Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible Malware

Unread postby shaf » July 7th, 2011, 7:39 pm

I started getting errors related to Data Execution Prevention in Vista (32bit). It has shut down McAfee Process Validation Service, which means I am unable to run a virus scan ("an unexpected error occured during your scan").

Furthermore, I am having browsing problems - When I click a specific link in google, I am presented with a totally different webpage offering anti-virus software. Has my PC been hijacked?? Below are my logs as instructed from DDS. Thanks in advance.

DDS.txt log

DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_21
Run by Shaf at 0:23:35 on 2011-07-08
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3069.2038 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Windows\System32\ico.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFSE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&c ... bd=1080116
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110705094656.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [EPSON PX710W Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifse.exe /fu "c:\windows\temp\E_SC3DB.tmp" /EF "HKCU"
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [CCUTRAYICON] "c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe"
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
mRun: [CTRegRun] c:\windows\CTRegRun.EXE
mRun: [PMX Daemon] ICO.EXE
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with ImTOO YouTube Video Converter - c:\program files\imtoo\youtube video converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{2730968D-0237-4739-A63E-C4D2DDE59C62} : DhcpNameServer = 194.168.4.100 194.168.8.100
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-7-20 387480]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-7-20 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-7-20 165032]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/06 12:13:17];c:\program files\cyberlink\powerdvd9\000.fcl [2009-9-1 87536]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 212992]
R2 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-6-27 157912]
R2 NMSCore;Intel(R) NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-6-27 317656]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
R2 QualityManager;Intel(R) Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-6-27 272600]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2008-1-16 5632]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-20 153280]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-7-20 314088]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-1-16 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-1-16 19008]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-20 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-20 271480]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-7-20 271480]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-7-20 171168]
S2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-7-20 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-7-20 141792]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-7-20 56064]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2008-9-20 18912]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-20 52320]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-20 84488]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2009-9-14 645120]
SUnknown rdwnuapn;rdwnuapn; [x]
.
=============== Created Last 30 ================
.
2011-07-07 22:33:18 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-07-07 22:33:14 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cf7fb6ce-fbe2-49be-86a8-fca4584f1b3f}\mpengine.dll
2011-07-07 22:33:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-06 20:23:14 25984 ----a-w- c:\windows\system32\drivers\1212744468.sys
2011-07-05 08:40:46 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-05 08:40:45 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-29 08:57:01 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-15 08:36:59 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 08:36:56 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 08:36:56 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 08:36:52 766464 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-06-15 08:36:50 563200 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 08:36:46 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 08:36:42 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 08:36:41 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 08:36:41 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
==================== Find3M ====================
.
2011-05-29 16:39:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-21 15:00:34 833024 ----a-w- c:\windows\system32\wininet.dll
2011-04-21 14:57:48 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-21 13:28:42 389632 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:08:37 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-14 14:24:14 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-14 13:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 13:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 13:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 13:01:38 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-04-14 13:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 13:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 13:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 13:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 13:01:38 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-04-14 13:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
.
============= FINISH: 0:23:57.36 ===============

Attach.txt log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 16/01/2008 03:41:38
System Uptime: 08/07/2011 00:20:11 (0 hours ago)
.
Motherboard: Dell Inc. | | 0TP406
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU | 2394/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 345.505 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 10.882 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Template Projects & Footage
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Color Video Profiles AE CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe Encore CS3 Library
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 8.1.0
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Browser Address Error Redirector
CyberLink PowerDVD 9
Dell Getting Started Guide
Dell Support Center
DellSupport
DVD Decrypter (Remove Only)
Epson Print CD
EPSON PX710W Series Printer Uninstall
EPSON Scan
Google Desktop
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImTOO Video Converter Standard 6
ImTOO YouTube Video Converter
Intel(R) PRO Network Connections 12.1.12.4
Intel(R) Viiv(TM) Software
Internet From BT
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) SE Runtime Environment 6
Junk Mail filter update
Linksys Wireless Manager
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mouse Suite for Desktop Computers
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
PDF Settings
Photoshop Camera Raw
Pixel Bender Toolkit
Protected Music Converter 1.0.0.11
Pure Networks Platform
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Tools
Roxio EasyArchive
Roxio Express Labeler
Roxio MyDVD Premier
Roxio Update Manager
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sonic CinePlayer Decoder Pack
Suite Shared Configuration CS4
Theory Interactive
Tiscali Internet
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
User's Guides
Vista Codec Package
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver
Xvid 1.1.3 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
08/07/2011 00:21:19, Error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.
08/07/2011 00:17:20, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... tid=144459 Scan ID: {334D14E2-0A98-4CC3-907C-280F9C23D66D} Scan Type: AntiMalware User: Shaf-PC\Shaf Name: TrojanDropper:Win32/Sirefef.B ID: 144459 Severity ID: 5 Category ID: 37 Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
08/07/2011 00:00:01, Error: EventLog [6008] - The previous system shutdown at 23:44:30 on 07/07/2011 was unexpected.
07/07/2011 21:52:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "193" attempting to start the service mcmscsvc with arguments "" in order to run the server: {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}
07/07/2011 21:52:15, Error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
07/07/2011 21:52:11, Error: Service Control Manager [7000] - The McAfee VirusScan Announcer service failed to start due to the following error: McAfee VirusScan Announcer is not a valid Win32 application.
07/07/2011 21:52:11, Error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: McAfee Services is not a valid Win32 application.
07/07/2011 21:50:40, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
07/07/2011 21:50:40, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/07/2011 21:50:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
07/07/2011 21:50:33, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Validation Trust Protection Service service to connect.
07/07/2011 21:50:33, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.
07/07/2011 21:50:33, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
07/07/2011 21:50:33, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
07/07/2011 21:50:33, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
07/07/2011 21:50:33, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
07/07/2011 21:50:33, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
07/07/2011 21:50:33, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
07/07/2011 21:50:33, Error: Service Control Manager [7000] - The McAfee Validation Trust Protection Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/07/2011 21:50:33, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/07/2011 21:50:33, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
06/07/2011 21:24:25, Error: Service Control Manager [7000] - The McShield service failed to start due to the following error: Access is denied.
05/07/2011 09:48:56, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
02/07/2011 03:16:58, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001D092008DF has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
01/07/2011 23:18:41, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
shaf
Active Member
 
Posts: 2
Joined: July 7th, 2011, 7:11 pm
Advertisement
Register to Remove

Re: Possible Malware

Unread postby askey127 » July 11th, 2011, 7:07 am

Hi shaf,
Your machine has definitely been hijacked.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.
If you cannot run TDSSKiller, post back and tell me before proceeding.
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please run the program just once.
Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.
---------------------------------------------
Run a Scan with OTL
Please download OTL.exe by OldTimer and save it to your desktop.
  • Right click the OTL icon and choose "Run as administrator".
  • When the window appears, In the Standard Registry box, click All.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
The contents of:
  • TDSSKiller log
  • CKFiles.txt
  • OTL.txt
  • Extras.txt
Please feel free to use separate replies.
The Extras.txt file will only show up the very first time you run OTL.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware

Unread postby shaf » July 11th, 2011, 7:16 pm

Hi askey

Here are the log files from TDSSKiller & ckfiles.txt.

However, I am not able to run OTL, giving me the following error:

Windows cannot access the specified device, path or file. You may not have the appropriate permissions - I ran this as administrator. (same error I had when trying to run malwarebyes anti-malware).

TDSSKiller log

2011/07/11 23:51:17.0736 5100 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/11 23:51:17.0929 5100 ================================================================================
2011/07/11 23:51:17.0930 5100 SystemInfo:
2011/07/11 23:51:17.0930 5100
2011/07/11 23:51:17.0930 5100 OS Version: 6.0.6001 ServicePack: 1.0
2011/07/11 23:51:17.0930 5100 Product type: Workstation
2011/07/11 23:51:17.0930 5100 ComputerName: SHAF-PC
2011/07/11 23:51:17.0930 5100 UserName: Shaf
2011/07/11 23:51:17.0930 5100 Windows directory: C:\Windows
2011/07/11 23:51:17.0930 5100 System windows directory: C:\Windows
2011/07/11 23:51:17.0930 5100 Processor architecture: Intel x86
2011/07/11 23:51:17.0930 5100 Number of processors: 4
2011/07/11 23:51:17.0930 5100 Page size: 0x1000
2011/07/11 23:51:17.0930 5100 Boot type: Normal boot
2011/07/11 23:51:17.0930 5100 ================================================================================
2011/07/11 23:51:19.0867 5100 Initialize success
2011/07/11 23:52:59.0201 6060 ================================================================================
2011/07/11 23:52:59.0201 6060 Scan started
2011/07/11 23:52:59.0201 6060 Mode: Manual;
2011/07/11 23:52:59.0201 6060 ================================================================================
2011/07/11 23:52:59.0911 6060 Suspicious service (NoAccess): 1212744468
2011/07/11 23:53:00.0029 6060 1212744468 (78bdf35b004b490074acea8a885cbb8d) C:\Windows\system32\drivers\1212744468.sys
2011/07/11 23:53:00.0029 6060 Suspicious file (NoAccess): C:\Windows\system32\drivers\1212744468.sys. md5: 78bdf35b004b490074acea8a885cbb8d
2011/07/11 23:53:00.0033 6060 1212744468 - detected LockedService.Multi.Generic (1)
2011/07/11 23:53:00.0118 6060 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
2011/07/11 23:53:00.0174 6060 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/07/11 23:53:00.0224 6060 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/07/11 23:53:00.0246 6060 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/07/11 23:53:00.0260 6060 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/07/11 23:53:00.0272 6060 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/07/11 23:53:00.0355 6060 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
2011/07/11 23:53:00.0420 6060 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/07/11 23:53:00.0477 6060 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/11 23:53:00.0554 6060 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
2011/07/11 23:53:00.0564 6060 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/07/11 23:53:00.0576 6060 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
2011/07/11 23:53:00.0609 6060 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/07/11 23:53:00.0620 6060 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/07/11 23:53:00.0641 6060 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/07/11 23:53:00.0656 6060 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/07/11 23:53:00.0717 6060 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/11 23:53:00.0782 6060 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/07/11 23:53:00.0846 6060 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
2011/07/11 23:53:00.0887 6060 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/11 23:53:01.0013 6060 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/11 23:53:01.0054 6060 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/11 23:53:01.0065 6060 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/11 23:53:01.0080 6060 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/11 23:53:01.0093 6060 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/11 23:53:01.0105 6060 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/11 23:53:01.0116 6060 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/11 23:53:01.0129 6060 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/11 23:53:01.0200 6060 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/11 23:53:01.0259 6060 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/11 23:53:01.0317 6060 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
2011/07/11 23:53:01.0329 6060 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/07/11 23:53:01.0398 6060 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/07/11 23:53:01.0446 6060 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
2011/07/11 23:53:01.0479 6060 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/07/11 23:53:01.0494 6060 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/11 23:53:01.0507 6060 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/07/11 23:53:01.0542 6060 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
2011/07/11 23:53:01.0590 6060 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/07/11 23:53:01.0650 6060 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/11 23:53:01.0707 6060 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/07/11 23:53:01.0749 6060 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
2011/07/11 23:53:01.0887 6060 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/11 23:53:02.0049 6060 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/07/11 23:53:02.0085 6060 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/11 23:53:02.0159 6060 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/07/11 23:53:02.0203 6060 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/07/11 23:53:02.0371 6060 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/07/11 23:53:02.0458 6060 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/07/11 23:53:02.0481 6060 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/11 23:53:02.0523 6060 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/11 23:53:02.0542 6060 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/11 23:53:02.0592 6060 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/11 23:53:02.0612 6060 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/07/11 23:53:02.0689 6060 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/11 23:53:02.0731 6060 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/11 23:53:02.0785 6060 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/11 23:53:02.0872 6060 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/11 23:53:02.0954 6060 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/11 23:53:02.0969 6060 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/11 23:53:03.0032 6060 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/11 23:53:03.0046 6060 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/07/11 23:53:03.0100 6060 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/07/11 23:53:03.0122 6060 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/07/11 23:53:03.0169 6060 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/11 23:53:03.0213 6060 iaStor (bdc361489a7f22e568060fa6fb3c960e) C:\Windows\system32\drivers\iastor.sys
2011/07/11 23:53:03.0255 6060 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/07/11 23:53:03.0284 6060 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/11 23:53:03.0316 6060 IntelDH (7f440f8ced849fcdfa85bb3521b4f048) C:\Windows\system32\Drivers\IntelDH.sys
2011/07/11 23:53:03.0384 6060 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/11 23:53:03.0453 6060 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/11 23:53:03.0523 6060 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/11 23:53:03.0554 6060 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/11 23:53:03.0592 6060 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/11 23:53:03.0665 6060 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/11 23:53:03.0718 6060 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/07/11 23:53:03.0768 6060 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/11 23:53:03.0796 6060 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/11 23:53:03.0815 6060 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/11 23:53:03.0872 6060 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/11 23:53:03.0890 6060 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/11 23:53:03.0930 6060 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/11 23:53:04.0040 6060 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/11 23:53:04.0081 6060 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/11 23:53:04.0092 6060 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/11 23:53:04.0105 6060 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/11 23:53:04.0148 6060 LTXMD_VAC (834098ee53663043e94f51d8b8e2cb0e) C:\Windows\system32\drivers\lmvac.sys
2011/07/11 23:53:04.0196 6060 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/11 23:53:04.0323 6060 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/07/11 23:53:04.0383 6060 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys
2011/07/11 23:53:04.0420 6060 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
2011/07/11 23:53:04.0443 6060 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
2011/07/11 23:53:04.0474 6060 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
2011/07/11 23:53:04.0650 6060 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys
2011/07/11 23:53:04.0718 6060 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/07/11 23:53:04.0785 6060 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
2011/07/11 23:53:04.0847 6060 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
2011/07/11 23:53:04.0939 6060 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/11 23:53:05.0024 6060 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/11 23:53:05.0096 6060 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/11 23:53:05.0133 6060 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/11 23:53:05.0188 6060 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/11 23:53:05.0226 6060 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/07/11 23:53:05.0248 6060 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/11 23:53:05.0262 6060 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/11 23:53:05.0282 6060 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/07/11 23:53:05.0353 6060 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/11 23:53:05.0382 6060 mrxsmb10 (cf6e972f8e0d0f2970360a17572b366b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/11 23:53:05.0402 6060 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/11 23:53:05.0430 6060 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
2011/07/11 23:53:05.0477 6060 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/07/11 23:53:05.0559 6060 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
2011/07/11 23:53:05.0617 6060 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/11 23:53:05.0660 6060 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/11 23:53:05.0742 6060 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/11 23:53:05.0804 6060 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/11 23:53:05.0831 6060 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/11 23:53:05.0866 6060 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/07/11 23:53:05.0904 6060 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/11 23:53:05.0936 6060 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/11 23:53:05.0947 6060 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/07/11 23:53:06.0046 6060 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/11 23:53:06.0165 6060 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/07/11 23:53:06.0207 6060 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/11 23:53:06.0217 6060 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/11 23:53:06.0238 6060 NdisWan (1e16a1e65433eb5c85d31a730632162c) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/11 23:53:06.0238 6060 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ndiswan.sys. Real md5: 1e16a1e65433eb5c85d31a730632162c, Fake md5: 3d14c3b3496f88890d431e8aa022a411
2011/07/11 23:53:06.0242 6060 NdisWan - detected Rootkit.Win32.ZAccess.c (0)
2011/07/11 23:53:06.0256 6060 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/11 23:53:06.0276 6060 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/11 23:53:06.0324 6060 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/11 23:53:06.0370 6060 nmsunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\nmsunidr.sys
2011/07/11 23:53:06.0410 6060 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/07/11 23:53:06.0449 6060 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/11 23:53:06.0498 6060 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/07/11 23:53:06.0542 6060 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/11 23:53:06.0561 6060 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/11 23:53:06.0833 6060 nvlddmkm (cb7b5469dc515efdc11cce3fe3a9360a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/11 23:53:07.0084 6060 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/07/11 23:53:07.0109 6060 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/07/11 23:53:07.0154 6060 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/07/11 23:53:07.0293 6060 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/11 23:53:07.0335 6060 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/11 23:53:07.0390 6060 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/07/11 23:53:07.0402 6060 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/11 23:53:07.0489 6060 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/07/11 23:53:07.0541 6060 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/07/11 23:53:07.0554 6060 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/11 23:53:07.0602 6060 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/11 23:53:07.0660 6060 pmxmouse (fab495f1defeb596c44b9752a25e2a60) C:\Windows\system32\DRIVERS\pmxmouse.sys
2011/07/11 23:53:07.0671 6060 pmxusblf (020eae9dfe3cd277994ce60e4c2c71cf) C:\Windows\system32\DRIVERS\pmxusblf.sys
2011/07/11 23:53:07.0701 6060 pnarp (63200893c9d5934a7504d20f68276cc7) C:\Windows\system32\DRIVERS\pnarp.sys
2011/07/11 23:53:07.0820 6060 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/11 23:53:07.0847 6060 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/07/11 23:53:07.0917 6060 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/11 23:53:07.0950 6060 purendis (748bcab4eff5959ed347c05a1c1a0af8) C:\Windows\system32\DRIVERS\purendis.sys
2011/07/11 23:53:08.0004 6060 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/07/11 23:53:08.0046 6060 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/07/11 23:53:08.0085 6060 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/11 23:53:08.0160 6060 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/11 23:53:08.0217 6060 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/11 23:53:08.0259 6060 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/11 23:53:08.0282 6060 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/11 23:53:08.0304 6060 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/11 23:53:08.0316 6060 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/11 23:53:08.0334 6060 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/11 23:53:08.0361 6060 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/11 23:53:08.0414 6060 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/07/11 23:53:08.0427 6060 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/11 23:53:08.0456 6060 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/07/11 23:53:08.0517 6060 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/11 23:53:08.0550 6060 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/11 23:53:08.0578 6060 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/11 23:53:08.0597 6060 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/11 23:53:08.0610 6060 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/11 23:53:08.0652 6060 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/11 23:53:08.0732 6060 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/07/11 23:53:08.0814 6060 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/11 23:53:08.0827 6060 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/11 23:53:08.0840 6060 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/11 23:53:08.0860 6060 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/07/11 23:53:08.0872 6060 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/07/11 23:53:08.0885 6060 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/07/11 23:53:08.0947 6060 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/07/11 23:53:09.0012 6060 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/11 23:53:09.0084 6060 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/07/11 23:53:09.0175 6060 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/11 23:53:09.0212 6060 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/11 23:53:09.0330 6060 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2011/07/11 23:53:09.0374 6060 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
2011/07/11 23:53:09.0435 6060 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/11 23:53:09.0507 6060 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/11 23:53:09.0519 6060 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/11 23:53:09.0532 6060 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/11 23:53:09.0629 6060 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/07/11 23:53:09.0734 6060 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/11 23:53:09.0782 6060 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/11 23:53:09.0819 6060 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/11 23:53:09.0880 6060 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/11 23:53:09.0921 6060 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/11 23:53:09.0948 6060 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/11 23:53:10.0037 6060 TSHWMDTCP (b56368b25a51cebda77e6b20764f07f2) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
2011/07/11 23:53:10.0122 6060 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/11 23:53:10.0169 6060 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/11 23:53:10.0207 6060 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/11 23:53:10.0265 6060 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/07/11 23:53:10.0290 6060 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/11 23:53:10.0346 6060 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/11 23:53:10.0392 6060 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/07/11 23:53:10.0417 6060 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/11 23:53:10.0430 6060 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/11 23:53:10.0468 6060 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/11 23:53:10.0546 6060 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/11 23:53:10.0606 6060 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/11 23:53:10.0644 6060 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/11 23:53:10.0769 6060 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/11 23:53:10.0836 6060 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/11 23:53:10.0853 6060 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/11 23:53:10.0901 6060 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/11 23:53:10.0979 6060 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/11 23:53:11.0062 6060 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/11 23:53:11.0163 6060 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/11 23:53:11.0213 6060 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/11 23:53:11.0286 6060 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/11 23:53:11.0333 6060 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/07/11 23:53:11.0347 6060 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/07/11 23:53:11.0404 6060 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
2011/07/11 23:53:11.0500 6060 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/11 23:53:11.0526 6060 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/07/11 23:53:11.0597 6060 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/07/11 23:53:11.0631 6060 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/07/11 23:53:11.0653 6060 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/11 23:53:11.0716 6060 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/11 23:53:11.0733 6060 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/11 23:53:11.0756 6060 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/07/11 23:53:11.0805 6060 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/11 23:53:11.0880 6060 WinUsb (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/07/11 23:53:11.0899 6060 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/11 23:53:11.0965 6060 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/11 23:53:12.0000 6060 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/11 23:53:12.0101 6060 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/11 23:53:12.0148 6060 WUSB54GCv3 (2e812881ec96e80eae304877ed90206b) C:\Windows\system32\DRIVERS\WUSB54GCv3.sys
2011/07/11 23:53:12.0210 6060 {B154377D-700F-42cc-9474-23858FBDF4BD} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD9\000.fcl
2011/07/11 23:53:12.0234 6060 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/11 23:53:12.0263 6060 Boot (0x1200) (00fe57774615002b003209a9407ea842) \Device\Harddisk0\DR0\Partition0
2011/07/11 23:53:12.0271 6060 Boot (0x1200) (a7f174cb4330fdad039e46cb7745e71f) \Device\Harddisk0\DR0\Partition1
2011/07/11 23:53:12.0286 6060 ================================================================================
2011/07/11 23:53:12.0286 6060 Scan finished
2011/07/11 23:53:12.0286 6060 ================================================================================
2011/07/11 23:53:12.0296 5272 Detected object count: 2
2011/07/11 23:53:12.0296 5272 Actual detected object count: 2
2011/07/11 23:54:02.0455 5272 LockedService.Multi.Generic(1212744468) - User select action: Skip
2011/07/11 23:54:02.0593 5272 NdisWan (1e16a1e65433eb5c85d31a730632162c) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/11 23:54:02.0594 5272 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ndiswan.sys. Real md5: 1e16a1e65433eb5c85d31a730632162c, Fake md5: 3d14c3b3496f88890d431e8aa022a411
2011/07/11 23:54:02.0701 5272 Backup copy found, using it..
2011/07/11 23:54:02.0775 5272 C:\Windows\system32\DRIVERS\ndiswan.sys - will be cured after reboot
2011/07/11 23:54:02.0775 5272 Rootkit.Win32.ZAccess.c(NdisWan) - User select action: Cure
2011/07/11 23:54:16.0394 5376 Deinitialize success

ckfiles.txt

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler6.dll
c:\users\shaf\desktop\ps_cs3\crack\photoshop.exe
c:\users\shaf\desktop\ps_cs3\crack\serial.nfo
scanner sequence 3.BC.11.INAPUN
----- EOF -----
shaf
Active Member
 
Posts: 2
Joined: July 7th, 2011, 7:11 pm

Re: Possible Malware

Unread postby askey127 » July 11th, 2011, 8:17 pm

Your machine shows evidence of cracked or otherwise illegal software, so we will not provide any further help.
This thread will be closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 91 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware