Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Laptop has unwanted ib.adnxs.com tracker/pop-up

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Laptop has unwanted ib.adnxs.com tracker/pop-up

Unread postby Keith_H » August 8th, 2012, 5:49 pm

Hello,
As of late, I have noticed these pop-up items.

Please can you assist.
Kind regards
Keith


---- ---- ---- ----- ---- ---- ---- ---- ---- ----
---- ---- ---- ----- ---- ---- ---- ---- ---- ----
---- ---- ---- ----- ---- ---- ---- ---- ---- ----
DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.5.1
Run by Keith at 22:35:03 on 2012-08-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2938.1654 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Users\Keith\AppData\Local\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Keith\AppData\Local\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\notepad.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uWindow Title =
uInternet Settings,ProxyServer = cslibproxy:80
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Skytel] Skytel.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [ConnectionCenter] "c:\users\keith\appdata\local\citrix\ica client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://ldcvpn.lnrproperty.com/CSHELL/extender.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://ldcvpn.lnrproperty.com/CSHELL/extender.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{78DA402D-66EE-4084-9D5E-8A010E0B8437} : DhcpNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\keith\appdata\local\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\keith\appdata\local\citrix\ica client\IcaMimeFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\keith\appdata\roaming\mozilla\firefox\profiles\74eim75z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\users\keith\appdata\roaming\mozilla\plugins\npicaN.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2011-6-2 355504]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-2-17 90112]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-10-22 104992]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-12-2 1153368]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2008-11-27 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-10-22 411488]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-11-27 17920]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-2-17 27632]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-10-22 9344]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2010-2-16 129304]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-5 113120]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-10-21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-10-21 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-10-21 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-10-21 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-10-21 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-10-21 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-10-21 109736]
S3 s3117bus;Sony Ericsson Device 3117 driver (WDM);c:\windows\system32\drivers\s3117bus.sys [2009-9-2 90408]
S3 s3117mdfl;Sony Ericsson Device 3117 USB WMC Modem Filter;c:\windows\system32\drivers\s3117mdfl.sys [2009-9-2 15016]
S3 s3117mdm;Sony Ericsson Device 3117 USB WMC Modem Driver;c:\windows\system32\drivers\s3117mdm.sys [2009-9-2 122024]
S3 s3117mgmt;Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3117mgmt.sys [2009-9-2 115368]
S3 s3117nd5;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS);c:\windows\system32\drivers\s3117nd5.sys [2009-9-2 25768]
S3 s3117obex;Sony Ericsson Device 3117 USB WMC OBEX Interface;c:\windows\system32\drivers\s3117obex.sys [2009-9-2 111784]
S3 s3117unic;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM);c:\windows\system32\drivers\s3117unic.sys [2009-9-2 117544]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-4-7 155344]
.
=============== Created Last 30 ================
.
2012-08-05 19:24:58 -------- d-----w- c:\program files\DDS
2012-08-05 19:09:15 -------- d-----w- c:\users\keith\appdata\roaming\Ad-Aware Antivirus
2012-08-05 18:12:41 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-08-05 18:12:38 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-08-05 18:12:38 68576 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-08-05 18:12:38 573920 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-08-05 18:12:38 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-08-05 18:12:38 157608 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-08-05 18:12:38 113120 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-07-13 22:29:31 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-13 22:04:28 -------- d-----w- c:\users\keith\appdata\local\Macromedia
2012-07-13 22:04:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-13 21:45:38 -------- d-----w- c:\program files\Oracle
2012-07-13 21:44:59 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-13 19:02:53 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-07-13 19:02:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-13 19:02:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-13 19:02:43 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-13 19:02:13 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-13 19:02:13 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-13 19:02:13 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-13 19:02:10 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-13 19:02:10 1248768 ----a-w- c:\windows\system32\msxml3.dll
.
==================== Find3M ====================
.
2012-07-13 22:04:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 21:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 22:04:50 834048 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 22:36:30.13 ===============


---- ---- ---- ----- ---- ---- ---- ---- ---- ----
---- ---- ---- ----- ---- ---- ---- ---- ---- ----
---- ---- ---- ----- ---- ---- ---- ---- ---- ----
Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT


My first post was closed for zipping and attaching the file, hence why this is being posted in one message


.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 07/04/2009 16:06:15
System Uptime: 08/08/2012 18:28:09 (4 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | N/A | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 169.941 GiB free.
D: is Removable
E: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.4.6
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 2
Avanquest update
AVG 2012
Big Fish Games Game Suite
Business Contact Manager for Outlook 2007 SP1
CCleaner
Check Point SSL Network Extender
Cisco Systems VPN Client 5.0.00.0340
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Citrix XenApp Web Plugin
Click to Disc
Click to Disc Editor
DivX Setup
Google Earth
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 5
JavaFX 2.1.1
Me&My VAIO
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2003 Web Components
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
OpenMG Secure Module 5.1.00
OpenOffice.org 3.1
Picasa 3
Primo
Realtek High Definition Audio Driver
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Setting Utility Series
Skype™ 3.8
Software Info for Me&My VAIO
Sony Ericsson PC Companion 2.01.231
Sony Ericsson PC Suite 6.012.00
Sony Ericsson Update Engine
Sony Picture Utility
Sony Video Shared Library
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VAIO Control Center
VAIO Data Restore Tool
VAIO Movie Story
VAIO Movie Story Template Data
VAIO Original Function Setting
VAIO Power Management
VAIO Update 4
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.0.5
WinDVD for VAIO
Xvid 1.2.1 final uninstall
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
08/08/2012 22:33:54, Error: bowser [8003] - The master browser has received a server announcement from the computer CEREBRO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{78DA402D-66EE-4084-9D5E-8A010E0B84. The master browser is stopping or an election is being forced.
08/08/2012 22:32:51, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 5456D5BAAC05. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
08/08/2012 22:02:22, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
08/08/2012 16:33:07, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
08/08/2012 16:32:58, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 126
05/08/2012 19:15:13, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server VSS Writer service to connect.
05/08/2012 19:15:13, Error: Service Control Manager [7000] - The SQL Server VSS Writer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/08/2012 16:36:48, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
05/08/2012 12:50:26, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 5456D5BAAC05. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
02/08/2012 23:00:50, Error: bowser [8003] - The master browser has received a server announcement from the computer NIGELKNIGHT-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{78DA402D-66EE-4084-9D5E-8A0. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================


---- ---- ---- ----- ---- ---- ---- ---- ---- ----
---- ---- ---- ----- ---- ---- ---- ---- ---- ----
---- ---- ---- ----- ---- ---- ---- ---- ---- ----
Keith_H
Active Member
 
Posts: 12
Joined: August 5th, 2012, 3:32 pm
Advertisement
Register to Remove

Re: Laptop has unwanted ib.adnxs.com tracker/pop-up

Unread postby askey127 » August 12th, 2012, 8:52 am

Hi Keith_H,
Sorry for the delay.
Looking over your log. Be back soon.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Laptop has unwanted ib.adnxs.com tracker/pop-up

Unread postby askey127 » August 12th, 2012, 9:02 am

Keith_H,
-------------------------------------------------------------------
Since it is a System protective program, TeaTimer might interfere with the orderly removal of certain system infections.
We will disable it now, and re-enable it when we are done.
Temporarily Disable Spybot's TeaTimer Protection
Start Spybot Search & Destroy
In the top menu, click Mode
Check Advanced Mode if it is not already checked. OK the selection if necessary.
In the bottom of the left pane, click on Tools
From the new left pane list, click on Resident
Uncheck the box in the middle labeled Resident "TeaTimer"(Protection of overall system settings) active.
From the top menu, click on File, Exit.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Java(TM) 6 Update 29
Adobe Reader 9.4.6

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.1 are vulnerable.
Go HERE to download AdbeRdr1013_en_US.exe
Save the file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader X, as it is called, and OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it finishes, you can remove the Installer from your desktop.
---------------------------------------------
Please download SystemLook from the link below and save it to your Desktop.
Download Mirror (32-bit)
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox and paste it into the main textfield of SystemLook:
    Code: Select all
    :filefind
    *eoengine*
    *eobho*
    *EoRezo*
    
    :Regfind
    AFBB7970-789A-4264-BA70-E8127DECE400
    18AF7201-4F14-4BCF-93FE-45617CF259FF
    DF76E9B7-35EC-46FC-AF56-5B79DED9D64F
    C10DC1F4-CCDF-4224-A24D-B23AFC3573C8
    EoRezo
    eobho
    ieobho
    eoengine
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Laptop has unwanted ib.adnxs.com tracker/pop-up

Unread postby Keith_H » August 12th, 2012, 11:38 am

Hi askey127,

Greetings from the UK.
Thank you for taking the time to look at this.
Below is the SystemLook output log.

Best wishes


SystemLook 30.07.11 by jpshortstuff
Log created at 16:29 on 12/08/2012 by Keith
Administrator - Elevation successful

========== filefind ==========

Searching for "*eoengine*"
No files found.

Searching for "*eobho*"
No files found.

Searching for "*EoRezo*"
No files found.

========== Regfind ==========

Searching for "AFBB7970-789A-4264-BA70-E8127DECE400"
No data found.

Searching for "18AF7201-4F14-4BCF-93FE-45617CF259FF"
No data found.

Searching for "DF76E9B7-35EC-46FC-AF56-5B79DED9D64F"
No data found.

Searching for "C10DC1F4-CCDF-4224-A24D-B23AFC3573C8"
No data found.

Searching for "EoRezo"
No data found.

Searching for "eobho"
No data found.

Searching for "ieobho"
No data found.

Searching for "eoengine"
No data found.

-= EOF =-
Keith_H
Active Member
 
Posts: 12
Joined: August 5th, 2012, 3:32 pm

Re: Laptop has unwanted ib.adnxs.com tracker/pop-up

Unread postby askey127 » August 12th, 2012, 11:42 am

Keith_H,
Gee, that doesn't help much, does it?
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • For Vista, right click the icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

So we are looking for the two logs from OTL, and the log from TDSSKiller.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Laptop has unwanted ib.adnxs.com tracker/pop-up

Unread postby Keith_H » August 12th, 2012, 12:06 pm

Hi askey127

Here are the OTL scans:


OTL.txt
OTL logfile created on: 12/08/2012 16:52:37 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Keith\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 37.43% Memory free
5.96 Gb Paging File | 4.04 Gb Available in Paging File | 67.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.29 Gb Total Space | 165.76 Gb Free Space | 74.23% Space Free | Partition Type: NTFS

Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/12 16:46:18 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Downloads\OTL.exe
PRC - [2012/08/12 16:27:55 | 000,139,264 | ---- | M] () -- C:\Users\Keith\Downloads\SystemLook.exe
PRC - [2012/07/14 01:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/06/02 10:42:22 | 000,355,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
PRC - [2010/05/12 17:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\Keith\AppData\Local\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/05/12 17:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\Keith\AppData\Local\Citrix\ICA Client\concentr.exe
PRC - [2009/08/19 10:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/08/18 16:25:24 | 000,304,128 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\scalc.exe
PRC - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/17 11:50:42 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008/09/18 19:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/05 19:56:58 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Power Management\SPMService.exe
PRC - [2008/09/05 19:54:58 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Power Management\SPMgr.exe
PRC - [2008/08/29 05:21:36 | 000,870,240 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Update 4\VAIOUpdt.exe
PRC - [2008/04/04 05:32:48 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\ISB Utility\ISBMgr.exe
PRC - [2008/01/12 02:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/04/03 17:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/01/05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/12 16:27:55 | 000,139,264 | ---- | M] () -- C:\Users\Keith\Downloads\SystemLook.exe
MOD - [2012/07/14 01:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/15 07:48:16 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/15 07:46:33 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/15 07:46:23 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/12 10:27:11 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\75df548d77c2833a48c5da51424c93f1\System.IdentityModel.Selectors.ni.dll
MOD - [2012/05/12 10:27:10 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll
MOD - [2012/05/12 10:27:08 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll
MOD - [2012/05/12 10:27:05 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll
MOD - [2012/05/12 10:27:03 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll
MOD - [2012/05/12 10:24:39 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012/05/12 10:24:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/11 18:39:43 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/11 18:37:16 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/11 18:36:59 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2009/08/19 10:22:00 | 000,139,264 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\Basis\program\nsldap32v50.dll
MOD - [2009/08/18 16:25:24 | 000,304,128 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\scalc.exe
MOD - [2009/08/18 15:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/04/16 13:03:22 | 000,166,400 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\Basis\program\libxslt.dll
MOD - [2009/03/30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/10/22 22:55:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2008/10/22 22:55:41 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/07/14 01:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/29 16:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/06/02 10:42:22 | 000,355,504 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)
SRV - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/10/17 11:50:42 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/09/18 19:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/05 19:56:58 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/08/01 23:31:00 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/05/20 10:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 10:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 10:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/12 02:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/04/03 17:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/01/05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010/04/16 16:22:04 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/02/16 15:00:58 | 000,129,304 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vna.sys -- (VNA)
DRV - [2008/10/21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008/10/21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008/10/21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008/10/21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008/10/21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008/10/21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008/10/21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/10/07 02:47:20 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/10/03 01:00:56 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/08/23 00:22:42 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/08/22 01:06:22 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/06/28 01:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/10 01:04:47 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/07 01:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/05/12 13:15:12 | 000,111,784 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3117obex.sys -- (s3117obex)
DRV - [2008/05/12 13:15:12 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3117mdfl.sys -- (s3117mdfl)
DRV - [2008/05/12 13:15:10 | 000,122,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3117mdm.sys -- (s3117mdm)
DRV - [2008/05/12 13:15:10 | 000,117,544 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3117unic.sys -- (s3117unic)
DRV - [2008/05/12 13:15:10 | 000,115,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3117mgmt.sys -- (s3117mgmt)
DRV - [2008/05/12 13:15:10 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3117nd5.sys -- (s3117nd5)
DRV - [2008/05/12 13:15:04 | 000,090,408 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3117bus.sys -- (s3117bus)
DRV - [2008/04/24 23:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/25 03:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/04/18 05:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/04/03 17:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {E83252D4-35F3-4E7C-ADA8-88015CBC4015}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}
IE - HKLM\..\SearchScopes\{E83252D4-35F3-4E7C-ADA8-88015CBC4015}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3227751942-2071005614-3849776414-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3227751942-2071005614-3849776414-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3227751942-2071005614-3849776414-1003\..\SearchScopes,DefaultScope = ${searchCLSID}
IE - HKU\S-1-5-21-3227751942-2071005614-3849776414-1003\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3227751942-2071005614-3849776414-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7SNYK_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3227751942-2071005614-3849776414-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4b3d2cf0 ... =chrome&q={searchTerms}&lng={language}&ychte=uk&nt=1
IE - HKU\S-1-5-21-3227751942-2071005614-3849776414-1003\..\SearchScopes\{E83252D4-35F3-4E7C-ADA8-88015CBC4015}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7SNYK_en
IE - HKU\S-1-5-21-3227751942-2071005614-3849776414-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3227751942-2071005614-3849776414-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = cslibproxy:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/08/02 23:26:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/02 23:26:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/05 19:14:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/12 16:23:42 | 000,000,000 | ---D | M]

[2009/09/02 21:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions
[2012/08/08 16:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\74eim75z.default\extensions
[2010/09/07 08:14:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\74eim75z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/08 16:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\74eim75z.default\extensions\trash
[2012/08/05 19:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/02 23:26:10 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/08/05 19:52:12 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74EIM75Z.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2012/07/14 01:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/05/12 16:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/05/12 16:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/05/12 16:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/05/12 16:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/05/12 17:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/05/12 16:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/07/14 01:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/14 01:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/02 14:23:51 | 000,438,782 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 15094 more lines...
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3227751942-2071005614-3849776414-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Users\Keith\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\S-1-5-21-3227751942-2071005614-3849776414-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://ldcvpn.lnrproperty.com/CSHELL/extender.cab (SlimClient Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} https://ldcvpn.lnrproperty.com/CSHELL/extender.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78DA402D-66EE-4084-9D5E-8A010E0B8437}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Keith\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Keith\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{552f8df0-0ae9-11e0-a2bc-001dbab6c94d}\Shell - "" = AutoRun
O33 - MountPoints2\{552f8df0-0ae9-11e0-a2bc-001dbab6c94d}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/12 16:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/08/05 20:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\DDS
[2012/08/05 20:09:15 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Ad-Aware Antivirus
[2012/08/05 19:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/08/05 19:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/02 23:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/13 23:29:31 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/13 23:04:28 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\Macromedia
[2012/07/13 23:04:18 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/13 22:48:08 | 000,000,000 | ---D | C] -- C:\Users\Keith\Documents\Picture Motion Browser
[2012/07/13 22:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/13 22:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/13 22:44:59 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/13 22:44:59 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/13 22:44:04 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/13 22:44:04 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/13 20:02:13 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2010/02/17 20:40:27 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeE2DF.dll

========== Files - Modified Within 30 Days ==========

[2012/08/12 16:23:43 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/12 15:55:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 15:55:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 15:54:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/12 08:21:17 | 103,605,795 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/05 20:40:03 | 000,002,627 | ---- | M] () -- C:\Users\Keith\Desktop\Attach.zip
[2012/08/05 19:12:42 | 000,000,870 | ---- | M] () -- C:\Users\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/05 19:12:42 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/15 18:56:31 | 000,477,691 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/07/13 23:34:37 | 000,401,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/13 23:04:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/13 23:04:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/13 22:43:38 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/13 22:43:38 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/13 22:43:38 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

========== Files Created - No Company Name ==========

[2012/08/12 16:23:43 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/12 16:23:42 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/08/05 20:40:03 | 000,002,627 | ---- | C] () -- C:\Users\Keith\Desktop\Attach.zip
[2011/11/14 18:44:13 | 000,001,832 | ---- | C] () -- C:\Users\Keith\AppData\Local\SLC_Keith.prx
[2010/12/04 23:42:03 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/04 23:42:03 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/22 22:37:35 | 000,018,944 | ---- | C] () -- C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/01 18:26:13 | 000,002,032 | ---- | C] () -- C:\Users\Keith\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/08/05 20:09:27 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Ad-Aware Antivirus
[2011/10/16 12:26:18 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\AVG2012
[2010/01/23 18:38:38 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\ICAClient
[2010/11/07 12:59:40 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\InterVideo
[2009/09/02 23:13:08 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\OpenOffice.org
[2011/03/02 22:31:38 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Western Digital
[2012/08/12 15:53:59 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Keith_H
Active Member
 
Posts: 12
Joined: August 5th, 2012, 3:32 pm

Re: Laptop has unwanted ib.adnxs.com tracker/pop-up

Unread postby Keith_H » August 12th, 2012, 12:07 pm

Here is the second log

Extras.txt

OTL Extras logfile created on: 12/08/2012 16:52:37 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Keith\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 37.43% Memory free
5.96 Gb Paging File | 4.04 Gb Available in Paging File | 67.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.29 Gb Total Space | 165.76 Gb Free Space | 74.23% Space Free | Partition Type: NTFS

Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3227751942-2071005614-3849776414-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33B34FA0-6DC1-4547-8A60-D32BC5513982}" = lport=445 | protocol=6 | dir=in | app=system |
"{3EB3B51F-536E-48A2-ADA4-57162B9DC16B}" = rport=139 | protocol=6 | dir=out | app=system |
"{43C4F265-8308-47A0-B0CD-67E9CA7CAF99}" = rport=137 | protocol=17 | dir=out | app=system |
"{72FCB759-2B21-4395-B3D4-56DC372B991B}" = lport=138 | protocol=17 | dir=in | app=system |
"{7AB1C98D-3618-4A34-AC01-36E01A61D056}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A3E40B21-F196-43C1-A464-CC89EE5BB4BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{C1784E16-4118-4A80-9B66-F426CA5D2FFF}" = rport=445 | protocol=6 | dir=out | app=system |
"{C25B2E3F-D3AA-44E8-96BB-5605FA747590}" = lport=139 | protocol=6 | dir=in | app=system |
"{D6102CD7-7189-4D92-82F3-063F96F02E29}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DA455A37-F5EE-4238-B7AD-F897269CD0ED}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2C9B0FC6-AAEF-4E78-BEDA-3B4F384B302A}" = dir=in | app=c:\program files\checkpoint\ssl network extender\slimsvc.exe |
"{4F4E8EA1-2BE6-4917-BA0D-4E95823A9463}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{51812679-B254-4627-ADA0-C0EDAC7BEA1D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{6208A6F9-D653-4FF6-9D17-DFF778F77817}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6BD3A0B6-9CB9-4952-8807-1F1C0FEC9D58}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{A2F825D7-E867-4266-8323-7A7248214BF0}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{A33958D2-8C78-4EF5-8D51-BEFCBF74A1E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A48F9C67-D306-4BB5-9D07-3C996FB3B430}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{AB0226AA-A758-41BB-A697-D8D5DE2D6A6D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{D7F90598-0DFF-4C99-80FF-935922CCFDBB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DEC313FB-7B56-41B3-AFCD-865310161C98}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{E69950C1-F55B-4803-88EC-44894E24BB1D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EB7915C6-9B3C-40AE-8B07-EC3C38538199}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{F9691BA0-E7B5-4788-B66D-D9FFA5451537}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{FF316C6B-8B8E-4284-AAF3-292A8B6BE660}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{FFB8AA85-C393-4064-B77B-B19C756B3980}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"TCP Query User{0EEC7C6A-A55C-479A-87FB-226E5BB4A9B3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{60260D44-22CB-4E45-B266-196F9F9A0D86}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0D85C8D5-AD18-4763-969F-4CC43DEBAA02}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CF33CD7E-14D1-4AD1-8BBC-CCA3C94AA2A2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.012.00
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{50ACF4F1-D38A-4DCE-8147-0F574CDEF45B}" = Citrix online plug-in (USB)
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{6D4673B7-A982-43E5-82E9-13E037681478}" = Click to Disc
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75F52FAC-16CE-4A2A-B89A-9742F39A1864}" = VAIO Movie Story
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D899C197-F8C1-4773-9EC4-6C1FBADB9B29}" = Citrix online plug-in (HDX)
"{D8D4ED7E-954C-449D-B21D-6F97036DF0E9}" = Citrix online plug-in (DV)
"{ddd480ee-cfc3-4d00-8095-346eabc677be}" = Check Point SSL Network Extender
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.231
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"BFG-Big Fish Games Game Suite" = Big Fish Games Game Suite
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup" = DivX Setup
"dt icon module" =
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"MFU Module" =
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Update Engine" = Sony Ericsson Update Engine
"VAIO Help and Support" =
"VLC media player" = VLC media player 1.0.5
"Xvid_is1" = Xvid 1.2.1 final uninstall
"YTdetect" = Yahoo! Detect

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30/05/2012 18:30:59 | Computer Name = Keith-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/05/2012 23:59:53 | Computer Name = Keith-PC | Source = WinMgmt | ID = 10
Description =

Error - 01/06/2012 18:43:40 | Computer Name = Keith-PC | Source = WinMgmt | ID = 10
Description =

Error - 04/06/2012 18:48:56 | Computer Name = Keith-PC | Source = WinMgmt | ID = 10
Description =

Error - 05/06/2012 05:06:15 | Computer Name = Keith-PC | Source = WinMgmt | ID = 10
Description =

Error - 05/06/2012 05:12:35 | Computer Name = Keith-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/06/2012 06:37:57 | Computer Name = Keith-PC | Source = WinMgmt | ID = 10
Description =

Error - 07/06/2012 07:32:01 | Computer Name = Keith-PC | Source = WinMgmt | ID = 10
Description =

Error - 07/06/2012 15:36:27 | Computer Name = Keith-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/06/2012 10:02:25 | Computer Name = Keith-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12/08/2012 10:45:03 | Computer Name = Keith-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 5456D5BAAC05. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/08/2012 10:50:50 | Computer Name = Keith-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 5456D5BAAC05. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/08/2012 10:53:02 | Computer Name = Keith-PC | Source = DCOM | ID = 10005
Description =

Error - 12/08/2012 10:53:02 | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/08/2012 10:53:02 | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/08/2012 10:55:10 | Computer Name = Keith-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 12/08/2012 10:55:15 | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/08/2012 11:24:23 | Computer Name = Keith-PC | Source = DCOM | ID = 10005
Description =

Error - 12/08/2012 11:24:23 | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/08/2012 11:24:23 | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
Keith_H
Active Member
 
Posts: 12
Joined: August 5th, 2012, 3:32 pm

Re: Laptop has unwanted ib.adnxs.com tracker/pop-up

Unread postby Keith_H » August 12th, 2012, 12:12 pm

Hi askey127,

Below is the txt ouput; no threats were found:

>If the scan completes with nothing found, click Close to exit.

TDSSKiller.2.7.48.0_12.08.2012_17.08.20_log

17:08:20.0439 4576 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:08:20.0645 4576 ============================================================
17:08:20.0645 4576 Current date / time: 2012/08/12 17:08:20.0645
17:08:20.0645 4576 SystemInfo:
17:08:20.0645 4576
17:08:20.0645 4576 OS Version: 6.0.6002 ServicePack: 2.0
17:08:20.0645 4576 Product type: Workstation
17:08:20.0646 4576 ComputerName: KEITH-PC
17:08:20.0646 4576 UserName: Keith
17:08:20.0646 4576 Windows directory: C:\Windows
17:08:20.0646 4576 System windows directory: C:\Windows
17:08:20.0646 4576 Processor architecture: Intel x86
17:08:20.0646 4576 Number of processors: 2
17:08:20.0646 4576 Page size: 0x1000
17:08:20.0646 4576 Boot type: Normal boot
17:08:20.0646 4576 ============================================================
17:08:21.0299 4576 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:08:21.0304 4576 ============================================================
17:08:21.0304 4576 \Device\Harddisk0\DR0:
17:08:21.0315 4576 MBR partitions:
17:08:21.0316 4576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x132F800, BlocksNum 0x1BE95970
17:08:21.0316 4576 ============================================================
17:08:21.0593 4576 C: <-> \Device\Harddisk0\DR0\Partition0
17:08:21.0593 4576 ============================================================
17:08:21.0593 4576 Initialize success
17:08:21.0593 4576 ============================================================
17:09:02.0095 2500 ============================================================
17:09:02.0095 2500 Scan started
17:09:02.0095 2500 Mode: Manual;
17:09:02.0095 2500 ============================================================
17:09:02.0880 2500 ACDaemon (fee588cdf60f2b541b5a3e803fa938a1) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:09:02.0883 2500 ACDaemon - ok
17:09:03.0768 2500 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:09:03.0776 2500 ACPI - ok
17:09:03.0859 2500 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:09:03.0862 2500 AdobeARMservice - ok
17:09:03.0959 2500 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:09:03.0968 2500 adp94xx - ok
17:09:04.0145 2500 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:09:04.0152 2500 adpahci - ok
17:09:04.0174 2500 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:09:04.0177 2500 adpu160m - ok
17:09:04.0224 2500 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:09:04.0228 2500 adpu320 - ok
17:09:04.0262 2500 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:09:04.0264 2500 AeLookupSvc - ok
17:09:04.0345 2500 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:09:04.0350 2500 AFD - ok
17:09:04.0391 2500 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:09:04.0393 2500 agp440 - ok
17:09:04.0419 2500 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:09:04.0421 2500 aic78xx - ok
17:09:04.0464 2500 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:09:04.0466 2500 ALG - ok
17:09:04.0479 2500 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:09:04.0481 2500 aliide - ok
17:09:04.0509 2500 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:09:04.0511 2500 amdagp - ok
17:09:04.0532 2500 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:09:04.0534 2500 amdide - ok
17:09:04.0561 2500 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:09:04.0563 2500 AmdK7 - ok
17:09:04.0582 2500 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:09:04.0585 2500 AmdK8 - ok
17:09:04.0637 2500 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:09:04.0639 2500 Appinfo - ok
17:09:04.0660 2500 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:09:04.0663 2500 arc - ok
17:09:04.0695 2500 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:09:04.0697 2500 arcsas - ok
17:09:04.0736 2500 ArcSoftKsUFilter (857b48965a0503b7ab795d4bfe7cbd8b) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
17:09:04.0737 2500 ArcSoftKsUFilter - ok
17:09:04.0776 2500 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:09:04.0778 2500 AsyncMac - ok
17:09:04.0794 2500 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
17:09:04.0796 2500 atapi - ok
17:09:05.0179 2500 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
17:09:05.0218 2500 athr - ok
17:09:07.0996 2500 atikmdag (9f66d1ba97911731133e46212539a08d) C:\Windows\system32\DRIVERS\atikmdag.sys
17:09:08.0129 2500 atikmdag - ok
17:09:09.0202 2500 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:09:09.0216 2500 AudioEndpointBuilder - ok
17:09:09.0227 2500 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:09:09.0231 2500 Audiosrv - ok
17:09:12.0725 2500 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
17:09:12.0774 2500 AVGIDSAgent - ok
17:09:13.0553 2500 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
17:09:13.0595 2500 AVGIDSDriver - ok
17:09:13.0618 2500 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
17:09:13.0620 2500 AVGIDSFilter - ok
17:09:13.0655 2500 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
17:09:13.0657 2500 AVGIDSHX - ok
17:09:13.0683 2500 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
17:09:13.0684 2500 AVGIDSShim - ok
17:09:13.0741 2500 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
17:09:13.0747 2500 Avgldx86 - ok
17:09:13.0780 2500 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
17:09:13.0782 2500 Avgmfx86 - ok
17:09:13.0791 2500 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
17:09:13.0793 2500 Avgrkx86 - ok
17:09:13.0847 2500 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
17:09:13.0854 2500 Avgtdix - ok
17:09:14.0125 2500 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
17:09:14.0135 2500 avgwd - ok
17:09:14.0203 2500 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
17:09:14.0205 2500 BcmSqlStartupSvc - ok
17:09:14.0242 2500 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:09:14.0243 2500 Beep - ok
17:09:14.0365 2500 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
17:09:14.0384 2500 BFE - ok
17:09:14.0568 2500 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
17:09:14.0588 2500 BITS - ok
17:09:14.0621 2500 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:09:14.0623 2500 blbdrive - ok
17:09:14.0662 2500 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:09:14.0664 2500 bowser - ok
17:09:14.0691 2500 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:09:14.0693 2500 BrFiltLo - ok
17:09:14.0702 2500 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:09:14.0704 2500 BrFiltUp - ok
17:09:14.0743 2500 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:09:14.0746 2500 Browser - ok
17:09:14.0809 2500 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:09:14.0812 2500 Brserid - ok
17:09:14.0834 2500 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:09:14.0836 2500 BrSerWdm - ok
17:09:14.0858 2500 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:09:14.0860 2500 BrUsbMdm - ok
17:09:14.0871 2500 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:09:14.0873 2500 BrUsbSer - ok
17:09:14.0895 2500 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:09:14.0896 2500 BTHMODEM - ok
17:09:14.0930 2500 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:09:14.0932 2500 cdfs - ok
17:09:14.0979 2500 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:09:14.0980 2500 cdrom - ok
17:09:15.0012 2500 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:09:15.0013 2500 CertPropSvc - ok
17:09:15.0037 2500 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:09:15.0039 2500 circlass - ok
17:09:15.0104 2500 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:09:15.0111 2500 CLFS - ok
17:09:15.0188 2500 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:09:15.0191 2500 clr_optimization_v2.0.50727_32 - ok
17:09:15.0228 2500 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:09:15.0229 2500 CmBatt - ok
17:09:15.0246 2500 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:09:15.0248 2500 cmdide - ok
17:09:15.0270 2500 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:09:15.0272 2500 Compbatt - ok
17:09:15.0276 2500 COMSysApp - ok
17:09:15.0389 2500 cpextender (d8100492b03e435220e6cd6f7d1aced6) C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
17:09:15.0403 2500 cpextender - ok
17:09:15.0420 2500 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:09:15.0421 2500 crcdisk - ok
17:09:15.0444 2500 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:09:15.0446 2500 Crusoe - ok
17:09:15.0501 2500 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
17:09:15.0503 2500 CryptSvc - ok
17:09:15.0529 2500 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
17:09:15.0531 2500 ctxusbm - ok
17:09:15.0553 2500 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
17:09:15.0554 2500 CVirtA - ok
17:09:15.0757 2500 CVPND (08d8fa119f2ad6ac0377fb667523482e) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
17:09:15.0790 2500 CVPND - ok
17:09:15.0990 2500 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\Windows\system32\Drivers\CVPNDRVA.sys
17:09:15.0997 2500 CVPNDRVA - ok
17:09:16.0093 2500 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:09:16.0103 2500 DcomLaunch - ok
17:09:16.0142 2500 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:09:16.0145 2500 DfsC - ok
17:09:16.0404 2500 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
17:09:16.0449 2500 DFSR - ok
17:09:16.0615 2500 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
17:09:16.0621 2500 Dhcp - ok
17:09:16.0710 2500 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:09:16.0712 2500 disk - ok
17:09:16.0774 2500 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
17:09:16.0776 2500 DMICall - ok
17:09:16.0819 2500 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\Windows\system32\DRIVERS\dne2000.sys
17:09:16.0823 2500 DNE - ok
17:09:16.0868 2500 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
17:09:16.0872 2500 Dnscache - ok
17:09:16.0913 2500 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
17:09:16.0918 2500 dot3svc - ok
17:09:16.0974 2500 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:09:16.0977 2500 DPS - ok
17:09:17.0016 2500 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:09:17.0018 2500 drmkaud - ok
17:09:17.0087 2500 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
17:09:17.0101 2500 DXGKrnl - ok
17:09:17.0127 2500 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:09:17.0131 2500 E1G60 - ok
17:09:17.0161 2500 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:09:17.0163 2500 EapHost - ok
17:09:17.0223 2500 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:09:17.0227 2500 Ecache - ok
17:09:17.0309 2500 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:09:17.0316 2500 ehRecvr - ok
17:09:17.0340 2500 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:09:17.0343 2500 ehSched - ok
17:09:17.0363 2500 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:09:17.0365 2500 ehstart - ok
17:09:17.0444 2500 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:09:17.0453 2500 elxstor - ok
17:09:17.0544 2500 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
17:09:17.0557 2500 EMDMgmt - ok
17:09:17.0602 2500 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:09:17.0604 2500 ErrDev - ok
17:09:17.0665 2500 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
17:09:17.0670 2500 EventSystem - ok
17:09:17.0721 2500 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:09:17.0724 2500 exfat - ok
17:09:17.0770 2500 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:09:17.0773 2500 fastfat - ok
17:09:17.0798 2500 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:09:17.0799 2500 fdc - ok
17:09:17.0830 2500 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:09:17.0832 2500 fdPHost - ok
17:09:17.0842 2500 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:09:17.0845 2500 FDResPub - ok
17:09:17.0860 2500 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:09:17.0862 2500 FileInfo - ok
17:09:17.0883 2500 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:09:17.0885 2500 Filetrace - ok
17:09:17.0905 2500 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:09:17.0906 2500 flpydisk - ok
17:09:17.0959 2500 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:09:17.0964 2500 FltMgr - ok
17:09:18.0012 2500 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:09:18.0014 2500 FontCache3.0.0.0 - ok
17:09:18.0032 2500 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
17:09:18.0035 2500 Fs_Rec - ok
17:09:18.0066 2500 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:09:18.0068 2500 gagp30kx - ok
17:09:18.0152 2500 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
17:09:18.0165 2500 gpsvc - ok
17:09:18.0260 2500 gusvc (649f407a844dde2b97bc086af97d663b) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:09:18.0264 2500 gusvc - ok
17:09:18.0331 2500 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:09:18.0337 2500 HdAudAddService - ok
17:09:18.0433 2500 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:09:18.0445 2500 HDAudBus - ok
17:09:18.0466 2500 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:09:18.0468 2500 HidBth - ok
17:09:18.0494 2500 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:09:18.0496 2500 HidIr - ok
17:09:18.0532 2500 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
17:09:18.0534 2500 hidserv - ok
17:09:18.0552 2500 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
17:09:18.0554 2500 HidUsb - ok
17:09:18.0589 2500 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:09:18.0592 2500 hkmsvc - ok
17:09:18.0609 2500 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:09:18.0610 2500 HpCISSs - ok
17:09:18.0674 2500 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:09:18.0679 2500 HSFHWAZL - ok
17:09:18.0798 2500 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:09:18.0820 2500 HSF_DPV - ok
17:09:18.0863 2500 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:09:18.0868 2500 HSXHWAZL - ok
17:09:18.0944 2500 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:09:18.0954 2500 HTTP - ok
17:09:18.0992 2500 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:09:18.0994 2500 i2omp - ok
17:09:19.0037 2500 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:09:19.0040 2500 i8042prt - ok
17:09:19.0096 2500 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
17:09:19.0100 2500 iaStor - ok
17:09:19.0136 2500 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:09:19.0142 2500 iaStorV - ok
17:09:19.0303 2500 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:09:19.0323 2500 idsvc - ok
17:09:19.0779 2500 igfx (ce5ff5d5e3f4ca974e36dc24c15474d0) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:09:19.0842 2500 igfx - ok
17:09:20.0488 2500 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:09:20.0495 2500 iirsp - ok
17:09:20.0595 2500 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
17:09:20.0607 2500 IKEEXT - ok
17:09:20.0854 2500 IntcAzAudAddService (4a0f260df9a5333c07f4ab40ca9d4f4b) C:\Windows\system32\drivers\RTKVHDA.sys
17:09:20.0905 2500 IntcAzAudAddService - ok
17:09:21.0085 2500 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:09:21.0087 2500 intelide - ok
17:09:21.0109 2500 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:09:21.0111 2500 intelppm - ok
17:09:21.0147 2500 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:09:21.0151 2500 IPBusEnum - ok
17:09:21.0183 2500 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:09:21.0185 2500 IpFilterDriver - ok
17:09:21.0229 2500 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
17:09:21.0235 2500 iphlpsvc - ok
17:09:21.0241 2500 IpInIp - ok
17:09:21.0279 2500 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:09:21.0282 2500 IPMIDRV - ok
17:09:21.0315 2500 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:09:21.0319 2500 IPNAT - ok
17:09:21.0334 2500 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:09:21.0336 2500 IRENUM - ok
17:09:21.0363 2500 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:09:21.0365 2500 isapnp - ok
17:09:21.0418 2500 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:09:21.0423 2500 iScsiPrt - ok
17:09:21.0447 2500 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:09:21.0449 2500 iteatapi - ok
17:09:21.0471 2500 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:09:21.0473 2500 iteraid - ok
17:09:21.0571 2500 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
17:09:21.0573 2500 IviRegMgr - ok
17:09:21.0594 2500 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:09:21.0596 2500 kbdclass - ok
17:09:21.0621 2500 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
17:09:21.0622 2500 kbdhid - ok
17:09:21.0664 2500 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:09:21.0666 2500 KeyIso - ok
17:09:21.0733 2500 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
17:09:21.0743 2500 KSecDD - ok
17:09:21.0822 2500 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:09:21.0832 2500 KtmRm - ok
17:09:21.0873 2500 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
17:09:21.0879 2500 LanmanServer - ok
17:09:21.0929 2500 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
17:09:21.0936 2500 LanmanWorkstation - ok
17:09:21.0980 2500 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:09:21.0982 2500 lltdio - ok
17:09:22.0025 2500 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:09:22.0031 2500 lltdsvc - ok
17:09:22.0056 2500 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:09:22.0058 2500 lmhosts - ok
17:09:22.0101 2500 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:09:22.0104 2500 LSI_FC - ok
17:09:22.0127 2500 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:09:22.0131 2500 LSI_SAS - ok
17:09:22.0161 2500 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:09:22.0164 2500 LSI_SCSI - ok
17:09:22.0186 2500 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:09:22.0189 2500 luafv - ok
17:09:22.0229 2500 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
17:09:22.0233 2500 Mcx2Svc - ok
17:09:22.0273 2500 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:09:22.0274 2500 mdmxsdk - ok
17:09:22.0315 2500 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:09:22.0317 2500 megasas - ok
17:09:22.0371 2500 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:09:22.0380 2500 MegaSR - ok
17:09:22.0404 2500 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:09:22.0407 2500 MMCSS - ok
17:09:22.0429 2500 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:09:22.0431 2500 Modem - ok
17:09:22.0452 2500 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:09:22.0454 2500 monitor - ok
17:09:22.0464 2500 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:09:22.0466 2500 mouclass - ok
17:09:22.0489 2500 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
17:09:22.0491 2500 mouhid - ok
17:09:22.0516 2500 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:09:22.0519 2500 MountMgr - ok
17:09:22.0588 2500 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:09:22.0591 2500 MozillaMaintenance - ok
17:09:22.0630 2500 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:09:22.0634 2500 mpio - ok
17:09:22.0660 2500 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:09:22.0662 2500 mpsdrv - ok
17:09:22.0722 2500 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
17:09:22.0728 2500 MpsSvc - ok
17:09:22.0759 2500 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:09:22.0761 2500 Mraid35x - ok
17:09:22.0802 2500 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:09:22.0805 2500 MRxDAV - ok
17:09:22.0839 2500 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:09:22.0842 2500 mrxsmb - ok
17:09:22.0874 2500 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:09:22.0880 2500 mrxsmb10 - ok
17:09:22.0904 2500 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:09:22.0907 2500 mrxsmb20 - ok
17:09:22.0940 2500 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
17:09:22.0942 2500 msahci - ok
17:09:23.0048 2500 MSCSPTISRV (a99d2c7e30ad63ef920a894131caf5f7) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
17:09:23.0049 2500 MSCSPTISRV - ok
17:09:23.0078 2500 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:09:23.0081 2500 msdsm - ok
17:09:23.0121 2500 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:09:23.0125 2500 MSDTC - ok
17:09:23.0155 2500 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:09:23.0157 2500 Msfs - ok
17:09:23.0178 2500 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:09:23.0180 2500 msisadrv - ok
17:09:23.0235 2500 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:09:23.0240 2500 MSiSCSI - ok
17:09:23.0245 2500 msiserver - ok
17:09:23.0281 2500 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:09:23.0283 2500 MSKSSRV - ok
17:09:23.0295 2500 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:09:23.0297 2500 MSPCLOCK - ok
17:09:23.0317 2500 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:09:23.0318 2500 MSPQM - ok
17:09:23.0360 2500 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:09:23.0365 2500 MsRPC - ok
17:09:23.0383 2500 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:09:23.0385 2500 mssmbios - ok
17:09:23.0435 2500 MSSQL$MSSMLBIZ - ok
17:09:23.0498 2500 MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:09:23.0500 2500 MSSQLServerADHelper - ok
17:09:23.0520 2500 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:09:23.0522 2500 MSTEE - ok
17:09:23.0557 2500 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:09:23.0559 2500 Mup - ok
17:09:23.0621 2500 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
17:09:23.0631 2500 napagent - ok
17:09:23.0674 2500 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:09:23.0679 2500 NativeWifiP - ok
17:09:23.0763 2500 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:09:23.0776 2500 NDIS - ok
17:09:23.0816 2500 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:09:23.0817 2500 NdisTapi - ok
17:09:23.0831 2500 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:09:23.0832 2500 Ndisuio - ok
17:09:23.0859 2500 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:09:23.0863 2500 NdisWan - ok
17:09:23.0877 2500 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:09:23.0879 2500 NDProxy - ok
17:09:23.0906 2500 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:09:23.0908 2500 NetBIOS - ok
17:09:23.0953 2500 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:09:23.0956 2500 netbt - ok
17:09:23.0980 2500 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:09:23.0981 2500 Netlogon - ok
17:09:24.0038 2500 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:09:24.0044 2500 Netman - ok
17:09:24.0086 2500 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:09:24.0094 2500 netprofm - ok
17:09:24.0141 2500 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:09:24.0145 2500 NetTcpPortSharing - ok
17:09:24.0173 2500 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:09:24.0175 2500 nfrd960 - ok
17:09:24.0213 2500 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:09:24.0220 2500 NlaSvc - ok
17:09:24.0254 2500 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:09:24.0256 2500 Npfs - ok
17:09:24.0284 2500 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:09:24.0288 2500 nsi - ok
17:09:24.0307 2500 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:09:24.0309 2500 nsiproxy - ok
17:09:24.0454 2500 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:09:24.0477 2500 Ntfs - ok
17:09:24.0500 2500 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:09:24.0501 2500 ntrigdigi - ok
17:09:24.0519 2500 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:09:24.0520 2500 Null - ok
17:09:24.0547 2500 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:09:24.0551 2500 nvraid - ok
17:09:24.0575 2500 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:09:24.0577 2500 nvstor - ok
17:09:24.0605 2500 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:09:24.0609 2500 nv_agp - ok
17:09:24.0614 2500 NwlnkFlt - ok
17:09:24.0622 2500 NwlnkFwd - ok
17:09:24.0670 2500 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:09:24.0672 2500 ohci1394 - ok
17:09:24.0771 2500 OMSI download service (da345de3b450e9e1691e7b9956d8ffc3) C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
17:09:24.0774 2500 OMSI download service - ok
17:09:25.0032 2500 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:09:25.0052 2500 ose - ok
17:09:25.0632 2500 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:09:25.0666 2500 p2pimsvc - ok
17:09:25.0678 2500 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:09:25.0687 2500 p2psvc - ok
17:09:25.0821 2500 PACSPTISVR (41c33fb4fd929fed732a00d2daef5be0) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
17:09:25.0822 2500 PACSPTISVR - ok
17:09:25.0945 2500 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:09:25.0959 2500 Parport - ok
17:09:25.0988 2500 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
17:09:25.0991 2500 partmgr - ok
17:09:26.0002 2500 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:09:26.0004 2500 Parvdm - ok
17:09:26.0057 2500 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:09:26.0061 2500 PcaSvc - ok
17:09:26.0117 2500 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:09:26.0121 2500 pci - ok
17:09:26.0135 2500 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
17:09:26.0137 2500 pciide - ok
17:09:26.0174 2500 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:09:26.0178 2500 pcmcia - ok
17:09:26.0378 2500 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:09:26.0403 2500 PEAUTH - ok
17:09:27.0863 2500 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:09:27.0880 2500 pla - ok
17:09:28.0821 2500 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
17:09:28.0826 2500 PlugPlay - ok
17:09:29.0034 2500 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:09:29.0043 2500 PNRPAutoReg - ok
17:09:29.0055 2500 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:09:29.0064 2500 PNRPsvc - ok
17:09:29.0345 2500 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
17:09:29.0368 2500 PolicyAgent - ok
17:09:29.0438 2500 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:09:29.0440 2500 PptpMiniport - ok
17:09:29.0465 2500 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:09:29.0467 2500 Processor - ok
17:09:29.0516 2500 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
17:09:29.0520 2500 ProfSvc - ok
17:09:29.0549 2500 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:09:29.0551 2500 ProtectedStorage - ok
17:09:29.0645 2500 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:09:29.0649 2500 PSched - ok
17:09:29.0682 2500 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
17:09:29.0684 2500 PxHelp20 - ok
17:09:29.0888 2500 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:09:29.0930 2500 ql2300 - ok
17:09:29.0992 2500 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:09:29.0996 2500 ql40xx - ok
17:09:30.0051 2500 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:09:30.0060 2500 QWAVE - ok
17:09:30.0082 2500 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:09:30.0083 2500 QWAVEdrv - ok
17:09:30.0129 2500 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:09:30.0130 2500 RasAcd - ok
17:09:30.0161 2500 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:09:30.0166 2500 RasAuto - ok
17:09:30.0198 2500 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:09:30.0201 2500 Rasl2tp - ok
17:09:30.0265 2500 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
17:09:30.0273 2500 RasMan - ok
17:09:30.0334 2500 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:09:30.0336 2500 RasPppoe - ok
17:09:30.0422 2500 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:09:30.0425 2500 RasSstp - ok
17:09:30.0514 2500 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:09:30.0521 2500 rdbss - ok
17:09:30.0542 2500 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:09:30.0543 2500 RDPCDD - ok
17:09:30.0594 2500 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:09:30.0600 2500 rdpdr - ok
17:09:30.0606 2500 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:09:30.0608 2500 RDPENCDD - ok
17:09:30.0669 2500 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
17:09:30.0675 2500 RDPWD - ok
17:09:30.0724 2500 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
17:09:30.0726 2500 regi - ok
17:09:30.0770 2500 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:09:30.0774 2500 RemoteAccess - ok
17:09:30.0822 2500 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
17:09:30.0828 2500 RemoteRegistry - ok
17:09:30.0880 2500 rimsptsk (d0c2a0ce1091e08efb7ccba6cea4c3f9) C:\Windows\system32\DRIVERS\rimsptsk.sys
17:09:30.0882 2500 rimsptsk - ok
17:09:30.0902 2500 risdptsk (53ea7c7d1d3c4b11ae0ea7c8d75c4e82) C:\Windows\system32\DRIVERS\risdptsk.sys
17:09:30.0903 2500 risdptsk - ok
17:09:30.0922 2500 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:09:30.0925 2500 RpcLocator - ok
17:09:31.0003 2500 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:09:31.0012 2500 RpcSs - ok
17:09:31.0163 2500 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:09:31.0181 2500 rspndr - ok
17:09:31.0249 2500 RtkAudioService (65330e78c17db8a99a7ff1ba3c8824b6) C:\Windows\RtkAudioService.exe
17:09:31.0252 2500 RtkAudioService - ok
17:09:31.0316 2500 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys
17:09:31.0331 2500 s0017bus - ok
17:09:31.0353 2500 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys
17:09:31.0354 2500 s0017mdfl - ok
17:09:31.0394 2500 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys
17:09:31.0398 2500 s0017mdm - ok
17:09:31.0433 2500 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys
17:09:31.0436 2500 s0017mgmt - ok
17:09:31.0483 2500 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys
17:09:31.0485 2500 s0017nd5 - ok
17:09:31.0511 2500 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys
17:09:31.0514 2500 s0017obex - ok
17:09:31.0545 2500 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys
17:09:31.0549 2500 s0017unic - ok
17:09:31.0620 2500 s3117bus (a2f73fdbc3ed0cc645b964f9541a174c) C:\Windows\system32\DRIVERS\s3117bus.sys
17:09:31.0623 2500 s3117bus - ok
17:09:31.0641 2500 s3117mdfl (661d01f7ad3f4d57a0324f89c47ebe45) C:\Windows\system32\DRIVERS\s3117mdfl.sys
17:09:31.0643 2500 s3117mdfl - ok
17:09:31.0673 2500 s3117mdm (79117d96bb6640b2beed8b5275eb3c7d) C:\Windows\system32\DRIVERS\s3117mdm.sys
17:09:31.0677 2500 s3117mdm - ok
17:09:31.0702 2500 s3117mgmt (b3f56a96aa1402bc0122730837b13c1b) C:\Windows\system32\DRIVERS\s3117mgmt.sys
17:09:31.0706 2500 s3117mgmt - ok
17:09:31.0744 2500 s3117nd5 (bd42d3273c57a2fc1da68a65d6320421) C:\Windows\system32\DRIVERS\s3117nd5.sys
17:09:31.0746 2500 s3117nd5 - ok
17:09:31.0774 2500 s3117obex (9b3ea7bcc04851182f056cf42187caf6) C:\Windows\system32\DRIVERS\s3117obex.sys
17:09:31.0778 2500 s3117obex - ok
17:09:31.0806 2500 s3117unic (0f7eaffd62e48e0d281562e481c0d71f) C:\Windows\system32\DRIVERS\s3117unic.sys
17:09:31.0810 2500 s3117unic - ok
17:09:31.0842 2500 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:09:31.0845 2500 SamSs - ok
17:09:31.0877 2500 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:09:31.0880 2500 sbp2port - ok
17:09:32.0766 2500 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
17:09:32.0806 2500 SBSDWSCService - ok
17:09:32.0846 2500 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
17:09:32.0850 2500 SCardSvr - ok
17:09:33.0158 2500 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
17:09:33.0191 2500 Schedule - ok
17:09:33.0283 2500 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:09:33.0285 2500 SCPolicySvc - ok
17:09:33.0477 2500 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
17:09:33.0482 2500 sdbus - ok
17:09:33.0519 2500 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:09:33.0523 2500 SDRSVC - ok
17:09:33.0555 2500 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:09:33.0558 2500 secdrv - ok
17:09:33.0575 2500 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:09:33.0579 2500 seclogon - ok
17:09:33.0622 2500 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
17:09:33.0623 2500 seehcri - ok
17:09:33.0663 2500 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
17:09:33.0666 2500 SENS - ok
17:09:33.0710 2500 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:09:33.0712 2500 Serenum - ok
17:09:33.0741 2500 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:09:33.0744 2500 Serial - ok
17:09:33.0763 2500 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:09:33.0765 2500 sermouse - ok
17:09:33.0800 2500 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:09:33.0805 2500 SessionEnv - ok
17:09:33.0860 2500 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
17:09:33.0862 2500 SFEP - ok
17:09:33.0874 2500 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:09:33.0876 2500 sffdisk - ok
17:09:33.0888 2500 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:09:33.0890 2500 sffp_mmc - ok
17:09:33.0923 2500 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:09:33.0925 2500 sffp_sd - ok
17:09:33.0967 2500 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
17:09:33.0969 2500 sfloppy - ok
17:09:34.0105 2500 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:09:34.0116 2500 SharedAccess - ok
17:09:34.0170 2500 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
17:09:34.0179 2500 ShellHWDetection - ok
17:09:34.0222 2500 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:09:34.0224 2500 sisagp - ok
17:09:34.0247 2500 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:09:34.0249 2500 SiSRaid2 - ok
17:09:34.0282 2500 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:09:34.0286 2500 SiSRaid4 - ok
17:09:38.0223 2500 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
17:09:38.0322 2500 slsvc - ok
17:09:38.0842 2500 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
17:09:38.0846 2500 SLUINotify - ok
17:09:39.0059 2500 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:09:39.0061 2500 Smb - ok
17:09:39.0131 2500 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:09:39.0134 2500 SNMPTRAP - ok
17:09:39.0347 2500 Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
17:09:39.0352 2500 Sony Ericsson PCCompanion - ok
17:09:39.0373 2500 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:09:39.0375 2500 spldr - ok
17:09:39.0421 2500 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
17:09:39.0425 2500 Spooler - ok
17:09:39.0729 2500 SPTISRV (f63102f289ae2039940b22e9b2a8e0bd) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
17:09:39.0730 2500 SPTISRV - ok
17:09:40.0115 2500 SQLBrowser (d2b096cd2f56fac6eeeed9a77ddf6dc8) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:09:40.0144 2500 SQLBrowser - ok
17:09:40.0196 2500 SQLWriter (54902536aad0e9b99bc65f89c0caf93f) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:09:40.0198 2500 SQLWriter - ok
17:09:40.0311 2500 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:09:40.0328 2500 srv - ok
17:09:40.0403 2500 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:09:40.0408 2500 srv2 - ok
17:09:40.0435 2500 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:09:40.0439 2500 srvnet - ok
17:09:40.0490 2500 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:09:40.0495 2500 SSDPSRV - ok
17:09:40.0525 2500 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:09:40.0531 2500 SstpSvc - ok
17:09:40.0612 2500 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
17:09:40.0624 2500 stisvc - ok
17:09:40.0650 2500 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:09:40.0652 2500 swenum - ok
17:09:40.0714 2500 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
17:09:40.0720 2500 swprv - ok
17:09:40.0767 2500 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:09:40.0769 2500 Symc8xx - ok
17:09:40.0789 2500 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:09:40.0791 2500 Sym_hi - ok
17:09:40.0800 2500 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:09:40.0803 2500 Sym_u3 - ok
17:09:40.0873 2500 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
17:09:40.0878 2500 SynTP - ok
17:09:40.0961 2500 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
17:09:40.0972 2500 SysMain - ok
17:09:41.0007 2500 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:09:41.0012 2500 TabletInputService - ok
17:09:41.0065 2500 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
17:09:41.0073 2500 TapiSrv - ok
17:09:41.0100 2500 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:09:41.0104 2500 TBS - ok
17:09:41.0775 2500 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
17:09:41.0808 2500 Tcpip - ok
17:09:41.0826 2500 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
17:09:41.0835 2500 Tcpip6 - ok
17:09:41.0875 2500 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:09:41.0877 2500 tcpipreg - ok
17:09:41.0918 2500 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:09:41.0920 2500 TDPIPE - ok
17:09:42.0046 2500 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:09:42.0049 2500 TDTCP - ok
17:09:42.0092 2500 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:09:42.0094 2500 tdx - ok
17:09:42.0135 2500 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:09:42.0138 2500 TermDD - ok
17:09:42.0423 2500 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
17:09:42.0445 2500 TermService - ok
17:09:42.0612 2500 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
17:09:42.0617 2500 Themes - ok
17:09:42.0730 2500 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:09:42.0732 2500 THREADORDER - ok
17:09:42.0783 2500 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:09:42.0787 2500 TrkWks - ok
17:09:42.0935 2500 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
17:09:42.0936 2500 TrustedInstaller - ok
17:09:43.0054 2500 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:09:43.0056 2500 tssecsrv - ok
17:09:43.0080 2500 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:09:43.0082 2500 tunmp - ok
17:09:43.0114 2500 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:09:43.0115 2500 tunnel - ok
17:09:43.0189 2500 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:09:43.0192 2500 uagp35 - ok
17:09:43.0459 2500 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
17:09:43.0466 2500 uCamMonitor - ok
17:09:43.0727 2500 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:09:43.0746 2500 udfs - ok
17:09:43.0788 2500 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:09:43.0792 2500 UI0Detect - ok
17:09:43.0798 2500 UIUSys - ok
17:09:43.0988 2500 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:09:43.0998 2500 uliagpkx - ok
17:09:44.0039 2500 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:09:44.0045 2500 uliahci - ok
17:09:44.0084 2500 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:09:44.0087 2500 UlSata - ok
17:09:44.0122 2500 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:09:44.0126 2500 ulsata2 - ok
17:09:44.0149 2500 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:09:44.0151 2500 umbus - ok
17:09:44.0201 2500 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:09:44.0209 2500 upnphost - ok
17:09:44.0249 2500 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:09:44.0252 2500 usbccgp - ok
17:09:44.0280 2500 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:09:44.0283 2500 usbcir - ok
17:09:44.0312 2500 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:09:44.0314 2500 usbehci - ok
17:09:44.0371 2500 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:09:44.0374 2500 usbhub - ok
17:09:44.0388 2500 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:09:44.0390 2500 usbohci - ok
17:09:44.0409 2500 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
17:09:44.0411 2500 usbprint - ok
17:09:44.0444 2500 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:09:44.0445 2500 USBSTOR - ok
17:09:44.0494 2500 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:09:44.0508 2500 usbuhci - ok
17:09:44.0541 2500 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
17:09:44.0545 2500 usbvideo - ok
17:09:44.0578 2500 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
17:09:44.0581 2500 UxSms - ok
17:09:45.0202 2500 VAIO Power Management (ddd94d264cda81b90580e2d41f295575) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
17:09:45.0241 2500 VAIO Power Management - ok
17:09:45.0331 2500 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
17:09:45.0342 2500 vds - ok
17:09:45.0373 2500 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:09:45.0375 2500 vga - ok
17:09:45.0398 2500 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:09:45.0400 2500 VgaSave - ok
17:09:45.0416 2500 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:09:45.0419 2500 viaagp - ok
17:09:45.0442 2500 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:09:45.0444 2500 ViaC7 - ok
17:09:45.0467 2500 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:09:45.0469 2500 viaide - ok
17:09:45.0505 2500 VNA (48007916b1d0dab3e6c0d701de7c4afb) C:\Windows\system32\DRIVERS\vna.sys
17:09:45.0509 2500 VNA - ok
17:09:45.0528 2500 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:09:45.0531 2500 volmgr - ok
17:09:45.0610 2500 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:09:45.0617 2500 volmgrx - ok
17:09:45.0804 2500 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:09:45.0809 2500 volsnap - ok
17:09:46.0042 2500 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:09:46.0055 2500 vsmraid - ok
17:09:46.0814 2500 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
17:09:46.0828 2500 VSS - ok
17:09:47.0435 2500 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
17:09:47.0460 2500 W32Time - ok
17:09:47.0639 2500 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:09:47.0657 2500 WacomPen - ok
17:09:47.0689 2500 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:09:47.0692 2500 Wanarp - ok
17:09:47.0699 2500 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:09:47.0701 2500 Wanarpv6 - ok
17:09:47.0808 2500 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
17:09:47.0817 2500 wcncsvc - ok
17:09:47.0842 2500 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:09:47.0845 2500 WcsPlugInService - ok
17:09:47.0963 2500 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:09:47.0971 2500 Wd - ok
17:09:47.0992 2500 WDC_SAM - ok
17:09:48.0115 2500 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:09:48.0142 2500 Wdf01000 - ok
17:09:48.0162 2500 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:09:48.0167 2500 WdiServiceHost - ok
17:09:48.0172 2500 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:09:48.0177 2500 WdiSystemHost - ok
17:09:48.0230 2500 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
17:09:48.0235 2500 WebClient - ok
17:09:48.0497 2500 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
17:09:48.0502 2500 Wecsvc - ok
17:09:48.0550 2500 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:09:48.0556 2500 wercplsupport - ok
17:09:48.0603 2500 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
17:09:48.0608 2500 WerSvc - ok
17:09:48.0673 2500 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
17:09:48.0677 2500 WimFltr - ok
17:09:48.0770 2500 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:09:48.0785 2500 winachsf - ok
17:09:49.0087 2500 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
17:09:49.0108 2500 WinDefend - ok
17:09:49.0119 2500 WinHttpAutoProxySvc - ok
17:09:49.0466 2500 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
17:09:49.0471 2500 Winmgmt - ok
17:09:49.0572 2500 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
17:09:49.0598 2500 WinRM - ok
17:09:49.0688 2500 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
17:09:49.0719 2500 Wlansvc - ok
17:09:49.0769 2500 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
17:09:49.0771 2500 WmiAcpi - ok
17:09:49.0849 2500 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
17:09:49.0852 2500 wmiApSrv - ok
17:09:50.0581 2500 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:09:50.0622 2500 WMPNetworkSvc - ok
17:09:50.0682 2500 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
17:09:50.0689 2500 WPCSvc - ok
17:09:50.0729 2500 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
17:09:50.0734 2500 WPDBusEnum - ok
17:09:50.0820 2500 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
17:09:50.0823 2500 WpdUsb - ok
17:09:51.0048 2500 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:09:51.0082 2500 ws2ifsl - ok
17:09:51.0119 2500 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
17:09:51.0123 2500 wscsvc - ok
17:09:51.0129 2500 WSearch - ok
17:09:52.0604 2500 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
17:09:52.0686 2500 wuauserv - ok
17:09:53.0630 2500 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:09:53.0635 2500 WUDFRd - ok
17:09:53.0674 2500 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:09:53.0679 2500 wudfsvc - ok
17:09:53.0708 2500 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
17:09:53.0710 2500 XAudio - ok
17:09:53.0766 2500 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
17:09:53.0770 2500 XAudioService - ok
17:09:53.0839 2500 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys
17:09:53.0847 2500 yukonwlh - ok
17:09:53.0919 2500 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:09:56.0787 2500 \Device\Harddisk0\DR0 - ok
17:09:56.0915 2500 Boot (0x1200) (7f28dcce7cb696cc4885d2303ba92149) \Device\Harddisk0\DR0\Partition0
17:09:56.0934 2500 \Device\Harddisk0\DR0\Partition0 - ok
17:09:56.0935 2500 ============================================================
17:09:56.0935 2500 Scan finished
17:09:56.0935 2500 ============================================================
17:09:56.0953 5524 Detected object count: 0
17:09:56.0953 5524 Actual detected object count: 0
Keith_H
Active Member
 
Posts: 12
Joined: August 5th, 2012, 3:32 pm

Re: Laptop has unwanted ib.adnxs.com tracker/pop-up

Unread postby askey127 » August 13th, 2012, 8:04 am

Keith_H,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-3227751942-2071005614-3849776414-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    IE - HKU\S-1-5-21-3227751942-2071005614-3849776414-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4b3d2cf0 ... =chrome&q={searchTerms}&lng={language}&ychte=uk&nt=1
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}
    
    :Files
    C:\Users\Keith\AppData\Roaming\Ad-Aware Antivirus
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware It is free for non-business use.
Please go here to the Download Location, click on Download in the Free column..
When the next page comes up, click on the Download Now button.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
  • You should now have a desktop icon named mbam-setup.exe. (If the download was saved somewhere else, locate it and copy or move it to your desktop).
  • Right click it, choose Run as administrator and Continue
  • Let it install where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
  • If necessary, start Malwarebytes Anti-Malware again.
    (You can Decline any Offer for a Trial if you don't want the paid version)
  • Once the program has started up, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.

You can use separate replies if you wish.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Laptop has unwanted ib.adnxs.com tracker/pop-up

Unread postby Keith_H » August 13th, 2012, 5:17 pm

Hi askey127

My machine did have trouble restarting earlier today, but now it seems to be okay.

Thanks for coming back, and for helping me with this issue.

I am seeing popups with cdn.adnxs.com. I was wondering if I had given some kind of permissions to the adnsx.com website via Adobe, and if I need to uninstall all Adobe products, then start all over.

I keep getting Flash icons appear, which relate to cdncache2-a.akamaihd.net

This is one of the few articles I found when I did a trawl on this subject
http://www.jaysonjc.com/technology-tips/malware-exploits-java-plugin-vulnerability.html

Below are the logs
Thanks
Keith_H

08132012_211342.txt
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-3227751942-2071005614-3849776414-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_USERS\S-1-5-21-3227751942-2071005614-3849776414-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
========== FILES ==========
C:\Users\Keith\AppData\Roaming\Ad-Aware Antivirus\Logs\20120805T190915.643751PID4008 folder moved successfully.
C:\Users\Keith\AppData\Roaming\Ad-Aware Antivirus\Logs folder moved successfully.
C:\Users\Keith\AppData\Roaming\Ad-Aware Antivirus folder moved successfully.
[color=#A23BEC]< ipconfig /flushdns /c >

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Keith\Downloads\cmd.bat deleted successfully.
C:\Users\Keith\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Keith
->Java cache emptied: 9512617 bytes

User: Public

Total Java Files Cleaned = 9.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 519 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Keith
->Flash cache emptied: 49315 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Keith
->Temp folder emptied: 12376286 bytes
->Temporary Internet Files folder emptied: 142914817 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 318714777 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2381801 bytes
RecycleBin emptied: 443435425 bytes

Total Files Cleaned = 877.00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08132012_211342

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...[/color]

mbam-log-2012-08-13 (21-28-29)
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
http://www.malwarebytes.org

Database version: v2012.08.13.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Keith :: KEITH-PC [administrator]

Protection: Enabled

13/08/2012 21:28:29
mbam-log-2012-08-13 (21-28-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185324
Time elapsed: 11 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Keith_H
Active Member
 
Posts: 12
Joined: August 5th, 2012, 3:32 pm

Re: Laptop has unwanted ib.adnxs.com tracker/pop-up

Unread postby Keith_H » August 13th, 2012, 5:54 pm

Interesting .......

The ad boxes only appear in Google searches now, and they have the following message:
Server not found
Firefox can't find the server at ads.cpxinteracive
and
Firefox can't find the server at ib.adnxs.com

They had been popping up absoluteley everywhere, and driving me mad.

Many, many thanks!!!

Is there anything i need to enable, now that the fix is done?

Best wishes
Keith
Keith_H
Active Member
 
Posts: 12
Joined: August 5th, 2012, 3:32 pm

Re: Laptop has unwanted ib.adnxs.com tracker/pop-up

Unread postby askey127 » August 13th, 2012, 7:15 pm

Keith_H,
I'd like to run one more heavy duty scan before we pronounce victory.
This may take a couple hours in total, so allow the time please.
We may want to Uninstall and Re-install Chrome, depending on what we see.
-------------------------------------------------
Run the ESET Online Scanner
Vista/Windows 7 users: You will need to to right-click on the either the Internet Explorer or FireFox icon in the Start Menu or Quick Launch Bar and select Run as Administrator.
(You can use either Internet Explorer or Mozilla FireFox for this scan.)
You will also need to disable your current installed Anti-Virus this way before you begin:
DISABLE AVG
Please open the AVG Control Center, by right clicking on the AVG icon in the task bar.
  • Click on Tools.
  • Select Advanced.
  • In the left hand pane, scroll down to "Resident Shield".
  • In the main pane, DESELECT the option to "Enable Resident Shield."

  • Please go HERE to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted, then double click on it to install.
    All of the instructions below are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threatsIS[/b] checked, and the option Scan archives IS checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • Give permission again if necessary.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard any more than necessary during the scan, otherwise it may stall.
  • When it completes, give it a few minutes to write the logfile, then click on Image
  • Use (My) Computer to navigate to C:\Program Files(x86)\ESET\Eset Online Scanner\log.txt.
  • Double click the log.txt file to open it in Notepad.
  • Copy and paste that log as a reply to this topic.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Laptop has unwanted ib.adnxs.com tracker/pop-up

Unread postby Keith_H » August 15th, 2012, 1:40 am

Hi askey 127,

Thank you once more for the assistance you have provided.

A while ago, I did try to install Chrome. The uninstall process seemed to be drawn out, and I was not 100% sure if all elements had been removed.

Below is the scan. Is it now the case that AVG and the teatimer should be switched back on again?

Regards, Keith_H


C:\Program Files\ESET\ESET Online Scanner

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0731edec8cc9894ca9b7a450a91703f4
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-15 12:11:05
# local_time=2012-08-15 01:11:05 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 26217945 26217945 0 0
# compatibility_mode=5892 16776574 100 100 56761404 182514836 0 0
# compatibility_mode=8192 67108863 100 0 491 491 0 0
# scanned=114816
# found=0
# cleaned=0
# scan_time=7356
Keith_H
Active Member
 
Posts: 12
Joined: August 5th, 2012, 3:32 pm

Re: Laptop has unwanted ib.adnxs.com tracker/pop-up

Unread postby askey127 » August 15th, 2012, 10:49 am

Keith:
Vista Chrome AppData location will be here:
C:\Users\keith\AppData\Local\Google\Chrome\
If you choose to remove Chrome, delete the above folder as well, before you re-install.
This will delete any unwanted settings related to the older installation.
You may have to navigate to that folder, right click, choose Properties > Security tab, and Edit to give yourself Read/Write privilege on the folder.

Instruction for setting startup preferences in Chrome using the browser itself is here.
http://support.google.com/chrome/bin/an ... swer=95421

Restart OTL and click the Clean Up Button. That will remove most of our tools.

Now you can reset Teatimer and AVG, as needed.

If no more questions or issues, Good luck!

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Laptop has unwanted ib.adnxs.com tracker/pop-up

Unread postby askey127 » August 16th, 2012, 11:48 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 106 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware