Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Check for DNS-Changer malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Check for DNS-Changer malware

Unread postby rbd » July 6th, 2012, 5:44 pm

Hello MR Forum!

Today I read an article about the DNS-Changer malware and what will happen to infected computers on monday 9 July: they won't be able to connect to the internet.
I don't have particular reasons to believe I am infected: I try to keep my security & other software up to date and try to avoid rogue websites. However the consequences of this infections are too bad to ignore.
I have enquired on the "News Desk" section of this forum (viewtopic.php?f=43&t=59932) and was advised to post here, requesting specifically for a check against the DNS-Changer.

I would appreciate it if someone could kindly check my computer. Please see DDS and Attach reports below.

Having used this forum once in the past, I know how it works and how good the helpers are. To save you and me time in replying, I also attach the MGAdiag report.

One related query: would you be able to check my router too, or should I contact my ISP for this (they are actually the owner of the router!)?

Thanks in advance.

rbd


===========
DDS log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.0
Run by Administrator at 22:18:17 on 2012-07-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.189 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Preload] c:\windows\RUNXMLPL.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [eLockMonitor] c:\acer\empowering technology\elock\monitor\LaunchMonitor.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan ... stubie.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\60vq4buk.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-11-17 28552]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-1 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-2 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-2 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-20 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [2007-5-14 508288]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-12 23:53:49 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-12 21:43:58 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-06-27 19:10:49 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-27 19:10:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-12 23:52:57 772592 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-12 23:52:57 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 14:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 14:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 14:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 22:21:42.85 ===============

Attach log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 26/09/2007 14:14:56
System Uptime: 06/07/2012 21:37:20 (1 hours ago)
.
Motherboard: Acer | | Dallen
Processor: Intel(R) Celeron(R) M CPU 520 @ 1.60GHz | U2E1 | 1600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 35 GiB total, 17.626 GiB free.
D: is FIXED (FAT32) - 35 GiB total, 35.061 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP678: 05/06/2012 17:08:28 - System Checkpoint
RP679: 05/06/2012 18:14:52 - Software Distribution Service 3.0
RP680: 09/06/2012 14:27:41 - System Checkpoint
RP681: 10/06/2012 16:39:33 - System Checkpoint
RP682: 12/06/2012 22:40:04 - Software Distribution Service 3.0
RP683: 12/06/2012 22:45:02 - Software Distribution Service 3.0
RP684: 13/06/2012 00:44:46 - Removed Java(TM) 7 Update 4
RP685: 13/06/2012 00:52:42 - Installed Java(TM) 7 Update 5
RP686: 16/06/2012 19:43:50 - System Checkpoint
RP687: 19/06/2012 22:44:47 - System Checkpoint
RP688: 23/06/2012 19:29:36 - System Checkpoint
RP689: 25/06/2012 19:27:15 - System Checkpoint
RP690: 27/06/2012 20:35:38 - System Checkpoint
RP691: 29/06/2012 00:54:33 - System Checkpoint
RP692: 30/06/2012 19:26:15 - System Checkpoint
.
==== Installed Programs ======================
.
Acer eLock Management
Acer Empowering Technology
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer ScreenSaver
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
avast! Free Antivirus
Broadcom Gigabit Integrated Controller
BroadJump Client Foundation
CutePDF Writer 2.7
Filzip 3.06
getPlus(R)_ocx
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Java Auto Updater
Java(TM) 7 Update 5
Launch Manager
LightScribe 1.4.142.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 13.0.1 (x86 en-GB)
Mozilla Maintenance Service
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NTI Shadow
Panda ActiveScan 2.0
PowerDVD
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype™ 4.2
Spybot - Search & Destroy
SpywareBlaster 4.6
swMSM
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Trust WB-1400T Webcam
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veetle TV
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
02/07/2012 20:41:14, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl
.
==== End Of File ===========================

MGAdiag report
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-VW3P7-YHQQ6-C7RYM
Windows Product Key Hash: ZcgwvstIxQC+DhtQDO8/GmF+gus=
Windows Product ID: 76487-OEM-2211906-00100
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {B7AE6AF0-EB7E-46B2-84B6-C7F9954740A6}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B7AE6AF0-EB7E-46B2-84B6-C7F9954740A6}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-C7RYM</PKey><PID>76487-OEM-2211906-00100</PID><PIDType>2</PIDType><SID>S-1-5-21-1808491901-1178147021-2521828933</SID><SYSTEM><Manufacturer>Acer </Manufacturer><Model>Extensa 5210 </Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>V1.03 </Version><SMBIOSVersion major="2" minor="4"/><Date>20070427000000.000000+000</Date><SLPBIOS>AcerSystem ,AcerSystem </SLPBIOS></BIOS><HWID>0F4F3E07018400DA</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Acer Inc.</name><model>AcerSystem</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 16FC0:Acer Incorporated|8D74:HITACHI, Ltd|8D74:HITACHI, Ltd|8D74:HITACHI, Ltd
Marker string from OEMBIOS.DAT: AcerSystem ,AcerSystem

OEM Activation 2.0 Data-->
N/A
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm
Advertisement
Register to Remove

Re: Check for DNS-Changer malware

Unread postby melboy » July 6th, 2012, 7:49 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


==================================



Malwarebytes' Anti-Malware (MBAM)

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you wish)
  • Select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select to the Scanner tab, select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Router check

Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:

Code: Select all
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

  • Go to File > Save as.
  • Save this as router.bat
  • Choose to Save as type - All Files and save it to your Desktop
  • Close the Notepad file.
  • Double-click on router.bat to run it. It should look like this: Image
  • It will open notepad when done. Post the results in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Check for DNS-Changer malware

Unread postby rbd » July 7th, 2012, 7:26 am

Hi melboy

Thanks for replying so quickly.

I will not install any software updates or similar until you tell me otherwise, except that my AV (Avast) automatically updates the virus definitions daily - but I trust this is ok.

I run your scans with MBAM and then for my modem router - please see below the logs. MBAM didn't seem to find any malware - looks good :)

Thanks again for your help

rbd

================
MBAM Scan log

Malwarebytes Anti-Malware 1.61.0.1400
http://www.malwarebytes.org

Database version: v2012.07.07.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: ACER-47CBE8A5ED [administrator]

07/07/2012 12:00:02
mbam-log-2012-07-07 (12-00-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233787
Time elapsed: 10 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

================
Modem-router check log



Windows IP Configuration



Host Name . . . . . . . . . . . . : acer-47cbe8a5ed

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter

Physical Address. . . . . . . . . : 00-19-7E-A9-AA-08



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet

Physical Address. . . . . . . . . : 00-16-D3-5C-CC-31

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : 07 July 2012 12:13:24

Lease Expires . . . . . . . . . . : 08 July 2012 12:13:24

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.230.130, 74.125.230.137, 74.125.230.142, 74.125.230.136
74.125.230.135, 74.125.230.129, 74.125.230.133, 74.125.230.132, 74.125.230.134
74.125.230.131, 74.125.230.128

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging google.com [74.125.230.137] with 32 bytes of data:



Reply from 74.125.230.137: bytes=32 time=27ms TTL=53

Reply from 74.125.230.137: bytes=32 time=28ms TTL=53



Ping statistics for 74.125.230.137:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 28ms, Average = 27ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=148ms TTL=47

Reply from 209.191.122.70: bytes=32 time=148ms TTL=47



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 148ms, Maximum = 148ms, Average = 148ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 19 7e a9 aa 08 ...... Broadcom 802.11g Network Adapter
0x10004 ...00 16 d3 5c cc 31 ...... Broadcom NetLink (TM) Gigabit Ethernet
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 20
192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 20
224.0.0.0 240.0.0.0 192.168.0.2 192.168.0.2 20
255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1
255.255.255.255 255.255.255.255 192.168.0.2 10003 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Check for DNS-Changer malware

Unread postby melboy » July 7th, 2012, 7:36 am

Hi

That's fine - one last check.

aswMBR

Download aswMBR and save it to your Desktop.

  • Double click aswMBR.exe to run it.
  • Click Yes if prompted to scan with Avast! virus definitions.
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat
  • Save MBR.dat to to a form of removable media. (CD, DVD, USB flash drive etc) - This is a backup of your MBR. Do not delete this file.
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Check for DNS-Changer malware

Unread postby rbd » July 7th, 2012, 11:17 am

Hi melboy

I run the scan and it looks like there's some malware, as it says 'infected' and came out in red: is it the DNS-Changer or something else?
How bad is it? I'm a little worried now...

Log below
================

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-07 16:00:14
-----------------------------
16:00:14.453 OS Version: Windows 5.1.2600 Service Pack 3
16:00:14.453 Number of processors: 1 586 0xF06
16:00:14.453 ComputerName: ACER-47CBE8A5ED UserName: Administrator
16:00:16.359 Initialize success
16:00:20.921 AVAST engine defs: 12070700
16:01:10.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:01:10.078 Disk 0 Vendor: Hitachi_ SB2O Size: 76319MB BusType: 3
16:01:10.109 Disk 0 MBR read successfully
16:01:10.109 Disk 0 MBR scan
16:01:10.125 Disk 0 unknown MBR code
16:01:10.125 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 5004 MB offset 63
16:01:10.156 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 35393 MB offset 10249470
16:01:10.218 Disk 0 Partition 3 00 0C FAT32 LBA MSWIN4.1 35918 MB offset 82734750
16:01:10.234 Disk 0 scanning sectors +156296385
16:01:10.328 Disk 0 scanning C:\WINDOWS\system32\drivers
16:01:21.750 File: C:\WINDOWS\system32\drivers\int15.sys **INFECTED** Win32:Zeroot-B [Rtk]
16:01:31.937 Disk 0 trace - called modules:
16:01:32.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
16:01:32.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f57030]
16:01:32.390 3 CLASSPNP.SYS[f8655fd7] -> nt!IofCallDriver -> \Device\000000aa[0x82f75320]
16:01:32.406 5 ACPI.sys[f844c620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x82f2b030]
16:01:32.609 AVAST engine scan C:\WINDOWS
16:01:48.734 AVAST engine scan C:\WINDOWS\system32
16:04:40.515 AVAST engine scan C:\WINDOWS\system32\drivers
16:04:56.015 File: C:\WINDOWS\system32\drivers\int15.sys **INFECTED** Win32:Zeroot-B [Rtk]
16:05:08.015 AVAST engine scan C:\Documents and Settings\Administrator
16:06:00.703 AVAST engine scan C:\Documents and Settings\All Users
16:06:36.078 Scan finished successfully
16:07:13.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
16:07:13.109 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Check for DNS-Changer malware

Unread postby melboy » July 7th, 2012, 11:48 am

Hi

That may be a false positive - We'll check it out further to be sure.


TDSSKiller

Download tdsskiller.exe and save it to your desktop

  • Double click TDSSKiller.exe to run it.
  • Click Change parameters
  • Under Additional Options check Verify file digital signatures & Detect TDLFS file system.
  • Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure Cure is selected then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected then click Continue

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Check for DNS-Changer malware

Unread postby rbd » July 7th, 2012, 11:49 am

I've just remembered something.

In the last 2 months I noticed that when switching on (or re-booting) my laptop, after logging on any profile -user or administrator- a balloon was appearing for 1-2 seconds in the SystemTray saying that the Windows Firewall was not on. Then 2 seconds later the balloon was disappearing.
I checked the Firewall in the Control Panel but it was on.
It was only happening after re-booting, not if I was logging off from a profile and then logging on in another one. (Luckily I always connect physically the laptop to internet after logging on and start-up is complete.)

This went on for 3-4 days, then no more. I noticed it the 1st time after the running the Windows Updates in May, then again after the ones in June.
I thought it was probably related to the updates.

Furthermore: I have these updates set to "notify before download". When I get notification, then I always download them via the balloon with yellow shield. However in the last 4-5 months, after accepting the download from the balloon, nothing was downloading, even after waiting 30' or even rebooting. So for the last 4-5 months I have been downloading & installing the updates by going on the Microsoft Updates website itself.

Could all this be the action of this virus?

I hope this makes sense to you.

Thanks,
rbd
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Check for DNS-Changer malware

Unread postby melboy » July 7th, 2012, 11:54 am

Thanks for the additional information - Please see my previous post.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Check for DNS-Changer malware

Unread postby rbd » July 7th, 2012, 12:19 pm

I so hope you're right about the false positive!

I run the TDDSkiller scan: it found some threats but apparently no malicious objects. Sounds promising...
Please find log below
=============

17:08:06.0812 5256 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
17:08:06.0968 5256 ============================================================
17:08:06.0968 5256 Current date / time: 2012/07/07 17:08:06.0968
17:08:06.0968 5256 SystemInfo:
17:08:06.0968 5256
17:08:06.0968 5256 OS Version: 5.1.2600 ServicePack: 3.0
17:08:06.0968 5256 Product type: Workstation
17:08:06.0968 5256 ComputerName: ACER-47CBE8A5ED
17:08:06.0968 5256 UserName: Administrator
17:08:06.0968 5256 Windows directory: C:\WINDOWS
17:08:06.0968 5256 System windows directory: C:\WINDOWS
17:08:06.0968 5256 Processor architecture: Intel x86
17:08:06.0968 5256 Number of processors: 1
17:08:06.0968 5256 Page size: 0x1000
17:08:06.0968 5256 Boot type: Normal boot
17:08:06.0968 5256 ============================================================
17:08:08.0859 5256 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:08:08.0859 5256 ============================================================
17:08:08.0859 5256 \Device\Harddisk0\DR0:
17:08:08.0859 5256 MBR partitions:
17:08:08.0859 5256 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x9C64FE, BlocksNum 0x45209A0
17:08:08.0859 5256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x4EE6E9E, BlocksNum 0x4627623
17:08:08.0859 5256 ============================================================
17:08:08.0890 5256 C: <-> \Device\Harddisk0\DR0\Partition0
17:08:08.0906 5256 D: <-> \Device\Harddisk0\DR0\Partition1
17:08:08.0906 5256 ============================================================
17:08:08.0906 5256 Initialize success
17:08:08.0906 5256 ============================================================
17:09:01.0703 2416 ============================================================
17:09:01.0703 2416 Scan started
17:09:01.0703 2416 Mode: Manual; SigCheck; TDLFS;
17:09:01.0703 2416 ============================================================
17:09:03.0218 2416 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:09:03.0453 2416 Aavmker4 - ok
17:09:03.0453 2416 Abiosdsk - ok
17:09:03.0515 2416 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:09:05.0578 2416 abp480n5 - ok
17:09:05.0609 2416 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:09:05.0828 2416 ACPI - ok
17:09:05.0843 2416 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:09:05.0984 2416 ACPIEC - ok
17:09:06.0015 2416 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:09:06.0187 2416 adpu160m - ok
17:09:06.0218 2416 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:09:06.0375 2416 aec - ok
17:09:06.0468 2416 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:09:06.0562 2416 AFD - ok
17:09:06.0593 2416 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:09:06.0750 2416 agp440 - ok
17:09:06.0765 2416 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:09:06.0906 2416 agpCPQ - ok
17:09:06.0937 2416 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:09:07.0015 2416 Aha154x - ok
17:09:07.0031 2416 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:09:07.0187 2416 aic78u2 - ok
17:09:07.0250 2416 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:09:07.0406 2416 aic78xx - ok
17:09:07.0453 2416 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:09:07.0593 2416 Alerter - ok
17:09:07.0625 2416 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:09:07.0781 2416 ALG - ok
17:09:07.0843 2416 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:09:08.0000 2416 AliIde - ok
17:09:08.0031 2416 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:09:08.0171 2416 alim1541 - ok
17:09:08.0250 2416 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:09:08.0406 2416 amdagp - ok
17:09:08.0421 2416 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:09:08.0500 2416 amsint - ok
17:09:08.0531 2416 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:09:08.0671 2416 AppMgmt - ok
17:09:08.0765 2416 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:09:08.0906 2416 Arp1394 - ok
17:09:08.0921 2416 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:09:09.0062 2416 asc - ok
17:09:09.0171 2416 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:09:09.0234 2416 asc3350p - ok
17:09:09.0250 2416 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:09:09.0406 2416 asc3550 - ok
17:09:09.0531 2416 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:09:09.0562 2416 aspnet_state - ok
17:09:09.0625 2416 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:09:09.0640 2416 aswFsBlk - ok
17:09:09.0687 2416 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
17:09:09.0718 2416 aswMon2 - ok
17:09:09.0750 2416 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
17:09:09.0765 2416 aswRdr - ok
17:09:09.0859 2416 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
17:09:09.0906 2416 aswSnx - ok
17:09:09.0968 2416 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
17:09:10.0000 2416 aswSP - ok
17:09:10.0046 2416 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
17:09:10.0062 2416 aswTdi - ok
17:09:10.0109 2416 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:09:10.0265 2416 AsyncMac - ok
17:09:10.0343 2416 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:09:10.0500 2416 atapi - ok
17:09:10.0515 2416 Atdisk - ok
17:09:10.0531 2416 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:09:10.0703 2416 Atmarpc - ok
17:09:10.0734 2416 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:09:10.0890 2416 AudioSrv - ok
17:09:10.0937 2416 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:09:11.0109 2416 audstub - ok
17:09:11.0234 2416 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
17:09:11.0250 2416 avast! Antivirus - ok
17:09:11.0281 2416 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:09:11.0328 2416 b57w2k - ok
17:09:11.0406 2416 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:09:11.0468 2416 BCM43XX - ok
17:09:11.0515 2416 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:09:11.0671 2416 Beep - ok
17:09:11.0765 2416 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:09:11.0953 2416 BITS - ok
17:09:12.0062 2416 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:09:12.0203 2416 Browser - ok
17:09:12.0250 2416 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:09:12.0390 2416 cbidf - ok
17:09:12.0406 2416 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:09:12.0562 2416 cbidf2k - ok
17:09:12.0640 2416 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:09:12.0781 2416 CCDECODE - ok
17:09:12.0812 2416 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:09:12.0875 2416 cd20xrnt - ok
17:09:12.0906 2416 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:09:13.0078 2416 Cdaudio - ok
17:09:13.0140 2416 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:09:13.0281 2416 Cdfs - ok
17:09:13.0312 2416 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:09:13.0468 2416 Cdrom - ok
17:09:13.0468 2416 Changer - ok
17:09:13.0500 2416 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:09:13.0656 2416 CiSvc - ok
17:09:13.0750 2416 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:09:13.0875 2416 ClipSrv - ok
17:09:13.0984 2416 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:09:14.0062 2416 clr_optimization_v2.0.50727_32 - ok
17:09:14.0125 2416 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:09:14.0140 2416 clr_optimization_v4.0.30319_32 - ok
17:09:14.0203 2416 CLTNetCnService - ok
17:09:14.0234 2416 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:09:14.0375 2416 CmBatt - ok
17:09:14.0421 2416 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:09:14.0578 2416 CmdIde - ok
17:09:14.0593 2416 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:09:14.0765 2416 Compbatt - ok
17:09:14.0781 2416 COMSysApp - ok
17:09:14.0843 2416 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:09:15.0015 2416 Cpqarray - ok
17:09:15.0046 2416 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:09:15.0203 2416 CryptSvc - ok
17:09:15.0234 2416 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:09:15.0406 2416 dac2w2k - ok
17:09:15.0437 2416 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:09:15.0609 2416 dac960nt - ok
17:09:15.0671 2416 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:09:15.0734 2416 DcomLaunch - ok
17:09:15.0781 2416 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:09:15.0921 2416 Dhcp - ok
17:09:15.0937 2416 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:09:16.0078 2416 Disk - ok
17:09:16.0109 2416 DKbFltr (060db81dfb79c8244eb65d10b6c7873f) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
17:09:16.0156 2416 DKbFltr - ok
17:09:16.0156 2416 dmadmin - ok
17:09:16.0218 2416 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:09:16.0437 2416 dmboot - ok
17:09:16.0468 2416 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:09:16.0625 2416 dmio - ok
17:09:16.0656 2416 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:09:16.0843 2416 dmload - ok
17:09:16.0875 2416 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:09:17.0015 2416 dmserver - ok
17:09:17.0046 2416 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:09:17.0187 2416 DMusic - ok
17:09:17.0234 2416 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:09:17.0265 2416 Dnscache - ok
17:09:17.0343 2416 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:09:17.0500 2416 Dot3svc - ok
17:09:17.0531 2416 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:09:17.0687 2416 dpti2o - ok
17:09:17.0750 2416 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:09:17.0890 2416 drmkaud - ok
17:09:17.0937 2416 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:09:18.0093 2416 EapHost - ok
17:09:18.0140 2416 eeCtrl - ok
17:09:18.0218 2416 eLockService (d33ec04d1f0b5f388de86ccc3333a59f) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
17:09:18.0250 2416 eLockService ( UnsignedFile.Multi.Generic ) - warning
17:09:18.0250 2416 eLockService - detected UnsignedFile.Multi.Generic (1)
17:09:18.0296 2416 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:09:18.0453 2416 ERSvc - ok
17:09:18.0500 2416 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:09:18.0546 2416 Eventlog - ok
17:09:18.0625 2416 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:09:18.0671 2416 EventSystem - ok
17:09:18.0703 2416 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:09:18.0843 2416 Fastfat - ok
17:09:18.0953 2416 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:09:19.0031 2416 FastUserSwitchingCompatibility - ok
17:09:19.0093 2416 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
17:09:19.0265 2416 Fax - ok
17:09:19.0328 2416 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:09:19.0468 2416 Fdc - ok
17:09:19.0515 2416 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
17:09:19.0671 2416 FETNDIS - ok
17:09:19.0750 2416 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:09:19.0890 2416 Fips - ok
17:09:19.0921 2416 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:09:20.0062 2416 Flpydisk - ok
17:09:20.0109 2416 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:09:20.0250 2416 FltMgr - ok
17:09:20.0406 2416 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:09:20.0421 2416 FontCache3.0.0.0 - ok
17:09:20.0484 2416 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:09:20.0640 2416 Fs_Rec - ok
17:09:20.0734 2416 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:09:20.0890 2416 Ftdisk - ok
17:09:20.0921 2416 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
17:09:21.0062 2416 gagp30kx - ok
17:09:21.0109 2416 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:09:21.0265 2416 Gpc - ok
17:09:21.0312 2416 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:09:21.0468 2416 HDAudBus - ok
17:09:21.0531 2416 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:09:21.0687 2416 helpsvc - ok
17:09:21.0687 2416 HidServ - ok
17:09:21.0718 2416 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:09:21.0875 2416 HidUsb - ok
17:09:21.0937 2416 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:09:22.0078 2416 hkmsvc - ok
17:09:22.0125 2416 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:09:22.0281 2416 hpn - ok
17:09:22.0328 2416 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:09:22.0390 2416 HSFHWAZL - ok
17:09:22.0453 2416 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:09:22.0531 2416 HSF_DPV - ok
17:09:22.0578 2416 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:09:22.0640 2416 HTTP - ok
17:09:22.0687 2416 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:09:22.0843 2416 HTTPFilter - ok
17:09:22.0921 2416 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:09:23.0062 2416 i2omgmt - ok
17:09:23.0093 2416 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:09:23.0234 2416 i2omp - ok
17:09:23.0312 2416 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:09:23.0453 2416 i8042prt - ok
17:09:23.0593 2416 IAANTMON (ae38a12f79a4980ddb88f36514f8a1da) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
17:09:23.0625 2416 IAANTMON - ok
17:09:23.0734 2416 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:09:23.0859 2416 ialm - ok
17:09:23.0890 2416 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\DRIVERS\iaStor.sys
17:09:23.0906 2416 iaStor - ok
17:09:24.0000 2416 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:09:24.0015 2416 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:09:24.0015 2416 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:09:24.0171 2416 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:09:24.0218 2416 idsvc - ok
17:09:24.0328 2416 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:09:24.0515 2416 Imapi - ok
17:09:24.0562 2416 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:09:24.0703 2416 ImapiService - ok
17:09:24.0750 2416 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:09:24.0921 2416 ini910u - ok
17:09:25.0031 2416 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\WINDOWS\system32\drivers\int15.sys
17:09:25.0046 2416 int15 ( UnsignedFile.Multi.Generic ) - warning
17:09:25.0046 2416 int15 - detected UnsignedFile.Multi.Generic (1)
17:09:25.0140 2416 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
17:09:25.0156 2416 int15.sys ( UnsignedFile.Multi.Generic ) - warning
17:09:25.0156 2416 int15.sys - detected UnsignedFile.Multi.Generic (1)
17:09:25.0390 2416 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:09:25.0796 2416 IntcAzAudAddService - ok
17:09:25.0953 2416 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:09:26.0093 2416 IntelIde - ok
17:09:26.0125 2416 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:09:26.0281 2416 intelppm - ok
17:09:26.0312 2416 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:09:26.0453 2416 Ip6Fw - ok
17:09:26.0531 2416 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:09:26.0703 2416 IpFilterDriver - ok
17:09:26.0734 2416 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:09:26.0859 2416 IpInIp - ok
17:09:26.0890 2416 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:09:27.0046 2416 IpNat - ok
17:09:27.0125 2416 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:09:27.0265 2416 IPSec - ok
17:09:27.0296 2416 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:09:27.0421 2416 IRENUM - ok
17:09:27.0515 2416 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:09:27.0656 2416 isapnp - ok
17:09:27.0687 2416 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:09:27.0843 2416 Kbdclass - ok
17:09:27.0875 2416 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:09:28.0015 2416 kmixer - ok
17:09:28.0062 2416 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:09:28.0125 2416 KSecDD - ok
17:09:28.0171 2416 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:09:28.0250 2416 lanmanserver - ok
17:09:28.0296 2416 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:09:28.0343 2416 lanmanworkstation - ok
17:09:28.0343 2416 lbrtfdc - ok
17:09:28.0468 2416 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:09:28.0484 2416 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:09:28.0484 2416 LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:09:28.0531 2416 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:09:28.0671 2416 LmHosts - ok
17:09:28.0703 2416 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:09:28.0750 2416 mdmxsdk - ok
17:09:28.0781 2416 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:09:28.0921 2416 Messenger - ok
17:09:29.0000 2416 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:09:29.0156 2416 mnmdd - ok
17:09:29.0234 2416 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:09:29.0390 2416 mnmsrvc - ok
17:09:29.0437 2416 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:09:29.0578 2416 Modem - ok
17:09:29.0609 2416 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:09:29.0734 2416 Mouclass - ok
17:09:29.0828 2416 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:09:30.0000 2416 mouhid - ok
17:09:30.0015 2416 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:09:30.0156 2416 MountMgr - ok
17:09:30.0234 2416 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:09:30.0312 2416 MozillaMaintenance - ok
17:09:30.0343 2416 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:09:30.0500 2416 mraid35x - ok
17:09:30.0546 2416 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:09:30.0703 2416 MRxDAV - ok
17:09:30.0765 2416 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:09:30.0859 2416 MRxSmb - ok
17:09:30.0890 2416 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:09:31.0046 2416 MSDTC - ok
17:09:31.0125 2416 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:09:31.0265 2416 Msfs - ok
17:09:31.0281 2416 MSIServer - ok
17:09:31.0296 2416 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:09:31.0437 2416 MSKSSRV - ok
17:09:31.0468 2416 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:09:31.0609 2416 MSPCLOCK - ok
17:09:31.0656 2416 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:09:31.0781 2416 MSPQM - ok
17:09:31.0812 2416 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:09:31.0937 2416 mssmbios - ok
17:09:31.0968 2416 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:09:32.0109 2416 MSTEE - ok
17:09:32.0156 2416 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:09:32.0203 2416 Mup - ok
17:09:32.0234 2416 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:09:32.0375 2416 NABTSFEC - ok
17:09:32.0453 2416 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:09:32.0625 2416 napagent - ok
17:09:32.0718 2416 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:09:32.0890 2416 NDIS - ok
17:09:32.0906 2416 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:09:33.0031 2416 NdisIP - ok
17:09:33.0125 2416 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:09:33.0171 2416 NdisTapi - ok
17:09:33.0187 2416 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:09:33.0343 2416 Ndisuio - ok
17:09:33.0390 2416 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:09:33.0531 2416 NdisWan - ok
17:09:33.0562 2416 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:09:33.0593 2416 NDProxy - ok
17:09:33.0609 2416 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:09:33.0750 2416 NetBIOS - ok
17:09:33.0781 2416 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:09:33.0953 2416 NetBT - ok
17:09:34.0000 2416 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:09:34.0156 2416 NetDDE - ok
17:09:34.0171 2416 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:09:34.0312 2416 NetDDEdsdm - ok
17:09:34.0375 2416 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:09:34.0515 2416 Netlogon - ok
17:09:34.0562 2416 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:09:34.0703 2416 Netman - ok
17:09:34.0890 2416 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:09:34.0921 2416 NetTcpPortSharing - ok
17:09:34.0937 2416 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:09:35.0078 2416 NIC1394 - ok
17:09:35.0109 2416 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:09:35.0140 2416 Nla - ok
17:09:35.0187 2416 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:09:35.0328 2416 Npfs - ok
17:09:35.0359 2416 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
17:09:35.0515 2416 NSCIRDA - ok
17:09:35.0562 2416 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:09:35.0734 2416 Ntfs - ok
17:09:35.0781 2416 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
17:09:35.0796 2416 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
17:09:35.0796 2416 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
17:09:35.0843 2416 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:09:35.0984 2416 NtLmSsp - ok
17:09:36.0046 2416 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:09:36.0218 2416 NtmsSvc - ok
17:09:36.0328 2416 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:09:36.0500 2416 Null - ok
17:09:36.0515 2416 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:09:36.0671 2416 NwlnkFlt - ok
17:09:36.0687 2416 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:09:36.0859 2416 NwlnkFwd - ok
17:09:36.0890 2416 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:09:37.0031 2416 ohci1394 - ok
17:09:37.0093 2416 PAC207 (54183d1ec4a8658bbacb31acd0c8f6df) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
17:09:37.0156 2416 PAC207 - ok
17:09:37.0203 2416 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:09:37.0359 2416 Parport - ok
17:09:37.0375 2416 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:09:37.0531 2416 PartMgr - ok
17:09:37.0562 2416 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:09:37.0734 2416 ParVdm - ok
17:09:37.0812 2416 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
17:09:37.0828 2416 pavboot - ok
17:09:37.0843 2416 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:09:38.0015 2416 PCI - ok
17:09:38.0015 2416 PCIDump - ok
17:09:38.0093 2416 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:09:38.0265 2416 PCIIde - ok
17:09:38.0296 2416 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:09:38.0437 2416 Pcmcia - ok
17:09:38.0453 2416 PDCOMP - ok
17:09:38.0468 2416 PDFRAME - ok
17:09:38.0484 2416 PDRELI - ok
17:09:38.0484 2416 PDRFRAME - ok
17:09:38.0515 2416 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:09:38.0703 2416 perc2 - ok
17:09:38.0796 2416 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:09:38.0953 2416 perc2hib - ok
17:09:39.0031 2416 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:09:39.0046 2416 PlugPlay - ok
17:09:39.0093 2416 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:09:39.0218 2416 PolicyAgent - ok
17:09:39.0296 2416 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:09:39.0437 2416 PptpMiniport - ok
17:09:39.0453 2416 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:09:39.0578 2416 Processor - ok
17:09:39.0593 2416 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:09:39.0734 2416 ProtectedStorage - ok
17:09:39.0765 2416 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:09:39.0921 2416 PSched - ok
17:09:39.0921 2416 psdfilter - ok
17:09:39.0937 2416 psdvdisk - ok
17:09:40.0015 2416 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:09:40.0187 2416 Ptilink - ok
17:09:40.0203 2416 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:09:40.0390 2416 ql1080 - ok
17:09:40.0406 2416 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:09:40.0578 2416 Ql10wnt - ok
17:09:40.0578 2416 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:09:40.0750 2416 ql12160 - ok
17:09:40.0750 2416 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:09:40.0937 2416 ql1240 - ok
17:09:40.0953 2416 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:09:41.0140 2416 ql1280 - ok
17:09:41.0187 2416 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:09:41.0375 2416 RasAcd - ok
17:09:41.0406 2416 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:09:41.0546 2416 RasAuto - ok
17:09:41.0578 2416 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
17:09:41.0656 2416 Rasirda - ok
17:09:41.0671 2416 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:09:41.0812 2416 Rasl2tp - ok
17:09:41.0859 2416 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:09:41.0984 2416 RasMan - ok
17:09:42.0031 2416 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:09:42.0171 2416 RasPppoe - ok
17:09:42.0218 2416 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:09:42.0390 2416 Raspti - ok
17:09:42.0406 2416 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:09:42.0562 2416 Rdbss - ok
17:09:42.0593 2416 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:09:42.0750 2416 RDPCDD - ok
17:09:42.0812 2416 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:09:42.0937 2416 rdpdr - ok
17:09:42.0984 2416 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
17:09:43.0062 2416 RDPWD - ok
17:09:43.0109 2416 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:09:43.0281 2416 RDSessMgr - ok
17:09:43.0328 2416 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:09:43.0468 2416 redbook - ok
17:09:43.0531 2416 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:09:43.0687 2416 RemoteAccess - ok
17:09:43.0812 2416 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:09:43.0937 2416 RemoteRegistry - ok
17:09:44.0062 2416 RichVideo (2af094b1ce4725e4551f38fda2348637) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
17:09:44.0078 2416 RichVideo ( UnsignedFile.Multi.Generic ) - warning
17:09:44.0078 2416 RichVideo - detected UnsignedFile.Multi.Generic (1)
17:09:44.0140 2416 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:09:44.0281 2416 RpcLocator - ok
17:09:44.0343 2416 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:09:44.0406 2416 RpcSs - ok
17:09:44.0453 2416 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:09:44.0625 2416 RSVP - ok
17:09:44.0718 2416 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:09:44.0843 2416 SamSs - ok
17:09:44.0890 2416 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:09:45.0031 2416 SCardSvr - ok
17:09:45.0093 2416 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:09:45.0250 2416 Schedule - ok
17:09:45.0328 2416 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:09:45.0468 2416 sdbus - ok
17:09:45.0515 2416 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:09:45.0656 2416 Secdrv - ok
17:09:45.0687 2416 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:09:45.0843 2416 seclogon - ok
17:09:45.0875 2416 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:09:46.0015 2416 SENS - ok
17:09:46.0109 2416 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:09:46.0250 2416 Serial - ok
17:09:46.0390 2416 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
17:09:46.0531 2416 Sfloppy - ok
17:09:46.0593 2416 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:09:46.0750 2416 SharedAccess - ok
17:09:46.0781 2416 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:09:46.0843 2416 ShellHWDetection - ok
17:09:46.0859 2416 Simbad - ok
17:09:46.0906 2416 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:09:47.0046 2416 sisagp - ok
17:09:47.0078 2416 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:09:47.0218 2416 SLIP - ok
17:09:47.0281 2416 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:09:47.0359 2416 Sparrow - ok
17:09:47.0359 2416 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:09:47.0515 2416 splitter - ok
17:09:47.0546 2416 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:09:47.0593 2416 Spooler - ok
17:09:47.0625 2416 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:09:47.0796 2416 sr - ok
17:09:47.0906 2416 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:09:48.0046 2416 srservice - ok
17:09:48.0109 2416 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:09:48.0171 2416 Srv - ok
17:09:48.0203 2416 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:09:48.0359 2416 SSDPSRV - ok
17:09:48.0390 2416 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:09:48.0546 2416 stisvc - ok
17:09:48.0593 2416 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:09:48.0734 2416 streamip - ok
17:09:48.0750 2416 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:09:48.0890 2416 swenum - ok
17:09:48.0984 2416 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:09:49.0109 2416 swmidi - ok
17:09:49.0125 2416 SwPrv - ok
17:09:49.0187 2416 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:09:49.0359 2416 symc810 - ok
17:09:49.0390 2416 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:09:49.0562 2416 symc8xx - ok
17:09:49.0578 2416 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:09:49.0750 2416 sym_hi - ok
17:09:49.0765 2416 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:09:49.0937 2416 sym_u3 - ok
17:09:49.0968 2416 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:09:50.0015 2416 SynTP - ok
17:09:50.0031 2416 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:09:50.0171 2416 sysaudio - ok
17:09:50.0218 2416 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:09:50.0375 2416 SysmonLog - ok
17:09:50.0406 2416 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:09:50.0562 2416 TapiSrv - ok
17:09:50.0625 2416 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:09:50.0671 2416 Tcpip - ok
17:09:50.0718 2416 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:09:50.0875 2416 TDPIPE - ok
17:09:50.0921 2416 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:09:51.0046 2416 TDTCP - ok
17:09:51.0062 2416 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:09:51.0203 2416 TermDD - ok
17:09:51.0328 2416 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:09:51.0484 2416 TermService - ok
17:09:51.0531 2416 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:09:51.0562 2416 Themes - ok
17:09:51.0609 2416 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\WINDOWS\system32\drivers\tifm21.sys
17:09:51.0671 2416 tifm21 - ok
17:09:51.0703 2416 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:09:51.0859 2416 TlntSvr - ok
17:09:51.0890 2416 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:09:52.0046 2416 TosIde - ok
17:09:52.0093 2416 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:09:52.0281 2416 TrkWks - ok
17:09:52.0390 2416 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys
17:09:52.0421 2416 tvicport ( UnsignedFile.Multi.Generic ) - warning
17:09:52.0421 2416 tvicport - detected UnsignedFile.Multi.Generic (1)
17:09:52.0437 2416 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
17:09:52.0453 2416 UBHelper ( UnsignedFile.Multi.Generic ) - warning
17:09:52.0453 2416 UBHelper - detected UnsignedFile.Multi.Generic (1)
17:09:52.0484 2416 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:09:52.0625 2416 Udfs - ok
17:09:52.0625 2416 UIUSys - ok
17:09:52.0671 2416 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:09:52.0750 2416 ultra - ok
17:09:52.0812 2416 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:09:52.0953 2416 Update - ok
17:09:53.0000 2416 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:09:53.0140 2416 upnphost - ok
17:09:53.0171 2416 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:09:53.0343 2416 UPS - ok
17:09:53.0375 2416 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:09:53.0515 2416 usbccgp - ok
17:09:53.0562 2416 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:09:53.0687 2416 usbehci - ok
17:09:53.0734 2416 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:09:53.0875 2416 usbhub - ok
17:09:53.0906 2416 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:09:54.0046 2416 usbstor - ok
17:09:54.0078 2416 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:09:54.0203 2416 usbuhci - ok
17:09:54.0218 2416 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:09:54.0375 2416 usbvideo - ok
17:09:54.0406 2416 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:09:54.0546 2416 VgaSave - ok
17:09:54.0578 2416 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:09:54.0703 2416 viaagp - ok
17:09:54.0718 2416 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:09:54.0859 2416 ViaIde - ok
17:09:54.0890 2416 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:09:55.0015 2416 VolSnap - ok
17:09:55.0062 2416 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:09:55.0203 2416 VSS - ok
17:09:55.0250 2416 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:09:55.0390 2416 W32Time - ok
17:09:55.0421 2416 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:09:55.0578 2416 Wanarp - ok
17:09:55.0578 2416 WDICA - ok
17:09:55.0625 2416 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:09:55.0765 2416 wdmaud - ok
17:09:55.0812 2416 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:09:55.0968 2416 WebClient - ok
17:09:56.0031 2416 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:09:56.0093 2416 winachsf - ok
17:09:56.0171 2416 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:09:56.0328 2416 winmgmt - ok
17:09:56.0375 2416 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:09:56.0453 2416 WmdmPmSN - ok
17:09:56.0531 2416 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:09:56.0578 2416 Wmi - ok
17:09:56.0687 2416 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:09:56.0828 2416 WmiAcpi - ok
17:09:56.0875 2416 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:09:57.0031 2416 WmiApSrv - ok
17:09:57.0171 2416 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:09:57.0234 2416 WMPNetworkSvc - ok
17:09:57.0406 2416 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:09:57.0453 2416 WPFFontCache_v0400 - ok
17:09:57.0562 2416 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:09:57.0734 2416 wscsvc - ok
17:09:57.0812 2416 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:09:57.0968 2416 WSTCODEC - ok
17:09:57.0984 2416 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:09:58.0140 2416 wuauserv - ok
17:09:58.0187 2416 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:09:58.0265 2416 WudfPf - ok
17:09:58.0296 2416 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:09:58.0328 2416 WudfRd - ok
17:09:58.0375 2416 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:09:58.0421 2416 WudfSvc - ok
17:09:58.0500 2416 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:09:58.0656 2416 WZCSVC - ok
17:09:58.0687 2416 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:09:58.0859 2416 xmlprov - ok
17:09:58.0890 2416 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys
17:09:58.0921 2416 zntport ( UnsignedFile.Multi.Generic ) - warning
17:09:58.0921 2416 zntport - detected UnsignedFile.Multi.Generic (1)
17:09:58.0968 2416 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
17:10:02.0562 2416 \Device\Harddisk0\DR0 - ok
17:10:02.0562 2416 Boot (0x1200) (dd62ec8045ade2da4ea35ba2ce79dfb1) \Device\Harddisk0\DR0\Partition0
17:10:02.0578 2416 \Device\Harddisk0\DR0\Partition0 - ok
17:10:02.0609 2416 Boot (0x1200) (cb6a0d09931dc264d8e90341f2fdeab4) \Device\Harddisk0\DR0\Partition1
17:10:02.0609 2416 \Device\Harddisk0\DR0\Partition1 - ok
17:10:02.0609 2416 ============================================================
17:10:02.0609 2416 Scan finished
17:10:02.0609 2416 ============================================================
17:10:02.0734 6576 Detected object count: 10
17:10:02.0734 6576 Actual detected object count: 10
17:11:58.0578 6576 eLockService ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:58.0578 6576 eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:11:58.0593 6576 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:58.0593 6576 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:11:58.0593 6576 int15 ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:58.0593 6576 int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:11:58.0593 6576 int15.sys ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:58.0593 6576 int15.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:11:58.0593 6576 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:58.0593 6576 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:11:58.0593 6576 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:58.0593 6576 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:11:58.0609 6576 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:58.0609 6576 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:11:58.0609 6576 tvicport ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:58.0609 6576 tvicport ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:11:58.0609 6576 UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:58.0609 6576 UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:11:58.0609 6576 zntport ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:58.0609 6576 zntport ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:41.0765 7692 Deinitialize success
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Check for DNS-Changer malware

Unread postby melboy » July 7th, 2012, 12:33 pm

It does look like a false positive. I've experienced this before with that particular file - It's an Acer eRecovery file.

The "threats" are unsigned files. This is not unusual so nothing to worry about.


Submit a sample

  • Please click on this LINK. A new window will open.

  • Copy the text inside the codebox below & paste it into the box marked Link to topic where this file was requested:
    Code: Select all
    http://malwareremoval.com/forum/viewtopic.php?p=610791#p610791
  • Click the Browse button and navigate to:
    C:\WINDOWS\system32\drivers\int15.sys
  • Select the file and click Open
  • In the Leave any comments... box, please put:
    For melboy, Acer file.
  • Finally click SendFile
  • let me know in your next post if the upload was successful.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Check for DNS-Changer malware

Unread postby rbd » July 7th, 2012, 12:46 pm

Ok, I feel more reassured.

File sent, the message at the end confirmed this.

Thanks,
rbd
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Check for DNS-Changer malware

Unread postby melboy » July 7th, 2012, 1:17 pm

Thanks. I'll get aswMBR's developer to take a look at the file and see if he can find out why it hits it.

Everything looks good - any problems?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Check for DNS-Changer malware

Unread postby rbd » July 7th, 2012, 1:47 pm

Pheew! Glad to know everything's ok, but what a scare withthat Zeroot! I read it could have been a very bad virus.
And many thanks for checking for the DNS-Changer: I wanted to be sure, to avoid being without internet on monday.

What about the issues with the Windows Firewall and with the Windows Updates not downloading from the balloon, that I mentioned a few posts ago: are they all normal things?
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Check for DNS-Changer malware

Unread postby melboy » July 7th, 2012, 1:55 pm

Quirks of Windows. There's probably a small delay between the computer starting & the service for the Windows firewall starting - By the time you check Security Center it is on.

FSS

Please download Farbar's Service Scanner from here and save it to your desktop.

  • Double click FSS.exe to run it.
  • Check the following checkboxes only (RpcSs and PlugPlay is checked by default)

    • Windows Firewall
    • Windows Update

  • Click Scan
  • When finished, notepad will open. Please post the contents in your next reply.

Note: The log can also be found on your desktop named FSS.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Check for DNS-Changer malware

Unread postby rbd » July 7th, 2012, 2:09 pm

I hoped so.
FSS scan done - see log below.

=================

Farbar Service Scanner Version: 02-07-2012
Ran by Administrator (administrator) on 07-07-2012 at 19:05:38
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************



Windows Firewall:
=============

Firewall Disabled Policy:
==================


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 141 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware