01:48.0765 2012 lanmanworkstation - ok
21:01:48.0781 2012 lbrtfdc - ok
21:01:48.0796 2012 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:01:48.0812 2012 LmHosts - ok
21:01:48.0859 2012 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
21:01:48.0859 2012 McrdSvc - ok
21:01:48.0890 2012 [ 7EFAC183A25B30FB5D64CC9D484B1EB6 ] meiudf C:\WINDOWS\system32\Drivers\meiudf.sys
21:01:48.0953 2012 meiudf - ok
21:01:49.0000 2012 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:01:49.0000 2012 Messenger - ok
21:01:49.0031 2012 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
21:01:49.0093 2012 MHN - ok
21:01:49.0187 2012 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:01:49.0218 2012 MHNDRV - ok
21:01:49.0234 2012 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:01:49.0234 2012 mnmdd - ok
21:01:49.0281 2012 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:01:49.0281 2012 mnmsrvc - ok
21:01:49.0312 2012 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:01:49.0312 2012 Modem - ok
21:01:49.0453 2012 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
21:01:49.0468 2012 Monfilt - ok
21:01:49.0531 2012 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:01:49.0531 2012 Mouclass - ok
21:01:49.0562 2012 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:01:49.0562 2012 mouhid - ok
21:01:49.0609 2012 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:01:49.0609 2012 MountMgr - ok
21:01:49.0656 2012 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:01:49.0718 2012 MozillaMaintenance - ok
21:01:49.0718 2012 mraid35x - ok
21:01:49.0750 2012 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:01:49.0750 2012 MRxDAV - ok
21:01:49.0843 2012 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:01:49.0843 2012 MRxSmb - ok
21:01:49.0890 2012 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:01:49.0890 2012 MSDTC - ok
21:01:49.0906 2012 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:01:49.0906 2012 Msfs - ok
21:01:49.0921 2012 MSIServer - ok
21:01:49.0937 2012 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:01:49.0937 2012 MSKSSRV - ok
21:01:49.0968 2012 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:01:49.0968 2012 MSPCLOCK - ok
21:01:49.0984 2012 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:01:49.0984 2012 MSPQM - ok
21:01:50.0000 2012 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:01:50.0000 2012 mssmbios - ok
21:01:50.0062 2012 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:01:50.0078 2012 MSTEE - ok
21:01:50.0109 2012 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:01:50.0109 2012 Mup - ok
21:01:50.0140 2012 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:01:50.0156 2012 NABTSFEC - ok
21:01:50.0281 2012 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:01:50.0281 2012 napagent - ok
21:01:50.0296 2012 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:01:50.0296 2012 NDIS - ok
21:01:50.0343 2012 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:01:50.0359 2012 NdisIP - ok
21:01:50.0390 2012 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:01:50.0390 2012 NdisTapi - ok
21:01:50.0421 2012 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:01:50.0421 2012 Ndisuio - ok
21:01:50.0437 2012 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:01:50.0437 2012 NdisWan - ok
21:01:50.0468 2012 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:01:50.0468 2012 NDProxy - ok
21:01:50.0500 2012 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:01:50.0500 2012 NetBIOS - ok
21:01:50.0531 2012 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:01:50.0531 2012 NetBT - ok
21:01:50.0578 2012 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:01:50.0578 2012 NetDDE - ok
21:01:50.0593 2012 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:01:50.0593 2012 NetDDEdsdm - ok
21:01:50.0625 2012 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
21:01:50.0703 2012 Netdevio - ok
21:01:50.0750 2012 [ 8A91FD656D0832195EAFB6CB45B06C27 ] NETGEAR_WG511_SERVICE C:\WINDOWS\system32\DRIVERS\wg511nd5.sys
21:01:50.0765 2012 NETGEAR_WG511_SERVICE - ok
21:01:50.0812 2012 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:01:50.0812 2012 Netlogon - ok
21:01:50.0828 2012 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:01:50.0828 2012 Netman - ok
21:01:50.0875 2012 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:01:50.0875 2012 NetTcpPortSharing - ok
21:01:51.0000 2012 [ F886500C285AF271FDD33BF8BA7B32EF ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
21:01:51.0046 2012 NETw3x32 - ok
21:01:51.0218 2012 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:01:51.0218 2012 NIC1394 - ok
21:01:51.0328 2012 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:01:51.0328 2012 Nla - ok
21:01:51.0437 2012 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:01:51.0468 2012 Npfs - ok
21:01:51.0609 2012 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:01:51.0718 2012 Ntfs - ok
21:01:51.0750 2012 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:01:51.0750 2012 NtLmSsp - ok
21:01:51.0796 2012 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:01:51.0812 2012 NtmsSvc - ok
21:01:51.0828 2012 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:01:51.0828 2012 Null - ok
21:01:51.0890 2012 [ C83766C4A147159254FF16F1A6C9DC6E ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
21:01:51.0906 2012 NWADI - ok
21:01:51.0937 2012 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:01:51.0937 2012 NwlnkFlt - ok
21:01:51.0968 2012 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:01:51.0968 2012 NwlnkFwd - ok
21:01:52.0000 2012 [ 224131778C92AEE8C13AFAC5FBFF19CA ] NWUSBCDFIL C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
21:01:52.0000 2012 NWUSBCDFIL - ok
21:01:52.0031 2012 [ C7FB1635508D0009489A0F7E7743468A ] NWUSBModem_000 C:\WINDOWS\system32\DRIVERS\nwusbmdm_000.sys
21:01:52.0031 2012 NWUSBModem_000 - ok
21:01:52.0140 2012 [ C7FB1635508D0009489A0F7E7743468A ] NWUSBPort2_000 C:\WINDOWS\system32\DRIVERS\nwusbser2_000.sys
21:01:52.0140 2012 NWUSBPort2_000 - ok
21:01:52.0171 2012 [ C7FB1635508D0009489A0F7E7743468A ] NWUSBPort_000 C:\WINDOWS\system32\DRIVERS\nwusbser_000.sys
21:01:52.0187 2012 NWUSBPort_000 - ok
21:01:52.0250 2012 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:01:52.0250 2012 ohci1394 - ok
21:01:52.0343 2012 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:01:52.0343 2012 ose - ok
21:01:52.0375 2012 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
21:01:52.0390 2012 Parport - ok
21:01:52.0390 2012 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:01:52.0406 2012 PartMgr - ok
21:01:52.0421 2012 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:01:52.0421 2012 ParVdm - ok
21:01:52.0453 2012 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:01:52.0453 2012 PCI - ok
21:01:52.0453 2012 PCIDump - ok
21:01:52.0468 2012 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:01:52.0468 2012 PCIIde - ok
21:01:52.0500 2012 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:01:52.0500 2012 Pcmcia - ok
21:01:52.0515 2012 PDCOMP - ok
21:01:52.0515 2012 PDFRAME - ok
21:01:52.0515 2012 PDRELI - ok
21:01:52.0531 2012 PDRFRAME - ok
21:01:52.0531 2012 perc2 - ok
21:01:52.0546 2012 perc2hib - ok
21:01:52.0578 2012 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
21:01:52.0609 2012 Pfc - ok
21:01:52.0640 2012 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:01:52.0640 2012 PlugPlay - ok
21:01:52.0656 2012 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:01:52.0656 2012 PolicyAgent - ok
21:01:52.0671 2012 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:01:52.0671 2012 PptpMiniport - ok
21:01:52.0687 2012 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:01:52.0687 2012 ProtectedStorage - ok
21:01:52.0687 2012 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:01:52.0687 2012 PSched - ok
21:01:52.0718 2012 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:01:52.0718 2012 Ptilink - ok
21:01:52.0718 2012 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:01:52.0781 2012 PxHelp20 - ok
21:01:52.0781 2012 ql1080 - ok
21:01:52.0781 2012 Ql10wnt - ok
21:01:52.0796 2012 ql12160 - ok
21:01:52.0796 2012 ql1240 - ok
21:01:52.0812 2012 ql1280 - ok
21:01:52.0828 2012 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:01:52.0828 2012 RasAcd - ok
21:01:52.0859 2012 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:01:52.0875 2012 RasAuto - ok
21:01:52.0890 2012 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:01:52.0906 2012 Rasl2tp - ok
21:01:52.0953 2012 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:01:52.0953 2012 RasMan - ok
21:01:52.0968 2012 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:01:52.0968 2012 RasPppoe - ok
21:01:52.0968 2012 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:01:52.0968 2012 Raspti - ok
21:01:53.0015 2012 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:01:53.0015 2012 Rdbss - ok
21:01:53.0015 2012 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:01:53.0015 2012 RDPCDD - ok
21:01:53.0093 2012 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:01:53.0093 2012 rdpdr - ok
21:01:53.0187 2012 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:01:53.0187 2012 RDPWD - ok
21:01:53.0234 2012 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:01:53.0234 2012 RDSessMgr - ok
21:01:53.0328 2012 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
21:01:53.0328 2012 RealNetworks Downloader Resolver Service - ok
21:01:53.0375 2012 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:01:53.0375 2012 redbook - ok
21:01:53.0437 2012 [ C35EC743558ED20FBC99C47616F9415E ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
21:01:53.0515 2012 RegSrvc - ok
21:01:53.0562 2012 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:01:53.0562 2012 RemoteAccess - ok
21:01:53.0593 2012 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:01:53.0609 2012 RemoteRegistry - ok
21:01:53.0625 2012 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:01:53.0640 2012 RpcLocator - ok
21:01:53.0687 2012 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:01:53.0687 2012 RpcSs - ok
21:01:53.0734 2012 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:01:53.0734 2012 RSVP - ok
21:01:53.0765 2012 [ 0E74171EE80A8640DE564B72DBBB397B ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:01:53.0781 2012 RTLE8023xp - ok
21:01:53.0843 2012 [ D72566C2E6A9EE9BA5B0D1F855AF74CF ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
21:01:53.0937 2012 S24EventMonitor - ok
21:01:53.0984 2012 [ D4661148E44816B6501BE8F4466D65B0 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:01:54.0031 2012 s24trans - ok
21:01:54.0140 2012 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:01:54.0156 2012 SamSs - ok
21:01:54.0250 2012 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:01:54.0265 2012 SASDIFSV - ok
21:01:54.0281 2012 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:01:54.0281 2012 SASKUTIL - ok
21:01:54.0328 2012 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:01:54.0328 2012 SCardSvr - ok
21:01:54.0375 2012 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:01:54.0375 2012 Schedule - ok
21:01:54.0406 2012 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:01:54.0406 2012 sdbus - ok
21:01:54.0453 2012 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:01:54.0453 2012 Secdrv - ok
21:01:54.0468 2012 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:01:54.0468 2012 seclogon - ok
21:01:54.0500 2012 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:01:54.0500 2012 SENS - ok
21:01:54.0531 2012 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:01:54.0531 2012 Serenum - ok
21:01:54.0562 2012 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
21:01:54.0562 2012 Serial - ok
21:01:54.0625 2012 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:01:54.0625 2012 Sfloppy - ok
21:01:54.0687 2012 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:01:54.0703 2012 SharedAccess - ok
21:01:54.0718 2012 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:01:54.0718 2012 ShellHWDetection - ok
21:01:54.0734 2012 Simbad - ok
21:01:54.0765 2012 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:01:54.0765 2012 SLIP - ok
21:01:54.0812 2012 SMNDIS5 - ok
21:01:54.0843 2012 [ 1E715247EFFFDDA938C085913045D599 ] SMSIVZAM5 C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
21:01:54.0890 2012 SMSIVZAM5 - ok
21:01:56.0015 2012 [ B64C7DC23A9C173E5766120BECAA01D9 ] SNP2STD C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
21:01:57.0031 2012 SNP2STD - ok
21:01:57.0046 2012 Sparrow - ok
21:01:57.0093 2012 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:01:57.0093 2012 splitter - ok
21:01:57.0156 2012 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:01:57.0156 2012 Spooler - ok
21:01:57.0218 2012 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:01:57.0234 2012 sr - ok
21:01:57.0281 2012 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:01:57.0296 2012 srservice - ok
21:01:57.0359 2012 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:01:57.0359 2012 Srv - ok
21:01:57.0390 2012 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:01:57.0390 2012 SSDPSRV - ok
21:01:57.0421 2012 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
21:01:57.0437 2012 StarOpen - ok
21:01:57.0546 2012 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:01:57.0562 2012 stisvc - ok
21:01:57.0593 2012 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:01:57.0593 2012 streamip - ok
21:01:57.0593 2012 SVRPEDRV - ok
21:01:57.0640 2012 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:01:57.0640 2012 swenum - ok
21:01:57.0656 2012 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:01:57.0671 2012 swmidi - ok
21:01:57.0671 2012 SwPrv - ok
21:01:57.0734 2012 [ 486A64AABD88E4E174681E89E9736BC9 ] Swupdtmr c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
21:01:57.0890 2012 Swupdtmr - ok
21:01:57.0921 2012 symc810 - ok
21:01:57.0937 2012 symc8xx - ok
21:01:57.0937 2012 sym_hi - ok
21:01:57.0953 2012 sym_u3 - ok
21:01:58.0000 2012 [ A6CC8C28D5AAD4179EF32F05BED55E91 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:01:58.0015 2012 SynTP - ok
21:01:58.0015 2012 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:01:58.0015 2012 sysaudio - ok
21:01:58.0093 2012 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:01:58.0109 2012 SysmonLog - ok
21:01:58.0140 2012 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:01:58.0156 2012 TapiSrv - ok
21:01:58.0234 2012 [ 36772B5EAAAF42DB5C5EE6EEB0EC0AF7 ] TAPPSRV C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
21:01:58.0281 2012 TAPPSRV - ok
21:01:58.0296 2012 [ 7147B0575BCC93A6AB7D5C90F47C0B9F ] tbiosdrv C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
21:01:58.0296 2012 tbiosdrv - ok
21:01:58.0359 2012 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:01:58.0375 2012 Tcpip - ok
21:01:58.0484 2012 [ FC6FE02F400308606A911640E72326B5 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
21:01:58.0484 2012 TcUsb - ok
21:01:58.0515 2012 [ CC1D7BC6A3632C55EE6D8877E9B936F3 ] tdcmdpst C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
21:01:58.0546 2012 tdcmdpst - ok
21:01:58.0625 2012 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:01:58.0625 2012 TDPIPE - ok
21:01:58.0640 2012 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:01:58.0640 2012 TDTCP - ok
21:01:58.0687 2012 [ 09AA3CF863793F92276B39E74878C386 ] tdudf C:\WINDOWS\system32\DRIVERS\tdudf.sys
21:01:58.0750 2012 tdudf - ok
21:01:58.0765 2012 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:01:58.0765 2012 TermDD - ok
21:01:58.0828 2012 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:01:58.0843 2012 TermService - ok
21:01:58.0859 2012 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:01:58.0859 2012 Themes - ok
21:01:58.0906 2012 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:01:58.0906 2012 TlntSvr - ok
21:01:58.0953 2012 [ D0B08F941C0B06846533C6A38DD09B22 ] tmactmon C:\WINDOWS\system32\DRIVERS\tmactmon.sys
21:01:58.0953 2012 tmactmon - ok
21:01:58.0984 2012 [ 0C9ACEF23B537D6E8B1373C98D066B1C ] tmcomm C:\WINDOWS\system32\DRIVERS\tmcomm.sys
21:01:59.0000 2012 tmcomm - ok
21:01:59.0000 2012 [ 21992E703051934DCFA6D1477B12FC41 ] TMEBC C:\WINDOWS\system32\DRIVERS\TMEBC32.sys
21:01:59.0000 2012 TMEBC - ok
21:01:59.0031 2012 [ 63828FBD740F178DE2E2D42C3136FDEE ] tmevtmgr C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
21:01:59.0031 2012 tmevtmgr - ok
21:01:59.0046 2012 [ 43C1B7C778B296D492AF6D2ABB2ECF7F ] tmtdi C:\WINDOWS\system32\DRIVERS\tmtdi.sys
21:01:59.0046 2012 tmtdi - ok
21:01:59.0109 2012 [ D540858E65BFA6FDED41AD2495ECE344 ] TODDSrv C:\WINDOWS\system32\TODDSrv.exe
21:01:59.0171 2012 TODDSrv - ok
21:01:59.0187 2012 TosIde - ok
21:01:59.0218 2012 [ CC069342EE0EAE55B32A0AE99CF6185C ] tosrfec C:\WINDOWS\system32\DRIVERS\tosrfec.sys
21:01:59.0250 2012 tosrfec - ok
21:01:59.0281 2012 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:01:59.0281 2012 TrkWks - ok
21:01:59.0328 2012 [ 676DB15DDF2E0FF6EC03068DEA428B8B ] TVALD C:\WINDOWS\system32\DRIVERS\NBSMI.sys
21:01:59.0375 2012 TVALD - ok
21:01:59.0406 2012 [ 546DFBA6486569120D33F7AD6E94EFDD ] Tvs C:\WINDOWS\system32\DRIVERS\Tvs.sys
21:01:59.0437 2012 Tvs - ok
21:01:59.0500 2012 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:01:59.0500 2012 Udfs - ok
21:01:59.0500 2012 ultra - ok
21:01:59.0546 2012 [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
21:01:59.0546 2012 UMWdf - ok
21:01:59.0609 2012 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:01:59.0625 2012 Update - ok
21:01:59.0656 2012 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:01:59.0671 2012 upnphost - ok
21:01:59.0687 2012 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:01:59.0687 2012 UPS - ok
21:01:59.0718 2012 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:01:59.0718 2012 usbccgp - ok
21:01:59.0734 2012 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:01:59.0750 2012 usbehci - ok
21:01:59.0765 2012 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:01:59.0765 2012 usbhub - ok
21:01:59.0781 2012 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:01:59.0796 2012 usbscan - ok
21:01:59.0828 2012 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:01:59.0828 2012 USBSTOR - ok
21:01:59.0843 2012 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:01:59.0843 2012 usbuhci - ok
21:01:59.0875 2012 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:01:59.0875 2012 VgaSave - ok
21:01:59.0875 2012 ViaIde - ok
21:01:59.0890 2012 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:01:59.0890 2012 VolSnap - ok
21:01:59.0921 2012 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:01:59.0937 2012 VSS - ok
21:01:59.0968 2012 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
21:01:59.0968 2012 W32Time - ok
21:01:59.0984 2012 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:01:59.0984 2012 Wanarp - ok
21:02:00.0046 2012 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
21:02:00.0046 2012 wanatw - ok
21:02:00.0062 2012 WDICA - ok
21:02:00.0109 2012 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:02:00.0109 2012 wdmaud - ok
21:02:00.0156 2012 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:02:00.0156 2012 WebClient - ok
21:02:00.0296 2012 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:02:00.0296 2012 winmgmt - ok
21:02:00.0343 2012 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:02:00.0359 2012 WmdmPmSN - ok
21:02:00.0437 2012 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:02:00.0437 2012 Wmi - ok
21:02:00.0468 2012 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:02:00.0468 2012 WmiApSrv - ok
21:02:00.0500 2012 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:02:00.0500 2012 WS2IFSL - ok
21:02:00.0546 2012 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:02:00.0546 2012 wscsvc - ok
21:02:00.0578 2012 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:02:00.0578 2012 WSTCODEC - ok
21:02:00.0609 2012 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:02:00.0609 2012 wuauserv - ok
21:02:00.0687 2012 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:02:00.0687 2012 WZCSVC - ok
21:02:00.0718 2012 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:02:00.0734 2012 xmlprov - ok
21:02:00.0750 2012 ================ Scan global ===============================
21:02:00.0781 2012 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:02:00.0843 2012 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:02:00.0859 2012 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:02:00.0890 2012 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:02:00.0890 2012 [Global] - ok
21:02:00.0890 2012 ================ Scan MBR ==================================
21:02:00.0921 2012 [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk0\DR0
21:02:01.0187 2012 \Device\Harddisk0\DR0 - ok
21:02:01.0187 2012 ================ Scan VBR ==================================
21:02:01.0187 2012 [ D734112D03CB1CF131F0B81D1536C198 ] \Device\Harddisk0\DR0\Partition1
21:02:01.0187 2012 \Device\Harddisk0\DR0\Partition1 - ok
21:02:01.0187 2012 ============================================================
21:02:01.0187 2012 Scan finished
21:02:01.0187 2012 ============================================================
21:02:01.0250 5496 Detected object count: 0
21:02:01.0250 5496 Actual detected object count: 0

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29014
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Superdave on Thu May 09, 2013 1:16 am

OK, I'm good with that. Let's do some cleanup.

To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
***********************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*****************************************
Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Hobo on Fri May 10, 2013 3:44 am

I got redirected again using Google tonight. (At least I am almost certain I did.) Before I follow your most recent instructions I want to use the computer for a couple of days and see if it happens again.

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29014
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Superdave on Fri May 10, 2013 6:29 pm

[You must be registered and logged in to see this link.] wrote:I got redirected again using Google tonight. (At least I am almost certain I did.) Before I follow your most recent instructions I want to use the computer for a couple of days and see if it happens again.
Ok, I'll wait to hear back from you.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Hobo on Sun May 19, 2013 3:23 pm

Done. I followed your last instructions with no problem.

It has been about a week since cleaning the trojan(s) off my PC and everything seems to be working fine. I am no longer being redirected, the annoying pop-ups are gone and my machine runs faster.

Thanks again for the excellent help.

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29014
# Likes # Likes : 0

View user profile

Back to top Go down

Re: ib.adnxs.com Redirect

Post by Superdave on Sun May 19, 2013 10:37 pm

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum