Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unauthorized "Domains" added to URL

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unauthorized "Domains" added to URL

Unread postby frerom » July 28th, 2013, 7:40 pm

I believe we may have had an internet virus. For the past several weeks, it could be longer since the problem occurred on my wife's computer, we have been getting a certificate warning that the web site we are visiting shouldn't be trusted. Since we knew the site and when we continued we didn't notice any problems we did nothing about it.
Yesterday I was logging into my internet email and I did some followup. I noticed that although I logged into my email account the url was different. The word "domains" was added to the URL as follows :- https://domains.login etc. Also although Microsoft Security Essentials indicated the computer was protected the Security Center showed Virus Protection was off. Also I noticed there was an update notice for MSE 4.3.215.0 KB2855265.
I installed the update and the noted problems have disappeared.

Would you have more information on this problem? Should we do any additional investigation?

The DDS log before the MSE update follows:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/6/2009 1:25:22 PM
System Uptime: 7/28/2013 8:07:01 AM (1 hours ago)
.
Motherboard: IBM | | IBM
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | LGA775/PSC/TJS | 2992/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 24.118 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1507: 6/2/2013 1:20:45 PM - Software Distribution Service 3.0
RP1508: 6/3/2013 1:53:05 PM - System Checkpoint
RP1509: 6/4/2013 8:47:03 AM - Software Distribution Service 3.0
RP1510: 6/5/2013 9:11:26 AM - Software Distribution Service 3.0
RP1511: 6/6/2013 9:44:25 AM - System Checkpoint
RP1512: 6/7/2013 8:42:10 AM - Software Distribution Service 3.0
RP1513: 6/8/2013 10:26:08 AM - System Checkpoint
RP1514: 6/9/2013 8:38:44 AM - Software Distribution Service 3.0
RP1515: 6/9/2013 1:23:19 PM - Software Distribution Service 3.0
RP1516: 6/10/2013 2:23:31 PM - System Checkpoint
RP1517: 6/11/2013 8:17:42 AM - Software Distribution Service 3.0
RP1518: 6/12/2013 8:56:20 AM - System Checkpoint
RP1519: 6/12/2013 11:13:07 PM - Software Distribution Service 3.0
RP1520: 6/13/2013 7:33:56 AM - Software Distribution Service 3.0
RP1521: 6/14/2013 8:20:27 AM - System Checkpoint
RP1522: 6/15/2013 6:41:58 AM - Software Distribution Service 3.0
RP1523: 6/16/2013 7:49:36 AM - Software Distribution Service 3.0
RP1524: 6/16/2013 1:15:50 PM - Software Distribution Service 3.0
RP1525: 6/17/2013 7:42:00 AM - Software Distribution Service 3.0
RP1526: 6/18/2013 8:26:09 AM - System Checkpoint
RP1527: 6/19/2013 8:52:58 AM - Software Distribution Service 3.0
RP1528: 6/19/2013 11:15:41 AM - Removed Java 7 Update 21
RP1529: 6/19/2013 11:16:55 AM - Installed Java 7 Update 25
RP1530: 6/20/2013 11:40:08 AM - System Checkpoint
RP1531: 6/21/2013 6:48:38 AM - Software Distribution Service 3.0
RP1532: 6/22/2013 8:02:02 AM - Software Distribution Service 3.0
RP1533: 6/23/2013 8:18:25 AM - Software Distribution Service 3.0
RP1534: 6/24/2013 8:45:41 AM - System Checkpoint
RP1535: 6/25/2013 5:54:03 AM - Software Distribution Service 3.0
RP1536: 6/26/2013 7:59:08 AM - Software Distribution Service 3.0
RP1537: 6/27/2013 8:28:37 AM - System Checkpoint
RP1538: 6/28/2013 8:08:07 AM - Software Distribution Service 3.0
RP1539: 6/29/2013 10:17:49 AM - System Checkpoint
RP1540: 6/30/2013 8:17:09 AM - Software Distribution Service 3.0
RP1541: 7/1/2013 8:23:29 AM - Software Distribution Service 3.0
RP1542: 7/2/2013 8:29:22 AM - System Checkpoint
RP1543: 7/2/2013 6:17:00 PM - Software Distribution Service 3.0
RP1544: 7/3/2013 6:18:16 PM - Software Distribution Service 3.0
RP1545: 7/4/2013 7:32:04 PM - System Checkpoint
RP1546: 7/5/2013 7:50:12 AM - Software Distribution Service 3.0
RP1547: 7/6/2013 8:48:26 AM - Software Distribution Service 3.0
RP1548: 7/7/2013 10:35:34 AM - System Checkpoint
RP1549: 7/8/2013 8:16:10 AM - Software Distribution Service 3.0
RP1550: 7/9/2013 8:31:31 AM - System Checkpoint
RP1551: 7/10/2013 7:44:52 AM - Software Distribution Service 3.0
RP1552: 7/11/2013 7:59:57 AM - Software Distribution Service 3.0
RP1553: 7/11/2013 10:47:54 PM - Software Distribution Service 3.0
RP1554: 7/12/2013 8:27:22 AM - Software Distribution Service 3.0
RP1555: 7/13/2013 3:20:27 PM - Software Distribution Service 3.0
RP1556: 7/14/2013 12:46:27 PM - Software Distribution Service 3.0
RP1557: 7/15/2013 11:37:06 AM - Software Distribution Service 3.0
RP1558: 7/16/2013 11:57:16 AM - System Checkpoint
RP1559: 7/17/2013 6:47:52 AM - Software Distribution Service 3.0
RP1560: 7/18/2013 7:32:03 AM - Software Distribution Service 3.0
RP1561: 7/19/2013 7:43:50 AM - System Checkpoint
RP1562: 7/20/2013 8:10:11 AM - Software Distribution Service 3.0
RP1563: 7/21/2013 9:13:58 AM - System Checkpoint
RP1564: 7/21/2013 1:07:51 PM - Software Distribution Service 3.0
RP1565: 7/22/2013 1:42:20 PM - System Checkpoint
RP1566: 7/22/2013 3:25:09 PM - Software Distribution Service 3.0
RP1567: 7/23/2013 4:17:39 PM - System Checkpoint
RP1568: 7/24/2013 6:47:35 AM - Software Distribution Service 3.0
RP1569: 7/25/2013 12:03:45 PM - System Checkpoint
RP1570: 7/26/2013 6:47:53 AM - Software Distribution Service 3.0
RP1571: 7/27/2013 8:52:17 AM - Software Distribution Service 3.0
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
Hosts: 127.0.0.1 ads.bleepingcomputer.com
Hosts: 127.0.0.1 wdcs.trendmicro.com
.
==== Installed Programs ======================
.
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Apple Application Support
Apple Software Update
Bell Internet Service Advisor 3.7.44
ERUNT 1.1j
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP USB Disk Storage Format Tool
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 25
Java Auto Updater
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spelling Dictionaries Support For Adobe Reader 9
System Requirements Lab for Intel
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows PowerShell(TM) 1.0
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
7/25/2013 6:46:25 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.679.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x80072f76 Error description: The requested header was not found
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Fred at 9:06:16 on 2013-07-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.248 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sympatico.ca/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: secunia.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 0508548343
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 0394782676
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.co ... .5.5.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{EAF4E7B1-5FA2-4767-9E15-26086347BB37} : DHCPNameServer = 192.168.2.1
Notify: igfxcui - igfxdev.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - <orphaned>
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 195296]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2009-4-6 20160]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S4 ServicepointService;ServicepointService;c:\program files\bell\internet service advisor\ServicepointService.exe [2012-8-28 689464]
.
=============== Created Last 30 ================
.
2013-07-27 12:52:31 7143960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da1dc245-e1dc-4fd6-bb30-2a9a1f2cbcc1}\mpengine.dll
2013-07-26 10:47:59 7143960 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-07-24 02:59:21 -------- d-----w- C:\Sun
2013-07-17 18:46:13 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
.
==================== Find3M ====================
.
2013-06-19 15:17:09 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-19 15:17:04 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-19 15:17:03 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-19 15:17:03 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 02:26:38 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 02:26:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 03:55:44 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 9:07:05.01 ===============
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada
Advertisement
Register to Remove

Re: Unauthorized "Domains" added to URL

Unread postby Cypher » July 31st, 2013, 1:26 pm

Hi and welcome back to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



Please download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Next.

Please download TDSSKiller.exe and save it to your Desktop.
  1. Double click on TDSSKiller.exe to run it.
  2. Click on Start Scan, the scan will run.
  3. When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  4. Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  5. To find the log go to Start > Computer > C:
  6. A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  7. Post the contents of that log in your next reply please.
  8. DO NOT TRY TO FIX ANYTHING AT THIS POINT

Logs/Information to Post in your Next Reply

  • OTL.txt and Extra.txt contents.
  • TDSSKiller log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Unauthorized "Domains" added to URL

Unread postby frerom » July 31st, 2013, 2:38 pm

Hi Cypher,
I'm glad you are able to help me.

Just want to remind you that there was an update from Microsoft that I installed after I posted the DDS file. I also ran DDS after the update if you are interested to have it.
I do have the issue again where MSE states that the computer is protected but Security Center shows virus protection OFF.

The requested logs follow:

OTL logfile created on: 7/31/2013 2:21:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Fred\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.48 Mb Total Physical Memory | 254.68 Mb Available Physical Memory | 50.68% Memory free
1.20 Gb Paging File | 0.98 Gb Available in Paging File | 81.91% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 24.38 Gb Free Space | 65.43% Space Free | Partition Type: NTFS

Computer Name: JULIE | User Name: Fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/31 14:18:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/06/19 11:17:06 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/06/19 11:17:06 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/11 22:26:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Disabled | Stopped] -- C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe -- (ServicepointService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\senfilt.sys -- (senfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2006/05/10 18:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/09 22:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2004/09/22 16:24:00 | 000,014,695 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2001/08/17 15:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
IE - HKCU\..\SearchScopes,DefaultScope = {1974E7D9-C7DE-4DD4-8C47-00DE83D50DCD}
IE - HKCU\..\SearchScopes\{1974E7D9-C7DE-4DD4-8C47-00DE83D50DCD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF

[2012/03/29 16:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/05 12:55:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/05 12:55:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/30 21:17:20 | 000,615,911 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 16259 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 0508548343 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 0394782676 (MUWebControl Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... .5.5.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAF4E7B1-5FA2-4767-9E15-26086347BB37}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/06 13:22:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/31 14:19:59 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Fred\Desktop\tdsskiller.exe
[2013/07/31 14:18:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.exe
[2013/07/28 09:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\My Documents\computer problems
[2013/07/28 09:00:59 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Fred\Desktop\dds.scr
[2013/07/23 22:59:21 | 000,000,000 | ---D | C] -- C:\Sun
[2013/07/22 14:55:16 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Fred\Desktop\aswclear.exe
[2013/07/17 14:47:31 | 000,919,592 | ---- | C] (BillP Studios) -- C:\Documents and Settings\Fred\Desktop\wpsetup.exe
[2013/07/17 14:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/05/16 17:23:07 | 038,147,376 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Fred\QuickTimeInstaller.exe

========== Files - Modified Within 30 Days ==========

[2013/07/31 14:20:05 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Fred\Desktop\tdsskiller.exe
[2013/07/31 14:18:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.exe
[2013/07/31 14:13:55 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/31 13:25:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/30 22:43:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/07/30 21:57:24 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/30 21:47:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/28 09:15:57 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/07/28 09:01:49 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Fred\Desktop\dds.scr
[2013/07/22 14:55:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Fred\Desktop\aswclear.exe
[2013/07/17 14:47:48 | 000,919,592 | ---- | M] (BillP Studios) -- C:\Documents and Settings\Fred\Desktop\wpsetup.exe
[2013/07/12 08:09:43 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/11 23:09:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/11 23:06:50 | 000,426,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/11 23:06:50 | 000,065,562 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2013/07/28 09:27:31 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/04/09 17:11:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2012/02/16 11:45:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/04/24 11:22:40 | 002,097,152 | -H-- | C] () -- C:\Documents and Settings\Fred\NTUSER.bak

========== ZeroAccess Check ==========

[2009/06/27 11:32:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/02 19:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/01/31 13:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/08/28 17:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bell
[2013/07/17 14:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/01/09 13:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/08/28 17:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2012/08/28 18:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Bell
[2012/03/05 17:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\ElevatedDiagnostics
[2010/03/15 23:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\ErrorExpert
[2012/06/22 15:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Oracle
[2010/03/15 14:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Windows Search
[2013/07/17 14:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\WinPatrol

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 7/31/2013 2:21:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Fred\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.48 Mb Total Physical Memory | 254.68 Mb Available Physical Memory | 50.68% Memory free
1.20 Gb Paging File | 0.98 Gb Available in Paging File | 81.91% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 24.38 Gb Free Space | 65.43% Space Free | Partition Type: NTFS

Computer Name: JULIE | User Name: Fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe" = C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DADB23F-94E6-4E4D-AFE8-15DE4395E8F3}" = Microsoft Security Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RadialpointClientGateway_is1" = Bell Internet Service Advisor 3.7.44

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/7/2013 2:11:29 PM | Computer Name = JULIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/10/2013 1:44:09 PM | Computer Name = JULIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/11/2013 8:04:26 AM | Computer Name = JULIE | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.

Error - 7/12/2013 8:17:07 AM | Computer Name = JULIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/13/2013 3:24:04 PM | Computer Name = JULIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/15/2013 1:53:07 PM | Computer Name = JULIE | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.

Error - 7/15/2013 1:54:54 PM | Computer Name = JULIE | Source = Application Error | ID = 1001
Description = Fault bucket 743219142.

Error - 7/17/2013 2:46:18 PM | Computer Name = JULIE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
P4 1.1.9700.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 7/18/2013 9:38:01 PM | Computer Name = JULIE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
P4 1.1.9700.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 7/20/2013 4:02:39 PM | Computer Name = JULIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/7/2013 12:53:42 PM | Computer Name = JULIE | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.153.1422.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error
code: 0x80072f76 Error description: The requested header was not found

Error - 7/11/2013 8:04:30 AM | Computer Name = JULIE | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
1 time(s).

Error - 7/20/2013 7:57:06 AM | Computer Name = JULIE | Source = DCOM | ID = 10010
Description = The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register
with DCOM within the required timeout.

Error - 7/25/2013 6:46:25 AM | Computer Name = JULIE | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.155.679.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error
code: 0x80072f76 Error description: The requested header was not found


< End of report >

14:26:55.0390 3792 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:26:56.0312 3792 ============================================================
14:26:56.0312 3792 Current date / time: 2013/07/31 14:26:56.0312
14:26:56.0312 3792 SystemInfo:
14:26:56.0312 3792
14:26:56.0312 3792 OS Version: 5.1.2600 ServicePack: 3.0
14:26:56.0312 3792 Product type: Workstation
14:26:56.0312 3792 ComputerName: JULIE
14:26:56.0312 3792 UserName: Fred
14:26:56.0312 3792 Windows directory: C:\WINDOWS
14:26:56.0312 3792 System windows directory: C:\WINDOWS
14:26:56.0312 3792 Processor architecture: Intel x86
14:26:56.0312 3792 Number of processors: 2
14:26:56.0312 3792 Page size: 0x1000
14:26:56.0312 3792 Boot type: Normal boot
14:26:56.0312 3792 ============================================================
14:27:00.0703 3792 Drive \Device\Harddisk0\DR0 - Size: 0x951240000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:27:00.0734 3792 ============================================================
14:27:00.0734 3792 \Device\Harddisk0\DR0:
14:27:00.0734 3792 MBR partitions:
14:27:00.0734 3792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
14:27:00.0734 3792 ============================================================
14:27:00.0781 3792 C: <-> \Device\Harddisk0\DR0\Partition1
14:27:00.0781 3792 ============================================================
14:27:00.0781 3792 Initialize success
14:27:00.0781 3792 ============================================================
14:28:01.0109 2996 ============================================================
14:28:01.0109 2996 Scan started
14:28:01.0109 2996 Mode: Manual;
14:28:01.0109 2996 ============================================================
14:28:01.0359 2996 ================ Scan system memory ========================
14:28:01.0359 2996 System memory - ok
14:28:01.0359 2996 ================ Scan services =============================
14:28:01.0468 2996 Abiosdsk - ok
14:28:01.0468 2996 abp480n5 - ok
14:28:01.0515 2996 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:28:01.0531 2996 ACPI - ok
14:28:01.0562 2996 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:28:01.0562 2996 ACPIEC - ok
14:28:01.0593 2996 [ B05F2367F62552A2DE7E3C352B7B9885 ] ADM8511 C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
14:28:01.0593 2996 ADM8511 - ok
14:28:01.0687 2996 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:28:01.0687 2996 AdobeFlashPlayerUpdateSvc - ok
14:28:01.0703 2996 adpu160m - ok
14:28:01.0734 2996 [ 3CB6AE5435987B1F8C83FD2730479878 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
14:28:01.0750 2996 aeaudio - ok
14:28:01.0781 2996 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:28:01.0781 2996 aec - ok
14:28:01.0812 2996 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:28:01.0828 2996 AFD - ok
14:28:01.0828 2996 Aha154x - ok
14:28:01.0828 2996 aic78u2 - ok
14:28:01.0843 2996 aic78xx - ok
14:28:01.0875 2996 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:28:01.0875 2996 Alerter - ok
14:28:01.0906 2996 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:28:01.0906 2996 ALG - ok
14:28:01.0906 2996 AliIde - ok
14:28:01.0906 2996 amsint - ok
14:28:01.0937 2996 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:28:01.0937 2996 AppMgmt - ok
14:28:01.0953 2996 asc - ok
14:28:01.0953 2996 asc3350p - ok
14:28:01.0968 2996 asc3550 - ok
14:28:02.0062 2996 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:28:02.0062 2996 aspnet_state - ok
14:28:02.0093 2996 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:28:02.0093 2996 AsyncMac - ok
14:28:02.0125 2996 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:28:02.0125 2996 atapi - ok
14:28:02.0140 2996 Atdisk - ok
14:28:02.0156 2996 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:28:02.0171 2996 Atmarpc - ok
14:28:02.0187 2996 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:28:02.0187 2996 AudioSrv - ok
14:28:02.0218 2996 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:28:02.0218 2996 audstub - ok
14:28:02.0265 2996 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:28:02.0265 2996 b57w2k - ok
14:28:02.0312 2996 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:28:02.0312 2996 Beep - ok
14:28:02.0359 2996 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
14:28:02.0375 2996 BITS - ok
14:28:02.0406 2996 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
14:28:02.0421 2996 Browser - ok
14:28:02.0453 2996 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:28:02.0453 2996 cbidf2k - ok
14:28:02.0453 2996 cd20xrnt - ok
14:28:02.0484 2996 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:28:02.0484 2996 Cdaudio - ok
14:28:02.0515 2996 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:28:02.0531 2996 Cdfs - ok
14:28:02.0546 2996 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:28:02.0546 2996 Cdrom - ok
14:28:02.0546 2996 Changer - ok
14:28:02.0578 2996 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:28:02.0578 2996 CiSvc - ok
14:28:02.0593 2996 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:28:02.0593 2996 ClipSrv - ok
14:28:02.0625 2996 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:28:02.0625 2996 clr_optimization_v2.0.50727_32 - ok
14:28:02.0640 2996 CmdIde - ok
14:28:02.0640 2996 COMSysApp - ok
14:28:02.0656 2996 Cpqarray - ok
14:28:02.0734 2996 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
14:28:02.0734 2996 cpudrv - ok
14:28:02.0765 2996 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:28:02.0765 2996 CryptSvc - ok
14:28:02.0781 2996 dac2w2k - ok
14:28:02.0781 2996 dac960nt - ok
14:28:02.0843 2996 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:28:02.0859 2996 DcomLaunch - ok
14:28:02.0890 2996 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:28:02.0890 2996 Dhcp - ok
14:28:02.0921 2996 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:28:02.0921 2996 Disk - ok
14:28:02.0921 2996 dmadmin - ok
14:28:02.0968 2996 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:28:03.0000 2996 dmboot - ok
14:28:03.0031 2996 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:28:03.0031 2996 dmio - ok
14:28:03.0046 2996 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:28:03.0046 2996 dmload - ok
14:28:03.0078 2996 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:28:03.0078 2996 dmserver - ok
14:28:03.0125 2996 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:28:03.0125 2996 DMusic - ok
14:28:03.0156 2996 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:28:03.0171 2996 Dnscache - ok
14:28:03.0187 2996 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:28:03.0203 2996 Dot3svc - ok
14:28:03.0203 2996 dpti2o - ok
14:28:03.0234 2996 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:28:03.0234 2996 drmkaud - ok
14:28:03.0281 2996 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:28:03.0281 2996 EapHost - ok
14:28:03.0296 2996 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:28:03.0312 2996 ERSvc - ok
14:28:03.0343 2996 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:28:03.0343 2996 Eventlog - ok
14:28:03.0390 2996 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
14:28:03.0390 2996 EventSystem - ok
14:28:03.0437 2996 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:28:03.0437 2996 Fastfat - ok
14:28:03.0468 2996 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:28:03.0468 2996 FastUserSwitchingCompatibility - ok
14:28:03.0484 2996 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:28:03.0484 2996 Fdc - ok
14:28:03.0515 2996 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:28:03.0515 2996 Fips - ok
14:28:03.0531 2996 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:28:03.0531 2996 Flpydisk - ok
14:28:03.0578 2996 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:28:03.0578 2996 FltMgr - ok
14:28:03.0656 2996 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:28:03.0656 2996 FontCache3.0.0.0 - ok
14:28:03.0687 2996 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:28:03.0687 2996 Fs_Rec - ok
14:28:03.0703 2996 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:28:03.0718 2996 Ftdisk - ok
14:28:03.0718 2996 getPlusHelper - ok
14:28:03.0750 2996 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:28:03.0750 2996 Gpc - ok
14:28:03.0828 2996 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:28:03.0828 2996 helpsvc - ok
14:28:03.0859 2996 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:28:03.0875 2996 HidServ - ok
14:28:03.0906 2996 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:28:03.0906 2996 hidusb - ok
14:28:03.0937 2996 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:28:03.0937 2996 hkmsvc - ok
14:28:03.0953 2996 hpn - ok
14:28:03.0984 2996 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:28:04.0000 2996 HTTP - ok
14:28:04.0031 2996 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:28:04.0031 2996 HTTPFilter - ok
14:28:04.0046 2996 i2omgmt - ok
14:28:04.0046 2996 i2omp - ok
14:28:04.0078 2996 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:28:04.0078 2996 i8042prt - ok
14:28:04.0281 2996 [ 2AAE7BE67911F4AEC9AD28E9CFB9096F ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:28:04.0468 2996 ialm - ok
14:28:04.0546 2996 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:28:04.0562 2996 idsvc - ok
14:28:04.0593 2996 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:28:04.0609 2996 Imapi - ok
14:28:04.0625 2996 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:28:04.0625 2996 ImapiService - ok
14:28:04.0625 2996 ini910u - ok
14:28:04.0671 2996 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:28:04.0671 2996 IntelIde - ok
14:28:04.0687 2996 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:28:04.0687 2996 intelppm - ok
14:28:04.0718 2996 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:28:04.0718 2996 Ip6Fw - ok
14:28:04.0765 2996 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:28:04.0765 2996 IpFilterDriver - ok
14:28:04.0781 2996 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:28:04.0781 2996 IpInIp - ok
14:28:04.0796 2996 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:28:04.0812 2996 IpNat - ok
14:28:04.0812 2996 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:28:04.0828 2996 IPSec - ok
14:28:04.0859 2996 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:28:04.0859 2996 IRENUM - ok
14:28:04.0890 2996 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:28:04.0890 2996 isapnp - ok
14:28:05.0000 2996 [ 4F4D4AA1E0849FECC0CF5AACD59030B5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:28:05.0000 2996 JavaQuickStarterService - ok
14:28:05.0031 2996 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:28:05.0031 2996 Kbdclass - ok
14:28:05.0078 2996 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:28:05.0078 2996 kbdhid - ok
14:28:05.0093 2996 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:28:05.0093 2996 kmixer - ok
14:28:05.0140 2996 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:28:05.0140 2996 KSecDD - ok
14:28:05.0171 2996 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
14:28:05.0171 2996 LanmanServer - ok
14:28:05.0218 2996 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:28:05.0218 2996 lanmanworkstation - ok
14:28:05.0218 2996 lbrtfdc - ok
14:28:05.0265 2996 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:28:05.0265 2996 LmHosts - ok
14:28:05.0296 2996 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:28:05.0296 2996 Messenger - ok
14:28:05.0296 2996 MidiSyn - ok
14:28:05.0328 2996 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:28:05.0328 2996 mnmdd - ok
14:28:05.0359 2996 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:28:05.0359 2996 mnmsrvc - ok
14:28:05.0390 2996 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:28:05.0390 2996 Modem - ok
14:28:05.0406 2996 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:28:05.0406 2996 Mouclass - ok
14:28:05.0421 2996 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:28:05.0421 2996 mouhid - ok
14:28:05.0437 2996 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:28:05.0437 2996 MountMgr - ok
14:28:05.0484 2996 [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:28:05.0484 2996 MpFilter - ok
14:28:05.0500 2996 mraid35x - ok
14:28:05.0531 2996 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:28:05.0531 2996 MRxDAV - ok
14:28:05.0593 2996 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:28:05.0609 2996 MRxSmb - ok
14:28:05.0640 2996 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:28:05.0640 2996 MSDTC - ok
14:28:05.0687 2996 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:28:05.0687 2996 Msfs - ok
14:28:05.0687 2996 MSIServer - ok
14:28:05.0734 2996 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:28:05.0734 2996 MSKSSRV - ok
14:28:05.0796 2996 [ 37F77AEBFF23A99D1BFB4F34CD2D07F2 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:28:05.0796 2996 MsMpSvc - ok
14:28:05.0828 2996 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:28:05.0828 2996 MSPCLOCK - ok
14:28:05.0828 2996 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:28:05.0828 2996 MSPQM - ok
14:28:05.0875 2996 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:28:05.0875 2996 mssmbios - ok
14:28:05.0906 2996 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:28:05.0921 2996 Mup - ok
14:28:06.0062 2996 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:28:06.0250 2996 napagent - ok
14:28:06.0328 2996 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:28:06.0375 2996 NDIS - ok
14:28:06.0421 2996 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:28:06.0437 2996 NdisTapi - ok
14:28:06.0484 2996 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:28:06.0500 2996 Ndisuio - ok
14:28:06.0515 2996 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:28:06.0546 2996 NdisWan - ok
14:28:06.0593 2996 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:28:06.0593 2996 NDProxy - ok
14:28:06.0656 2996 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:28:06.0656 2996 NetBIOS - ok
14:28:06.0734 2996 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:28:06.0750 2996 NetBT - ok
14:28:06.0812 2996 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:28:06.0843 2996 NetDDE - ok
14:28:06.0843 2996 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:28:06.0843 2996 NetDDEdsdm - ok
14:28:06.0906 2996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:28:06.0921 2996 Netlogon - ok
14:28:07.0031 2996 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:28:07.0062 2996 Netman - ok
14:28:07.0156 2996 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:28:07.0171 2996 NetTcpPortSharing - ok
14:28:07.0250 2996 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:28:07.0296 2996 Nla - ok
14:28:07.0359 2996 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:28:07.0375 2996 Npfs - ok
14:28:07.0531 2996 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:28:07.0796 2996 Ntfs - ok
14:28:07.0812 2996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:28:07.0812 2996 NtLmSsp - ok
14:28:08.0015 2996 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:28:08.0265 2996 NtmsSvc - ok
14:28:08.0312 2996 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:28:08.0312 2996 Null - ok
14:28:08.0343 2996 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:28:08.0359 2996 NwlnkFlt - ok
14:28:08.0375 2996 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:28:08.0390 2996 NwlnkFwd - ok
14:28:08.0453 2996 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:28:08.0453 2996 ose - ok
14:28:08.0484 2996 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:28:08.0484 2996 Parport - ok
14:28:08.0500 2996 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:28:08.0500 2996 PartMgr - ok
14:28:08.0531 2996 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:28:08.0531 2996 ParVdm - ok
14:28:08.0546 2996 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:28:08.0546 2996 PCI - ok
14:28:08.0562 2996 PCIDump - ok
14:28:08.0593 2996 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
14:28:08.0593 2996 PCIIde - ok
14:28:08.0625 2996 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:28:08.0625 2996 Pcmcia - ok
14:28:08.0625 2996 PDCOMP - ok
14:28:08.0640 2996 PDFRAME - ok
14:28:08.0640 2996 PDRELI - ok
14:28:08.0656 2996 PDRFRAME - ok
14:28:08.0656 2996 perc2 - ok
14:28:08.0671 2996 perc2hib - ok
14:28:08.0703 2996 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:28:08.0703 2996 PlugPlay - ok
14:28:08.0718 2996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:28:08.0718 2996 PolicyAgent - ok
14:28:08.0765 2996 [ 78BDC34B7EC96A7D8B14B2D2D95C388A ] portio C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
14:28:08.0765 2996 portio - ok
14:28:08.0796 2996 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:28:08.0796 2996 PptpMiniport - ok
14:28:08.0812 2996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:28:08.0812 2996 ProtectedStorage - ok
14:28:08.0843 2996 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:28:08.0843 2996 Ptilink - ok
14:28:08.0843 2996 ql1080 - ok
14:28:08.0859 2996 Ql10wnt - ok
14:28:08.0859 2996 ql12160 - ok
14:28:08.0875 2996 ql1240 - ok
14:28:08.0875 2996 ql1280 - ok
14:28:08.0906 2996 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:28:08.0906 2996 RasAcd - ok
14:28:08.0953 2996 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:28:08.0953 2996 RasAuto - ok
14:28:08.0953 2996 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:28:08.0953 2996 Rasl2tp - ok
14:28:08.0984 2996 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:28:08.0984 2996 RasMan - ok
14:28:09.0015 2996 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:28:09.0015 2996 RasPppoe - ok
14:28:09.0015 2996 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:28:09.0015 2996 Raspti - ok
14:28:09.0062 2996 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:28:09.0062 2996 Rdbss - ok
14:28:09.0093 2996 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:28:09.0093 2996 RDPCDD - ok
14:28:09.0125 2996 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:28:09.0140 2996 rdpdr - ok
14:28:09.0171 2996 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:28:09.0171 2996 RDPWD - ok
14:28:09.0218 2996 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:28:09.0218 2996 RDSessMgr - ok
14:28:09.0250 2996 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:28:09.0250 2996 redbook - ok
14:28:09.0281 2996 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:28:09.0281 2996 RemoteAccess - ok
14:28:09.0312 2996 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:28:09.0312 2996 RemoteRegistry - ok
14:28:09.0343 2996 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
14:28:09.0343 2996 RpcLocator - ok
14:28:09.0390 2996 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:28:09.0390 2996 RpcSs - ok
14:28:09.0437 2996 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:28:09.0437 2996 RSVP - ok
14:28:09.0453 2996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:28:09.0453 2996 SamSs - ok
14:28:09.0500 2996 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:28:09.0500 2996 SCardSvr - ok
14:28:09.0546 2996 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:28:09.0562 2996 Schedule - ok
14:28:09.0578 2996 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:28:09.0578 2996 Secdrv - ok
14:28:09.0609 2996 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:28:09.0609 2996 seclogon - ok
14:28:09.0609 2996 senfilt - ok
14:28:09.0640 2996 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:28:09.0656 2996 SENS - ok
14:28:09.0671 2996 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:28:09.0671 2996 serenum - ok
14:28:09.0687 2996 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:28:09.0687 2996 Serial - ok
14:28:09.0765 2996 [ F464DD807413BDCC227772D759D20106 ] ServicepointService C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe
14:28:09.0781 2996 ServicepointService - ok
14:28:09.0812 2996 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:28:09.0812 2996 Sfloppy - ok
14:28:09.0843 2996 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:28:09.0859 2996 SharedAccess - ok
14:28:09.0875 2996 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:28:09.0875 2996 ShellHWDetection - ok
14:28:09.0890 2996 Simbad - ok
14:28:09.0937 2996 [ 4AA922332433CDEB8B82C072C212E32E ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
14:28:09.0968 2996 smwdm - ok
14:28:09.0968 2996 Sparrow - ok
14:28:10.0015 2996 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:28:10.0015 2996 splitter - ok
14:28:10.0046 2996 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:28:10.0046 2996 Spooler - ok
14:28:10.0062 2996 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:28:10.0062 2996 sr - ok
14:28:10.0109 2996 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
14:28:10.0109 2996 srservice - ok
14:28:10.0156 2996 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:28:10.0171 2996 Srv - ok
14:28:10.0218 2996 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:28:10.0218 2996 SSDPSRV - ok
14:28:10.0265 2996 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:28:10.0281 2996 stisvc - ok
14:28:10.0312 2996 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:28:10.0312 2996 swenum - ok
14:28:10.0328 2996 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:28:10.0328 2996 swmidi - ok
14:28:10.0328 2996 SwPrv - ok
14:28:10.0343 2996 symc810 - ok
14:28:10.0343 2996 symc8xx - ok
14:28:10.0359 2996 sym_hi - ok
14:28:10.0359 2996 sym_u3 - ok
14:28:10.0375 2996 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:28:10.0390 2996 sysaudio - ok
14:28:10.0421 2996 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:28:10.0421 2996 SysmonLog - ok
14:28:10.0468 2996 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:28:10.0484 2996 TapiSrv - ok
14:28:10.0515 2996 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:28:10.0531 2996 Tcpip - ok
14:28:10.0578 2996 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:28:10.0578 2996 TDPIPE - ok
14:28:10.0593 2996 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:28:10.0593 2996 TDTCP - ok
14:28:10.0609 2996 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:28:10.0609 2996 TermDD - ok
14:28:10.0640 2996 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:28:10.0656 2996 TermService - ok
14:28:10.0671 2996 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
14:28:10.0671 2996 Themes - ok
14:28:10.0703 2996 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:28:10.0718 2996 TlntSvr - ok
14:28:10.0718 2996 TosIde - ok
14:28:10.0750 2996 [ 317B746B6069A10D635FDBDF48723845 ] TPM C:\WINDOWS\system32\DRIVERS\tpm.sys
14:28:10.0750 2996 TPM - ok
14:28:10.0765 2996 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:28:10.0781 2996 TrkWks - ok
14:28:10.0812 2996 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:28:10.0812 2996 Udfs - ok
14:28:10.0812 2996 ultra - ok
14:28:10.0859 2996 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:28:10.0875 2996 Update - ok
14:28:10.0921 2996 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:28:10.0937 2996 upnphost - ok
14:28:10.0953 2996 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:28:10.0953 2996 UPS - ok
14:28:10.0968 2996 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:28:10.0968 2996 usbccgp - ok
14:28:11.0000 2996 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:28:11.0000 2996 usbehci - ok
14:28:11.0000 2996 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:28:11.0015 2996 usbhub - ok
14:28:11.0046 2996 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:28:11.0046 2996 USBSTOR - ok
14:28:11.0078 2996 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:28:11.0078 2996 usbuhci - ok
14:28:11.0109 2996 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:28:11.0109 2996 VgaSave - ok
14:28:11.0125 2996 ViaIde - ok
14:28:11.0125 2996 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:28:11.0140 2996 VolSnap - ok
14:28:11.0171 2996 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:28:11.0187 2996 VSS - ok
14:28:11.0203 2996 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
14:28:11.0218 2996 W32Time - ok
14:28:11.0234 2996 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:28:11.0234 2996 Wanarp - ok
14:28:11.0250 2996 WDICA - ok
14:28:11.0265 2996 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:28:11.0265 2996 wdmaud - ok
14:28:11.0312 2996 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:28:11.0312 2996 WebClient - ok
14:28:11.0390 2996 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:28:11.0390 2996 winmgmt - ok
14:28:11.0437 2996 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
14:28:11.0437 2996 WmdmPmSN - ok
14:28:11.0484 2996 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:28:11.0515 2996 Wmi - ok
14:28:11.0562 2996 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:28:11.0562 2996 WmiApSrv - ok
14:28:11.0609 2996 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:28:11.0609 2996 wscsvc - ok
14:28:11.0640 2996 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:28:11.0640 2996 wuauserv - ok
14:28:11.0703 2996 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:28:11.0718 2996 WZCSVC - ok
14:28:11.0734 2996 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:28:11.0734 2996 xmlprov - ok
14:28:11.0750 2996 ================ Scan global ===============================
14:28:11.0781 2996 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:28:11.0828 2996 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:28:11.0843 2996 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:28:11.0859 2996 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:28:11.0859 2996 [Global] - ok
14:28:11.0859 2996 ================ Scan MBR ==================================
14:28:11.0875 2996 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:28:12.0031 2996 \Device\Harddisk0\DR0 - ok
14:28:12.0031 2996 ================ Scan VBR ==================================
14:28:12.0031 2996 [ C5505DA66B9F15BA7518E7A046C37EBC ] \Device\Harddisk0\DR0\Partition1
14:28:12.0031 2996 \Device\Harddisk0\DR0\Partition1 - ok
14:28:12.0031 2996 ============================================================
14:28:12.0031 2996 Scan finished
14:28:12.0031 2996 ============================================================
14:28:12.0046 2544 Detected object count: 0
14:28:12.0046 2544 Actual detected object count: 0
14:28:25.0968 1076 Deinitialize success
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Unauthorized "Domains" added to URL

Unread postby Cypher » August 1st, 2013, 5:54 am

Hi frerom,
It appears that you posted an old TDSSKiller log.
TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

Please navigate to Start > Computer > C:, and delete all the TDSSKiller logs that are stored there.
They will look similar to this.
TDSSKiller.2.4.0.0 24.07.2010.

Then run TDSSKiller again as instructed in my last post, and post the new log for me.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Unauthorized "Domains" added to URL

Unread postby frerom » August 1st, 2013, 1:25 pm

Hi Ctpher,

Here is the new TDS log.
I apologize for the mistake. Thank you for catching it.
Fred

13:20:30.0437 1724 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:20:31.0484 1724 ============================================================
13:20:31.0484 1724 Current date / time: 2013/08/01 13:20:31.0484
13:20:31.0484 1724 SystemInfo:
13:20:31.0484 1724
13:20:31.0484 1724 OS Version: 5.1.2600 ServicePack: 3.0
13:20:31.0484 1724 Product type: Workstation
13:20:31.0484 1724 ComputerName: JULIE
13:20:31.0484 1724 UserName: Fred
13:20:31.0484 1724 Windows directory: C:\WINDOWS
13:20:31.0484 1724 System windows directory: C:\WINDOWS
13:20:31.0484 1724 Processor architecture: Intel x86
13:20:31.0484 1724 Number of processors: 2
13:20:31.0484 1724 Page size: 0x1000
13:20:31.0484 1724 Boot type: Normal boot
13:20:31.0484 1724 ============================================================
13:20:34.0890 1724 Drive \Device\Harddisk0\DR0 - Size: 0x951240000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:20:34.0921 1724 ============================================================
13:20:34.0921 1724 \Device\Harddisk0\DR0:
13:20:34.0921 1724 MBR partitions:
13:20:34.0921 1724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
13:20:34.0921 1724 ============================================================
13:20:34.0953 1724 C: <-> \Device\Harddisk0\DR0\Partition1
13:20:34.0953 1724 ============================================================
13:20:34.0953 1724 Initialize success
13:20:34.0953 1724 ============================================================
13:20:42.0640 0940 ============================================================
13:20:42.0640 0940 Scan started
13:20:42.0640 0940 Mode: Manual;
13:20:42.0640 0940 ============================================================
13:20:42.0968 0940 ================ Scan system memory ========================
13:20:42.0968 0940 System memory - ok
13:20:42.0968 0940 ================ Scan services =============================
13:20:43.0078 0940 Abiosdsk - ok
13:20:43.0078 0940 abp480n5 - ok
13:20:43.0125 0940 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:20:43.0125 0940 ACPI - ok
13:20:43.0171 0940 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:20:43.0171 0940 ACPIEC - ok
13:20:43.0203 0940 [ B05F2367F62552A2DE7E3C352B7B9885 ] ADM8511 C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
13:20:43.0203 0940 ADM8511 - ok
13:20:43.0281 0940 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:20:43.0296 0940 AdobeFlashPlayerUpdateSvc - ok
13:20:43.0296 0940 adpu160m - ok
13:20:43.0343 0940 [ 3CB6AE5435987B1F8C83FD2730479878 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
13:20:43.0343 0940 aeaudio - ok
13:20:43.0375 0940 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:20:43.0375 0940 aec - ok
13:20:43.0421 0940 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:20:43.0421 0940 AFD - ok
13:20:43.0421 0940 Aha154x - ok
13:20:43.0437 0940 aic78u2 - ok
13:20:43.0437 0940 aic78xx - ok
13:20:43.0468 0940 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:20:43.0468 0940 Alerter - ok
13:20:43.0484 0940 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:20:43.0484 0940 ALG - ok
13:20:43.0500 0940 AliIde - ok
13:20:43.0500 0940 amsint - ok
13:20:43.0531 0940 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:20:43.0531 0940 AppMgmt - ok
13:20:43.0546 0940 asc - ok
13:20:43.0546 0940 asc3350p - ok
13:20:43.0546 0940 asc3550 - ok
13:20:43.0625 0940 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:20:43.0656 0940 aspnet_state - ok
13:20:43.0671 0940 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:20:43.0671 0940 AsyncMac - ok
13:20:43.0703 0940 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:20:43.0718 0940 atapi - ok
13:20:43.0718 0940 Atdisk - ok
13:20:43.0750 0940 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:20:43.0750 0940 Atmarpc - ok
13:20:43.0765 0940 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:20:43.0765 0940 AudioSrv - ok
13:20:43.0796 0940 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:20:43.0796 0940 audstub - ok
13:20:43.0843 0940 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
13:20:43.0843 0940 b57w2k - ok
13:20:43.0890 0940 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:20:43.0890 0940 Beep - ok
13:20:43.0937 0940 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:20:43.0953 0940 BITS - ok
13:20:43.0984 0940 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:20:44.0000 0940 Browser - ok
13:20:44.0031 0940 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:20:44.0031 0940 cbidf2k - ok
13:20:44.0031 0940 cd20xrnt - ok
13:20:44.0062 0940 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:20:44.0062 0940 Cdaudio - ok
13:20:44.0109 0940 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:20:44.0109 0940 Cdfs - ok
13:20:44.0125 0940 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:20:44.0125 0940 Cdrom - ok
13:20:44.0125 0940 Changer - ok
13:20:44.0156 0940 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:20:44.0156 0940 CiSvc - ok
13:20:44.0171 0940 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:20:44.0171 0940 ClipSrv - ok
13:20:44.0203 0940 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:20:44.0281 0940 clr_optimization_v2.0.50727_32 - ok
13:20:44.0296 0940 CmdIde - ok
13:20:44.0296 0940 COMSysApp - ok
13:20:44.0312 0940 Cpqarray - ok
13:20:44.0390 0940 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
13:20:44.0390 0940 cpudrv - ok
13:20:44.0421 0940 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:20:44.0421 0940 CryptSvc - ok
13:20:44.0437 0940 dac2w2k - ok
13:20:44.0437 0940 dac960nt - ok
13:20:44.0484 0940 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:20:44.0500 0940 DcomLaunch - ok
13:20:44.0546 0940 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:20:44.0546 0940 Dhcp - ok
13:20:44.0562 0940 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:20:44.0562 0940 Disk - ok
13:20:44.0562 0940 dmadmin - ok
13:20:44.0625 0940 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:20:44.0640 0940 dmboot - ok
13:20:44.0671 0940 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:20:44.0671 0940 dmio - ok
13:20:44.0703 0940 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:20:44.0703 0940 dmload - ok
13:20:44.0718 0940 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:20:44.0718 0940 dmserver - ok
13:20:44.0765 0940 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:20:44.0765 0940 DMusic - ok
13:20:44.0812 0940 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:20:44.0812 0940 Dnscache - ok
13:20:44.0843 0940 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:20:44.0843 0940 Dot3svc - ok
13:20:44.0843 0940 dpti2o - ok
13:20:44.0890 0940 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:20:44.0890 0940 drmkaud - ok
13:20:44.0921 0940 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:20:44.0921 0940 EapHost - ok
13:20:44.0953 0940 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:20:44.0953 0940 ERSvc - ok
13:20:44.0984 0940 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:20:45.0000 0940 Eventlog - ok
13:20:45.0031 0940 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:20:45.0046 0940 EventSystem - ok
13:20:45.0078 0940 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:20:45.0078 0940 Fastfat - ok
13:20:45.0109 0940 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:20:45.0125 0940 FastUserSwitchingCompatibility - ok
13:20:45.0125 0940 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:20:45.0140 0940 Fdc - ok
13:20:45.0171 0940 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:20:45.0171 0940 Fips - ok
13:20:45.0171 0940 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:20:45.0187 0940 Flpydisk - ok
13:20:45.0218 0940 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:20:45.0218 0940 FltMgr - ok
13:20:45.0296 0940 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:20:45.0296 0940 FontCache3.0.0.0 - ok
13:20:45.0343 0940 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:20:45.0343 0940 Fs_Rec - ok
13:20:45.0359 0940 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:20:45.0359 0940 Ftdisk - ok
13:20:45.0359 0940 getPlusHelper - ok
13:20:45.0406 0940 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:20:45.0406 0940 Gpc - ok
13:20:45.0468 0940 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:20:45.0468 0940 helpsvc - ok
13:20:45.0515 0940 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:20:45.0515 0940 HidServ - ok
13:20:45.0546 0940 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:20:45.0546 0940 hidusb - ok
13:20:45.0593 0940 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:20:45.0593 0940 hkmsvc - ok
13:20:45.0593 0940 hpn - ok
13:20:45.0640 0940 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:20:45.0656 0940 HTTP - ok
13:20:45.0687 0940 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:20:45.0687 0940 HTTPFilter - ok
13:20:45.0687 0940 i2omgmt - ok
13:20:45.0703 0940 i2omp - ok
13:20:45.0718 0940 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:20:45.0734 0940 i8042prt - ok
13:20:45.0953 0940 [ 2AAE7BE67911F4AEC9AD28E9CFB9096F ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:20:46.0125 0940 ialm - ok
13:20:46.0218 0940 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:20:46.0234 0940 idsvc - ok
13:20:46.0281 0940 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:20:46.0281 0940 Imapi - ok
13:20:46.0296 0940 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:20:46.0296 0940 ImapiService - ok
13:20:46.0312 0940 ini910u - ok
13:20:46.0359 0940 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
13:20:46.0359 0940 IntelIde - ok
13:20:46.0375 0940 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:20:46.0375 0940 intelppm - ok
13:20:46.0390 0940 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:20:46.0390 0940 Ip6Fw - ok
13:20:46.0437 0940 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:20:46.0437 0940 IpFilterDriver - ok
13:20:46.0453 0940 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:20:46.0453 0940 IpInIp - ok
13:20:46.0468 0940 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:20:46.0484 0940 IpNat - ok
13:20:46.0484 0940 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:20:46.0500 0940 IPSec - ok
13:20:46.0531 0940 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:20:46.0531 0940 IRENUM - ok
13:20:46.0562 0940 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:20:46.0562 0940 isapnp - ok
13:20:46.0671 0940 [ 4F4D4AA1E0849FECC0CF5AACD59030B5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
13:20:46.0671 0940 JavaQuickStarterService - ok
13:20:46.0703 0940 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:20:46.0703 0940 Kbdclass - ok
13:20:46.0750 0940 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:20:46.0750 0940 kbdhid - ok
13:20:46.0765 0940 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:20:46.0765 0940 kmixer - ok
13:20:46.0812 0940 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:20:46.0812 0940 KSecDD - ok
13:20:46.0843 0940 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
13:20:46.0843 0940 LanmanServer - ok
13:20:46.0875 0940 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:20:46.0906 0940 lanmanworkstation - ok
13:20:46.0906 0940 lbrtfdc - ok
13:20:46.0953 0940 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:20:46.0953 0940 LmHosts - ok
13:20:46.0984 0940 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:20:46.0984 0940 Messenger - ok
13:20:46.0984 0940 MidiSyn - ok
13:20:47.0031 0940 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:20:47.0031 0940 mnmdd - ok
13:20:47.0062 0940 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:20:47.0062 0940 mnmsrvc - ok
13:20:47.0093 0940 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:20:47.0093 0940 Modem - ok
13:20:47.0093 0940 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:20:47.0093 0940 Mouclass - ok
13:20:47.0125 0940 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:20:47.0125 0940 mouhid - ok
13:20:47.0140 0940 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:20:47.0140 0940 MountMgr - ok
13:20:47.0171 0940 [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:20:47.0187 0940 MpFilter - ok
13:20:47.0187 0940 mraid35x - ok
13:20:47.0234 0940 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:20:47.0234 0940 MRxDAV - ok
13:20:47.0296 0940 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:20:47.0312 0940 MRxSmb - ok
13:20:47.0343 0940 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:20:47.0343 0940 MSDTC - ok
13:20:47.0375 0940 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:20:47.0375 0940 Msfs - ok
13:20:47.0390 0940 MSIServer - ok
13:20:47.0421 0940 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:20:47.0421 0940 MSKSSRV - ok
13:20:47.0484 0940 [ 37F77AEBFF23A99D1BFB4F34CD2D07F2 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:20:47.0484 0940 MsMpSvc - ok
13:20:47.0515 0940 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:20:47.0515 0940 MSPCLOCK - ok
13:20:47.0531 0940 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:20:47.0531 0940 MSPQM - ok
13:20:47.0578 0940 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:20:47.0578 0940 mssmbios - ok
13:20:47.0609 0940 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:20:47.0609 0940 Mup - ok
13:20:47.0656 0940 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:20:47.0671 0940 napagent - ok
13:20:47.0718 0940 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:20:47.0718 0940 NDIS - ok
13:20:47.0750 0940 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:20:47.0750 0940 NdisTapi - ok
13:20:47.0765 0940 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:20:47.0765 0940 Ndisuio - ok
13:20:47.0781 0940 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:20:47.0781 0940 NdisWan - ok
13:20:47.0828 0940 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:20:47.0828 0940 NDProxy - ok
13:20:47.0859 0940 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:20:47.0859 0940 NetBIOS - ok
13:20:47.0890 0940 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:20:47.0890 0940 NetBT - ok
13:20:47.0921 0940 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:20:47.0921 0940 NetDDE - ok
13:20:47.0921 0940 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:20:47.0921 0940 NetDDEdsdm - ok
13:20:47.0953 0940 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:20:47.0953 0940 Netlogon - ok
13:20:47.0968 0940 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:20:47.0984 0940 Netman - ok
13:20:48.0031 0940 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:20:48.0031 0940 NetTcpPortSharing - ok
13:20:48.0062 0940 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:20:48.0078 0940 Nla - ok
13:20:48.0125 0940 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:20:48.0125 0940 Npfs - ok
13:20:48.0156 0940 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:20:48.0171 0940 Ntfs - ok
13:20:48.0187 0940 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:20:48.0187 0940 NtLmSsp - ok
13:20:48.0218 0940 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:20:48.0234 0940 NtmsSvc - ok
13:20:48.0281 0940 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:20:48.0281 0940 Null - ok
13:20:48.0312 0940 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:20:48.0312 0940 NwlnkFlt - ok
13:20:48.0328 0940 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:20:48.0328 0940 NwlnkFwd - ok
13:20:48.0390 0940 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:20:48.0390 0940 ose - ok
13:20:48.0421 0940 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:20:48.0421 0940 Parport - ok
13:20:48.0437 0940 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:20:48.0437 0940 PartMgr - ok
13:20:48.0468 0940 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:20:48.0468 0940 ParVdm - ok
13:20:48.0484 0940 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:20:48.0500 0940 PCI - ok
13:20:48.0500 0940 PCIDump - ok
13:20:48.0531 0940 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
13:20:48.0546 0940 PCIIde - ok
13:20:48.0562 0940 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:20:48.0562 0940 Pcmcia - ok
13:20:48.0578 0940 PDCOMP - ok
13:20:48.0578 0940 PDFRAME - ok
13:20:48.0578 0940 PDRELI - ok
13:20:48.0593 0940 PDRFRAME - ok
13:20:48.0593 0940 perc2 - ok
13:20:48.0609 0940 perc2hib - ok
13:20:48.0671 0940 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:20:48.0671 0940 PlugPlay - ok
13:20:48.0671 0940 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:20:48.0671 0940 PolicyAgent - ok
13:20:48.0718 0940 [ 78BDC34B7EC96A7D8B14B2D2D95C388A ] portio C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
13:20:48.0718 0940 portio - ok
13:20:48.0750 0940 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:20:48.0750 0940 PptpMiniport - ok
13:20:48.0765 0940 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:20:48.0765 0940 ProtectedStorage - ok
13:20:48.0796 0940 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:20:48.0796 0940 Ptilink - ok
13:20:48.0812 0940 ql1080 - ok
13:20:48.0812 0940 Ql10wnt - ok
13:20:48.0828 0940 ql12160 - ok
13:20:48.0828 0940 ql1240 - ok
13:20:48.0843 0940 ql1280 - ok
13:20:48.0875 0940 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:20:48.0875 0940 RasAcd - ok
13:20:48.0906 0940 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:20:48.0921 0940 RasAuto - ok
13:20:48.0921 0940 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:20:48.0921 0940 Rasl2tp - ok
13:20:48.0953 0940 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:20:48.0953 0940 RasMan - ok
13:20:48.0984 0940 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:20:48.0984 0940 RasPppoe - ok
13:20:48.0984 0940 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:20:48.0984 0940 Raspti - ok
13:20:49.0000 0940 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:20:49.0015 0940 Rdbss - ok
13:20:49.0031 0940 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:20:49.0031 0940 RDPCDD - ok
13:20:49.0062 0940 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:20:49.0078 0940 rdpdr - ok
13:20:49.0109 0940 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:20:49.0125 0940 RDPWD - ok
13:20:49.0171 0940 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:20:49.0171 0940 RDSessMgr - ok
13:20:49.0203 0940 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:20:49.0203 0940 redbook - ok
13:20:49.0250 0940 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:20:49.0250 0940 RemoteAccess - ok
13:20:49.0281 0940 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:20:49.0296 0940 RemoteRegistry - ok
13:20:49.0328 0940 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:20:49.0328 0940 RpcLocator - ok
13:20:49.0359 0940 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:20:49.0359 0940 RpcSs - ok
13:20:49.0406 0940 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:20:49.0406 0940 RSVP - ok
13:20:49.0437 0940 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:20:49.0437 0940 SamSs - ok
13:20:49.0484 0940 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:20:49.0484 0940 SCardSvr - ok
13:20:49.0531 0940 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:20:49.0531 0940 Schedule - ok
13:20:49.0562 0940 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:20:49.0562 0940 Secdrv - ok
13:20:49.0578 0940 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:20:49.0578 0940 seclogon - ok
13:20:49.0593 0940 senfilt - ok
13:20:49.0609 0940 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:20:49.0609 0940 SENS - ok
13:20:49.0625 0940 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:20:49.0625 0940 serenum - ok
13:20:49.0656 0940 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:20:49.0656 0940 Serial - ok
13:20:49.0734 0940 [ F464DD807413BDCC227772D759D20106 ] ServicepointService C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe
13:20:49.0750 0940 ServicepointService - ok
13:20:49.0781 0940 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:20:49.0781 0940 Sfloppy - ok
13:20:49.0796 0940 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:20:49.0828 0940 SharedAccess - ok
13:20:49.0843 0940 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:20:49.0843 0940 ShellHWDetection - ok
13:20:49.0843 0940 Simbad - ok
13:20:49.0906 0940 [ 4AA922332433CDEB8B82C072C212E32E ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
13:20:49.0937 0940 smwdm - ok
13:20:49.0937 0940 Sparrow - ok
13:20:49.0968 0940 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:20:49.0984 0940 splitter - ok
13:20:50.0015 0940 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:20:50.0015 0940 Spooler - ok
13:20:50.0031 0940 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:20:50.0031 0940 sr - ok
13:20:50.0078 0940 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:20:50.0078 0940 srservice - ok
13:20:50.0125 0940 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:20:50.0140 0940 Srv - ok
13:20:50.0187 0940 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:20:50.0187 0940 SSDPSRV - ok
13:20:50.0234 0940 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:20:50.0250 0940 stisvc - ok
13:20:50.0265 0940 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:20:50.0265 0940 swenum - ok
13:20:50.0281 0940 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:20:50.0296 0940 swmidi - ok
13:20:50.0296 0940 SwPrv - ok
13:20:50.0296 0940 symc810 - ok
13:20:50.0312 0940 symc8xx - ok
13:20:50.0312 0940 sym_hi - ok
13:20:50.0328 0940 sym_u3 - ok
13:20:50.0359 0940 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:20:50.0359 0940 sysaudio - ok
13:20:50.0390 0940 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:20:50.0406 0940 SysmonLog - ok
13:20:50.0437 0940 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:20:50.0453 0940 TapiSrv - ok
13:20:50.0500 0940 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:20:50.0515 0940 Tcpip - ok
13:20:50.0546 0940 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:20:50.0546 0940 TDPIPE - ok
13:20:50.0562 0940 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:20:50.0562 0940 TDTCP - ok
13:20:50.0578 0940 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:20:50.0593 0940 TermDD - ok
13:20:50.0609 0940 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:20:50.0625 0940 TermService - ok
13:20:50.0640 0940 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:20:50.0640 0940 Themes - ok
13:20:50.0687 0940 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:20:50.0687 0940 TlntSvr - ok
13:20:50.0687 0940 TosIde - ok
13:20:50.0718 0940 [ 317B746B6069A10D635FDBDF48723845 ] TPM C:\WINDOWS\system32\DRIVERS\tpm.sys
13:20:50.0718 0940 TPM - ok
13:20:50.0750 0940 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:20:50.0750 0940 TrkWks - ok
13:20:50.0781 0940 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:20:50.0781 0940 Udfs - ok
13:20:50.0781 0940 ultra - ok
13:20:50.0828 0940 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:20:50.0843 0940 Update - ok
13:20:50.0890 0940 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:20:50.0890 0940 upnphost - ok
13:20:50.0921 0940 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:20:50.0921 0940 UPS - ok
13:20:50.0937 0940 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:20:50.0937 0940 usbccgp - ok
13:20:50.0953 0940 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:20:50.0953 0940 usbehci - ok
13:20:50.0968 0940 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:20:50.0968 0940 usbhub - ok
13:20:51.0000 0940 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:20:51.0015 0940 USBSTOR - ok
13:20:51.0031 0940 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:20:51.0046 0940 usbuhci - ok
13:20:51.0078 0940 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:20:51.0078 0940 VgaSave - ok
13:20:51.0078 0940 ViaIde - ok
13:20:51.0093 0940 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:20:51.0093 0940 VolSnap - ok
13:20:51.0125 0940 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:20:51.0140 0940 VSS - ok
13:20:51.0171 0940 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
13:20:51.0187 0940 W32Time - ok
13:20:51.0203 0940 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:20:51.0218 0940 Wanarp - ok
13:20:51.0218 0940 WDICA - ok
13:20:51.0250 0940 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:20:51.0250 0940 wdmaud - ok
13:20:51.0265 0940 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:20:51.0281 0940 WebClient - ok
13:20:51.0359 0940 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:20:51.0359 0940 winmgmt - ok
13:20:51.0406 0940 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
13:20:51.0406 0940 WmdmPmSN - ok
13:20:51.0453 0940 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:20:51.0468 0940 Wmi - ok
13:20:51.0515 0940 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:20:51.0515 0940 WmiApSrv - ok
13:20:51.0562 0940 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:20:51.0562 0940 wscsvc - ok
13:20:51.0609 0940 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:20:51.0625 0940 wuauserv - ok
13:20:51.0656 0940 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:20:51.0671 0940 WZCSVC - ok
13:20:51.0703 0940 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:20:51.0718 0940 xmlprov - ok
13:20:51.0718 0940 ================ Scan global ===============================
13:20:51.0750 0940 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:20:51.0796 0940 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
13:20:51.0828 0940 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
13:20:51.0859 0940 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:20:51.0859 0940 [Global] - ok
13:20:51.0859 0940 ================ Scan MBR ==================================
13:20:51.0875 0940 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:20:52.0031 0940 \Device\Harddisk0\DR0 - ok
13:20:52.0031 0940 ================ Scan VBR ==================================
13:20:52.0031 0940 [ C5505DA66B9F15BA7518E7A046C37EBC ] \Device\Harddisk0\DR0\Partition1
13:20:52.0031 0940 \Device\Harddisk0\DR0\Partition1 - ok
13:20:52.0031 0940 ============================================================
13:20:52.0031 0940 Scan finished
13:20:52.0031 0940 ============================================================
13:20:52.0046 1424 Detected object count: 0
13:20:52.0046 1424 Actual detected object count: 0
13:21:10.0187 4064 Deinitialize success
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Unauthorized "Domains" added to URL

Unread postby Cypher » August 1st, 2013, 1:51 pm

Hi frerom,
Quick question, is your computer clock set to the correct time and date?

  • Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.

Next.

We need to run an OTL Fix

  • Double-click OTL.exe to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
  • (Click the select all button next to the codebox to select the entire script).
    Code: Select all
    :otl
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q= {searchTerms}&src={referrer:source?}
    IE - HKCU\..\SearchScopes,DefaultScope = {1974E7D9-C7DE-4DD4-8C47-00DE83D50DCD}
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    [2013/07/22 14:55:16 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Fred\Desktop\aswclear.exe
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [resethosts] 
    

  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, one Notepad file will open.
    • OTL.txt <-- Will be opened
    • Please post the contents of this Notepad file in your next reply.

    Logs/Information to Post in your Next Reply

    • OTL Fix log.
    • OTL Scan log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Unauthorized "Domains" added to URL

Unread postby frerom » August 1st, 2013, 2:26 pm

Hi Cypher,
I believe the computer is set to the correct time. I resynced it with internet time to make sure.
It went smoothly. I noticed the Virus Protection alert has been removed.
Following are the 2 logs:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com deleted successfully.
File C:\Program Files\Alwil Software\Avast5\WebRep\FF not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
C:\Documents and Settings\Fred\Desktop\aswclear.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Fred\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Fred\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Fred
->Temp folder emptied: 3684575 bytes
->Temporary Internet Files folder emptied: 28055093 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 600 bytes

User: Fred Lim
->Temp folder emptied: 214 bytes
->Temporary Internet Files folder emptied: 35354 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Julia
->Temp folder emptied: 1530306 bytes
->Temporary Internet Files folder emptied: 171189642 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 7991 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 295270 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19712912 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 35190798 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 17056209 bytes

Total Files Cleaned = 264.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 08012013_141052

Files\Folders moved on Reboot...
C:\Documents and Settings\Fred\Local Settings\Temp\JavaDeployReg.log moved successfully.
File\Folder C:\Documents and Settings\Fred\Local Settings\Temp\~DF83B8.tmp not found!
File\Folder C:\Documents and Settings\Fred\Local Settings\Temp\~DF83E9.tmp not found!
File\Folder C:\Documents and Settings\Fred\Local Settings\Temp\~DF8510.tmp not found!
File\Folder C:\Documents and Settings\Fred\Local Settings\Temp\~DF851C.tmp not found!
File\Folder C:\Documents and Settings\Fred\Local Settings\Temp\~DF8626.tmp not found!
File\Folder C:\Documents and Settings\Fred\Local Settings\Temp\~DF867E.tmp not found!
C:\Documents and Settings\Fred\Local Settings\Temporary Internet Files\Content.IE5\KCSGX7IG\viewtopic[1].php moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


OTL logfile created on: 8/1/2013 2:18:04 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Fred\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.48 Mb Total Physical Memory | 265.42 Mb Available Physical Memory | 52.82% Memory free
1.20 Gb Paging File | 0.92 Gb Available in Paging File | 76.33% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 24.58 Gb Free Space | 65.96% Space Free | Partition Type: NTFS

Computer Name: JULIE | User Name: Fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/31 14:18:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/06/19 11:17:06 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/06/19 11:17:06 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/11 22:26:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Disabled | Stopped] -- C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe -- (ServicepointService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\senfilt.sys -- (senfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2006/05/10 18:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/09 22:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2004/09/22 16:24:00 | 000,014,695 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2001/08/17 15:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
IE - HKCU\..\SearchScopes,DefaultScope = {1974E7D9-C7DE-4DD4-8C47-00DE83D50DCD}
IE - HKCU\..\SearchScopes\{1974E7D9-C7DE-4DD4-8C47-00DE83D50DCD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/03/29 16:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/05 12:55:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/05 12:55:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2013/08/01 14:13:31 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 0508548343 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 0394782676 (MUWebControl Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... .5.5.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAF4E7B1-5FA2-4767-9E15-26086347BB37}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/06 13:22:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/01 14:10:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/31 14:19:59 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Fred\Desktop\tdsskiller.exe
[2013/07/31 14:18:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.exe
[2013/07/28 09:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\My Documents\computer problems
[2013/07/28 09:00:59 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Fred\Desktop\dds.scr
[2013/07/23 22:59:21 | 000,000,000 | ---D | C] -- C:\Sun
[2013/07/17 14:47:31 | 000,919,592 | ---- | C] (BillP Studios) -- C:\Documents and Settings\Fred\Desktop\wpsetup.exe
[2013/07/17 14:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/05/16 17:23:07 | 038,147,376 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Fred\QuickTimeInstaller.exe

========== Files - Modified Within 30 Days ==========

[2013/08/01 14:14:42 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/01 14:14:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/01 14:13:31 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/08/01 13:29:51 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Fred\Desktop\tdsskiller.exe
[2013/08/01 13:25:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/01 08:21:04 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/31 14:18:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.exe
[2013/07/30 22:43:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/07/28 09:15:57 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/07/28 09:01:49 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Fred\Desktop\dds.scr
[2013/07/17 14:47:48 | 000,919,592 | ---- | M] (BillP Studios) -- C:\Documents and Settings\Fred\Desktop\wpsetup.exe
[2013/07/12 08:09:43 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/11 23:09:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/11 23:06:50 | 000,426,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/11 23:06:50 | 000,065,562 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2013/07/28 09:27:31 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/04/09 17:11:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2012/02/16 11:45:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/04/24 11:22:40 | 002,097,152 | -H-- | C] () -- C:\Documents and Settings\Fred\NTUSER.bak

========== ZeroAccess Check ==========

[2009/06/27 11:32:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/02 19:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/01/31 13:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/08/28 17:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bell
[2013/07/17 14:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/01/09 13:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/08/28 17:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2012/08/28 18:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Bell
[2012/03/05 17:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\ElevatedDiagnostics
[2010/03/15 23:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\ErrorExpert
[2012/06/22 15:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Oracle
[2010/03/15 14:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Windows Search
[2013/07/17 14:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\WinPatrol

========== Purity Check ==========



< End of report >
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Unauthorized "Domains" added to URL

Unread postby Cypher » August 2nd, 2013, 5:17 am

Hi frerom,
I believe the computer is set to the correct time. I resynced it with internet time to make sure.

No problem, there was a discrepancy in the TDSSKiller log but i think i know what might of caused it now.
It went smoothly. I noticed the Virus Protection alert has been removed.

Good news, how is your computer running now, are you still experiencing any problems ?

  • Please download RogueKiller by Tigzy and save it to your desktop.
  • Allow the download if prompted by your security software and please close all your programs.
  • Double click on RogueKiller.exe to run it.
  • If it does not run, please try a few times.
  • Wait for PreScan to finish, then click on Scan.
  • Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
  • Please copy and paste the contents of that log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Unauthorized "Domains" added to URL

Unread postby frerom » August 2nd, 2013, 6:51 am

Hi Cypher,

No problems running RogueKiller. The computer appears to be fine also.

But I decided to check the URL and I was surprised to see "domains" back in the URL but after "login" whereas before it was before "login" https://login.domains.live.com/login/en ... wsignin1.0
I checked on my other computers and find the word domains in the URL but further down in the string.

If you want to see the URL go to the following web site http://www.theloop.ca/ and select "Bell Mail"

RogueKiller Report follows:

RogueKiller V8.6.4 [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Fred [Admin rights]
Mode : Scan -- Date : 08/02/2013 06:45:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD400BD-08LRA0 +++++
--- User ---
[MBR] dbd10dc6141d1fb05b51824b4823a65d
[BSP] 147fd8dc90f0581cccb751b88b4118e0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08022013_064554.txt >>
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Unauthorized "Domains" added to URL

Unread postby Cypher » August 2nd, 2013, 10:26 am

Hi frerom,
Which browser are you using?
Apart from word "domains", your searches are going to the right site? they are not being redirected to a different site correct?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Unauthorized "Domains" added to URL

Unread postby frerom » August 2nd, 2013, 10:47 am

Which browser are you using?
]IE 8[
Apart from word "domains", your searches are going to the right site? they are not being redirected to a different site correct?
So far as I can notice we are getting to the sites we intend to. The 2 problem areas have been my login for email and my wife has had same problem with the MSN site.
In the past week I have also had a phishing email. I don't beleve it's related. Just thought I'd let you know.
I did notice the advertisement that popped up in my last reply.
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Unauthorized "Domains" added to URL

Unread postby Cypher » August 2nd, 2013, 11:15 am

Hi frerom,

  • Please download Microsoft FixIt and save it to the desktop.
  • Double click on MicrosoftFixit50195.exe select I Agree and click on Next.
  • Follow the on-screen prompts.
  • You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE8.
  • Next time IE8 is launched you will be prompted to reapply settings again, this is normal.
  • Note: Any add-ons will require to be reapplied after the above reset.

How is IE performing now?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Unauthorized "Domains" added to URL

Unread postby frerom » August 2nd, 2013, 12:53 pm

Hi Cypher,
While waiting for your last reply I decided to check with my ISP provider re the email issue. They remotely logged on and did their checks. They installed Google Chrome. Problem re email access was still happening with Google Chrome.
As a last resort I believe they upgraded the root certificates and that appears to have fixed the email access problem.

I did download and run Microsoft Fixit after the ISP changes. The email access is still okay but the windows security alert has reappeared. This may be due to the reote ISP session.

I apologize for installing a program without your consent during your troubleshooting.

One additional item. With IE8 whenever we try and access MSN all we get is the email login page. With Google Chrome it's no problem. Also with google chrome I no longer get the warning about an outdated browser.

So probably the best thing is to stick with google chrome and remove IE8.

I would appreciate if you could help me remove the windows security alert.

Otherwise the computer appears to be running okay.
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada

Re: Unauthorized "Domains" added to URL

Unread postby Cypher » August 3rd, 2013, 5:43 am

Hi frerom,
I apologize for installing a program without your consent during your troubleshooting.

This is why we ask people not to make changes other than the ones we ask for, it just complicates matters.
One additional item. With IE8 whenever we try and access MSN all we get is the email login page

Reset your homepage via Internet Options, In the IE browser go to Tools > Internet Options.
Under Home Page enter your preferred web address then click Apply > OK.
The email access is still okay but the windows security alert has reappeared.

Ok try this.

  • Got to Start, Run.
  • Type wscui.cpl into the box and hit Enter.
  • It should report Firewall ON, Automatic Updates ON, Virus Protection ON.
  • If any are OFF, choose Manage Security Settings for the item and correct it.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Unauthorized "Domains" added to URL

Unread postby frerom » August 3rd, 2013, 7:52 am

Hi Cypher,
I believe this computer has been infiltrated by an adware problem.
This morning when I logged on to the MR forum, there were ads for computer fixes in some of the posts. They were in 3inch by 3 inch square with a green background. I noticed the first one as stated in my reply of Aug 2, 10:47. I thought you were able to see them also. But when I logged on with the other computers the space was empty, so I thought that you may have edited them out.

The ads follow:
Remove Malware - Free
Free-Malware-Removal.sparktrust.comQuick Malware Removal in 2 minutes. Free Download (Highly Recommended)
AdChoices
Free Computer Clean up
free-PC-cleaner.winzip.com(Recommended) Free Download. Cleans All Registry Errors in 2 Minutes
AdChoices
Spam Blocking Solution
www.gfi.comAnti spam for servers that blocks 99% of spam. Sign up & try now!
AdChoices

I tried to remove the Security alert but I could not change it. I beleve it's a false alert as MSE states "PC status Protected".

I decided to go to Microsoft Update via the control panel and check for updates. As soon as I got to the site and started the check for updates the Security alert disappeared.
There were 2 updates that I required so I installed them.
When I came back to the MR forum the advertisements were gone and the text was aligned.

The computer appears to be working okay. IE8 appears to be okay.
frerom
Regular Member
 
Posts: 141
Joined: December 23rd, 2009, 3:18 pm
Location: Ontario, Canada
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware