Free Malware Removal Forum

by **shauni_g** » October 26th, 2010, 3:26 am

My laptop is using Windows XP SP 3 and has McAfee Security Centre installed. About a month ago my internet connection started dropping out a lot of the time whenever I started up Outlook before browsing the Internet (eg straight after booting up I would open up Outlook to try and get my email and it would return an error saying it couldn't connect to the mail server. Then if I tried to browse the Internet (I almost always use Firefox for this) this was not possible). I would then have to unplug the modem and plug it back in again and reset my laptop to get a working internet connection again. When Windows attempted to shutdown, a box appeared saying that Windows was ending a task simply called 'n'. It would do this successfully quite quickly and Windows would shutdown and the laptop would reboot with no further problems.

After noticing this same pattern occur a number of times I did some research on the Internet to see if this 'n' process was dangerous and the consensus of opinion I found seemed to suggest it was. I ran a full scan using McAfee which returned no problems and then, following advice from a forum at McAfee's website, ran full scans using SuperAntiSpyware and MalwareBytes' Anti-Malware. These both returned a number of suspect things and I deleted/quarantened all of them. After this things seemed to be fixed and the problem with the internet connection dropping disappeared as did any traces that 'n' was running.

Unfortunately over the last week I have noticed that the same behaviour has started again. I ran full scans with SuperAntiSpyware and MalwareBytes' Anti-Malware again and again deleted/quarantened all reported items. This time however they did not seem to report anything particularly dangerous looking (just some files related to Centrebet's poker program (a sport's gambling website that also has it's own poker software which I have installed but rarely play). The last day or two I have not experienced any problems but 1) I have not used the computer that much the past two days and 2) I want to make sure that I have actually gotten rid of anything bad on my laptop for good (if there ever was anything bad on it). I hope someone on this forum can help me.

Find below the contents of my HijackThis log and Uninstall List from scans I ran about an hour ago. Please let me know if you need further information about anything or if I can provide any further details.

Thanks in advance,
Shaun

hijackthis.log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:40:35 PM, on 26/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/ ... jhtml?p=DA
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://au.mcafee.com/apps/msk/en-au/red ... popup=true
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100920095506.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Shaun and Melanie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ast Service - Nalpeiron Ltd. - C:\WINDOWS\system32\\AstSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11194 bytes

uninstall_list.txt

924PLC32
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Advertising Center
AOL Australia
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Auto Gordian Knot 2.45
AviSynth 2.5
Bonjour
Broadcom Management Programs
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Celtx (2.7)
Centrebet.net
Conexant HDA D110 MDC V.92 Modem
Dell Media Experience
Dell Photo AIO Printer 924
Dell Support 3.1
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DMX Update
DVD Decrypter (Remove Only)
e-tax 2006
e-tax 2007
e-tax 2008
e-tax 2009
e-tax 2010
Facebook Developer Toolkit 1.0
Full Tilt Poker
Google Earth Plug-in
Google Update Helper
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB929120)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
iPod Reset Utility
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java DB 10.3.1.4
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 6
Java(TM) SE Runtime Environment 6 Update 1
Kitten Saver
Ladbrokes Poker
Malwarebytes' Anti-Malware
McAfee SecurityCenter
mCore
MCU
mDriver
mDrWiFi
Media Manager for WALKMAN 1.2
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Basic Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Toolbox Controls Installer
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Visual Web Developer 2005 Express Edition - ENU
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.5.1)
mPfMgr
mPfWiz
mProSafe
mSSO
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mWMI
mXML
My Way Search Assistant
mZConfig
Nero 9 Lite
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
neroxml
NetBeans IDE 6.0.1
NetWaiting
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
OpenMG Secure Module 4.7.00
Ovi Desktop Sync Engine
OviMPlatform
Pacific Poker
PC Connectivity Solution
PokerStars
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer
Sage Blackjack Shareware
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Shogun Total War
Sid Meier's Civilization 4 Complete
Sid Meier's Pirates!
Skype™ 4.1
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SUPERAntiSpyware
Synaptics Pointing Device Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Viewpoint Media Player (Remove Only)
Virgin Mobile
VobSub v2.23 (Remove Only)
WebCyberCoach 3.2 Dell
Windows Backup Utility
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Xvid 1.2.1 final uninstall
XviD MPEG4 Video Codec (remove only)

by **askey127** » October 27th, 2010, 6:11 pm

Hi shauni_g,
Tell me why you are still at Service Pack 2 and IE6. No wonder it's infected.

Those old Java and Adobe apps are vulnerable, and will get your machine infected in a hurry.
Those poker sites are all regarded as spyware purveyors, except for PokerStars.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Shaun and Melanie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
Pacific Poker
My Way Search Assistant
Ladbrokes Poker
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java DB 10.3.1.4
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 6
Java(TM) SE Runtime Environment 6 Update 1
Full Tilt Poker
Adobe Reader 7.1.0

Take extra care in answering questions posed by any Uninstaller.
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 22 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, (or right click and choose "Run as administrator") and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.4 are vulnerable.
Go HERE and click on AdbeRdr940_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
--------------------------------------------
Let's check for a common rootkit first:
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista - W7 users: Right-click and select "Run As Administrator".
If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
If you don't see file extensions, please see: How to change the file extension.
Click the Start Scan button. Do not use the computer during the scan!
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
- Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

So we are looking for the TDSSKiller log, and the reasoning behind SP2 and IE6.
askey127

by **shauni_g** » October 28th, 2010, 5:09 am

Thanks askey127. It seems I am somewhat mistaken because, as evidenced from the first sentence of my post, I thought I had downloaded SP3. Obviously that doesn't seem to be the case. That is the only reason I am on SP2. I take it I should be downloading SP3 ASAP? As for IE6 I have not upgraded it because I never use IE. Is it better to upgrade it regardless?

I also would like to know if you think Full Tilt Poker could actually be dangerous for my computer as I have an account there and frequently play poker using their software? I have removed it as you specified and should you recommend not using their software I will take your advice but it would be preferable to me if I could keep playing poker with Full Tilt. To stress again though if you think it is for the best I will no longer use their software.

Finally please find below the TDSSKiller log. There was only one problem with the scan and that was that the results screen gave different options to those you specified in your directions. The results reported that 18 suspicious files were found but the default option for all of them was 'Skip'. The other two options were 'Delete' and 'Quarantine'. Cure was not an option. I went with the default 'Skip' option. I thought it was safer than choosing 'Delete' in case I got the wrong option. Please advise whether this was correct or not.

Thanks again for your help. I look forward to your next reply.

Shaun

2010/10/28 19:49:53.0843 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/28 19:49:53.0843 ================================================================================
2010/10/28 19:49:53.0843 SystemInfo:
2010/10/28 19:49:53.0843
2010/10/28 19:49:53.0843 OS Version: 5.1.2600 ServicePack: 2.0
2010/10/28 19:49:53.0843 Product type: Workstation
2010/10/28 19:49:53.0843 ComputerName: SHAUNANDMELANIE
2010/10/28 19:49:53.0843 UserName: Shaun and Melanie
2010/10/28 19:49:53.0843 Windows directory: C:\WINDOWS
2010/10/28 19:49:53.0843 System windows directory: C:\WINDOWS
2010/10/28 19:49:53.0843 Processor architecture: Intel x86
2010/10/28 19:49:53.0843 Number of processors: 2
2010/10/28 19:49:53.0843 Page size: 0x1000
2010/10/28 19:49:53.0843 Boot type: Normal boot
2010/10/28 19:49:53.0843 ================================================================================
2010/10/28 19:49:54.0156 Initialize success
2010/10/28 19:50:10.0500 ================================================================================
2010/10/28 19:50:10.0500 Scan started
2010/10/28 19:50:10.0500 Mode: Manual;
2010/10/28 19:50:10.0500 ================================================================================
2010/10/28 19:50:11.0484 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/28 19:50:13.0531 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/28 19:50:13.0937 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/28 19:50:14.0062 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/28 19:50:14.0203 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/10/28 19:50:16.0968 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/10/28 19:50:17.0156 AegisP - detected Unsigned file (1)
2010/10/28 19:50:17.0203 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/10/28 19:50:17.0312 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/28 19:50:17.0500 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/28 19:50:17.0640 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/28 19:50:17.0796 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/28 19:50:17.0968 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/28 19:50:18.0171 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/28 19:50:18.0296 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/28 19:50:18.0437 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/28 19:50:18.0578 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/28 19:50:18.0671 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/10/28 19:50:18.0796 APPDRV - detected Unsigned file (1)
2010/10/28 19:50:18.0828 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/28 19:50:18.0953 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/28 19:50:19.0078 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/28 19:50:19.0250 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/28 19:50:19.0531 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/28 19:50:19.0734 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/28 19:50:19.0984 ati2mtag (bebeb471617782d138b6f92e7c3fab1c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/10/28 19:50:20.0359 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/28 19:50:20.0656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/28 19:50:20.0828 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/10/28 19:50:20.0937 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/28 19:50:21.0140 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/28 19:50:21.0296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/28 19:50:21.0421 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/28 19:50:21.0515 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/28 19:50:21.0671 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/28 19:50:21.0812 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/28 19:50:21.0953 cfwids (426ee59b25988bb3382fc0a3655deaa2) C:\WINDOWS\system32\drivers\cfwids.sys
2010/10/28 19:50:22.0156 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/28 19:50:22.0296 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/28 19:50:22.0437 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/28 19:50:22.0562 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/28 19:50:22.0828 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/28 19:50:22.0984 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/28 19:50:23.0156 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/28 19:50:23.0328 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/28 19:50:23.0546 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/28 19:50:23.0750 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/28 19:50:23.0906 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/28 19:50:24.0078 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/28 19:50:24.0218 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/28 19:50:24.0359 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/10/28 19:50:24.0437 drvmcdb - detected Unsigned file (1)
2010/10/28 19:50:24.0453 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/10/28 19:50:24.0546 drvnddm - detected Unsigned file (1)
2010/10/28 19:50:24.0578 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/28 19:50:24.0843 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/28 19:50:25.0000 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/28 19:50:25.0140 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/28 19:50:25.0312 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/28 19:50:25.0453 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/28 19:50:25.0656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/28 19:50:25.0812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/28 19:50:25.0968 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/10/28 19:50:26.0046 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/28 19:50:26.0234 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/28 19:50:26.0359 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/28 19:50:26.0515 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/28 19:50:26.0734 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/10/28 19:50:26.0890 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/10/28 19:50:27.0140 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/28 19:50:27.0281 hwdatacard (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2010/10/28 19:50:27.0562 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/28 19:50:27.0843 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/28 19:50:28.0046 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/28 19:50:28.0187 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/28 19:50:28.0312 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/28 19:50:28.0500 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/28 19:50:28.0656 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/28 19:50:28.0796 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/28 19:50:28.0937 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/28 19:50:29.0078 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/28 19:50:29.0218 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/28 19:50:29.0359 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/28 19:50:29.0484 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/28 19:50:29.0578 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/28 19:50:29.0750 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/28 19:50:29.0921 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/28 19:50:30.0078 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/28 19:50:30.0203 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/28 19:50:30.0390 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/28 19:50:30.0453 mfeapfk (5bd0c401a8ee4a54f6176c0a10d595ae) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/10/28 19:50:30.0500 mfeavfk (f3bb4dc61b4dc662bdc778cf1634fae1) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/10/28 19:50:30.0640 mfebopk (b1498db38d129ed31650422fc8bab9c5) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/10/28 19:50:30.0718 mfefirek (51e9ccea45c78858a229afb6e682cf41) C:\WINDOWS\system32\drivers\mfefirek.sys
2010/10/28 19:50:30.0796 mfehidk (32f7298664874715ce469a79078853c4) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/10/28 19:50:30.0968 mfendisk (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/10/28 19:50:31.0062 mfendiskmp (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/10/28 19:50:31.0125 mferkdet (858337b64484cd80eee7d2eba5ac61bc) C:\WINDOWS\system32\drivers\mferkdet.sys
2010/10/28 19:50:31.0296 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/10/28 19:50:31.0515 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2010/10/28 19:50:31.0718 mfetdi2k (3363aca7b66bd6b37d0f5c148dc9d34b) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2010/10/28 19:50:31.0750 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/28 19:50:31.0968 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/28 19:50:32.0156 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/28 19:50:32.0312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/28 19:50:32.0468 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/28 19:50:32.0625 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/28 19:50:32.0875 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/28 19:50:33.0234 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/28 19:50:33.0343 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/28 19:50:33.0765 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/28 19:50:33.0906 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/28 19:50:34.0031 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/28 19:50:34.0156 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/28 19:50:34.0296 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/28 19:50:34.0453 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/28 19:50:34.0593 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/28 19:50:34.0718 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/28 19:50:34.0859 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/28 19:50:34.0968 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/28 19:50:35.0125 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/28 19:50:35.0281 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/28 19:50:35.0453 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/28 19:50:35.0703 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/10/28 19:50:36.0187 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/10/28 19:50:36.0328 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/28 19:50:36.0515 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/28 19:50:36.0796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/28 19:50:37.0031 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/28 19:50:37.0390 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/28 19:50:37.0515 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/28 19:50:37.0687 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/28 19:50:37.0875 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/10/28 19:50:37.0953 omci - detected Unsigned file (1)
2010/10/28 19:50:37.0984 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/28 19:50:38.0140 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/28 19:50:38.0281 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/28 19:50:38.0437 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/10/28 19:50:38.0656 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/28 19:50:38.0859 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/28 19:50:39.0109 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/28 19:50:39.0312 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/28 19:50:39.0453 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/28 19:50:39.0640 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/28 19:50:39.0765 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/28 19:50:39.0906 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/28 19:50:40.0062 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/28 19:50:40.0140 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/28 19:50:40.0265 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/28 19:50:40.0421 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/28 19:50:40.0578 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/28 19:50:40.0765 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/28 19:50:40.0921 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/28 19:50:41.0062 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/28 19:50:41.0203 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/28 19:50:41.0328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/28 19:50:41.0468 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/28 19:50:41.0984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/28 19:50:42.0234 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/28 19:50:42.0500 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/28 19:50:42.0593 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/28 19:50:42.0796 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/10/28 19:50:42.0984 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/10/28 19:50:43.0203 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/10/28 19:50:43.0453 s24trans (2c0e9e777ab1849b43494626c1f308b5) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/10/28 19:50:43.0578 s24trans - detected Unsigned file (1)
2010/10/28 19:50:43.0718 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/28 19:50:43.0812 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/10/28 19:50:43.0953 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/10/28 19:50:44.0093 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/28 19:50:44.0218 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/28 19:50:44.0375 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/28 19:50:44.0500 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/10/28 19:50:44.0625 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/10/28 19:50:44.0765 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/28 19:50:44.0937 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/28 19:50:45.0093 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/28 19:50:45.0187 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/28 19:50:45.0328 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/28 19:50:45.0437 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/28 19:50:45.0640 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/10/28 19:50:45.0734 sscdbhk5 - detected Unsigned file (1)
2010/10/28 19:50:45.0765 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/10/28 19:50:45.0859 ssrtln - detected Unsigned file (1)
2010/10/28 19:50:45.0937 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2010/10/28 19:50:46.0171 StMp3Rec (a53f80612918ef9c64d5d319f2291007) C:\WINDOWS\system32\Drivers\StMp3Rec.sys
2010/10/28 19:50:46.0265 StMp3Rec - detected Unsigned file (1)
2010/10/28 19:50:46.0328 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/28 19:50:46.0593 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/28 19:50:46.0781 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/28 19:50:47.0437 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/28 19:50:47.0703 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/28 19:50:47.0984 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/28 19:50:48.0203 SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/10/28 19:50:48.0375 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/28 19:50:48.0531 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/28 19:50:48.0734 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/28 19:50:48.0890 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/28 19:50:49.0046 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/28 19:50:49.0296 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/10/28 19:50:49.0359 tfsnboio - detected Unsigned file (1)
2010/10/28 19:50:49.0375 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/10/28 19:50:49.0453 tfsncofs - detected Unsigned file (1)
2010/10/28 19:50:49.0484 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/10/28 19:50:49.0562 tfsndrct - detected Unsigned file (1)
2010/10/28 19:50:49.0593 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2010/10/28 19:50:49.0671 tfsndres - detected Unsigned file (1)
2010/10/28 19:50:49.0718 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/10/28 19:50:49.0812 tfsnifs - detected Unsigned file (1)
2010/10/28 19:50:49.0828 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/10/28 19:50:49.0890 tfsnopio - detected Unsigned file (1)
2010/10/28 19:50:49.0906 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/10/28 19:50:49.0968 tfsnpool - detected Unsigned file (1)
2010/10/28 19:50:50.0000 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/10/28 19:50:50.0078 tfsnudf - detected Unsigned file (1)
2010/10/28 19:50:50.0125 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/10/28 19:50:50.0187 tfsnudfa - detected Unsigned file (1)
2010/10/28 19:50:50.0234 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/28 19:50:50.0390 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/28 19:50:50.0515 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/28 19:50:50.0656 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/28 19:50:50.0859 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/10/28 19:50:51.0000 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/28 19:50:51.0156 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/28 19:50:51.0296 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/28 19:50:51.0578 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/28 19:50:51.0718 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/28 19:50:51.0890 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\drivers\usbser.sys
2010/10/28 19:50:52.0015 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/10/28 19:50:52.0125 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/28 19:50:52.0281 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/28 19:50:52.0437 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/10/28 19:50:52.0578 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/28 19:50:52.0765 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/28 19:50:52.0921 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/28 19:50:53.0125 w39n51 (95c7421f8bafc85ba09d33364058937d) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/10/28 19:50:53.0328 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/28 19:50:53.0531 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/10/28 19:50:53.0703 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/28 19:50:53.0906 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/28 19:50:54.0265 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/10/28 19:50:54.0390 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/28 19:50:54.0593 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/28 19:50:54.0843 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/28 19:50:54.0921 ================================================================================
2010/10/28 19:50:54.0921 Scan finished
2010/10/28 19:50:54.0921 ================================================================================
2010/10/28 19:50:55.0031 Detected object count: 18
2010/10/28 19:53:27.0015 Unsigned file(AegisP) - User select action: Skip
2010/10/28 19:53:27.0031 Unsigned file(APPDRV) - User select action: Skip
2010/10/28 19:53:27.0031 Unsigned file(drvmcdb) - User select action: Skip
2010/10/28 19:53:27.0031 Unsigned file(drvnddm) - User select action: Skip
2010/10/28 19:53:27.0046 Unsigned file(omci) - User select action: Skip
2010/10/28 19:53:27.0046 Unsigned file(s24trans) - User select action: Skip
2010/10/28 19:53:27.0046 Unsigned file(sscdbhk5) - User select action: Skip
2010/10/28 19:53:27.0062 Unsigned file(ssrtln) - User select action: Skip
2010/10/28 19:53:27.0062 Unsigned file(StMp3Rec) - User select action: Skip
2010/10/28 19:53:27.0062 Unsigned file(tfsnboio) - User select action: Skip
2010/10/28 19:53:27.0078 Unsigned file(tfsncofs) - User select action: Skip
2010/10/28 19:53:27.0078 Unsigned file(tfsndrct) - User select action: Skip
2010/10/28 19:53:27.0078 Unsigned file(tfsndres) - User select action: Skip
2010/10/28 19:53:27.0093 Unsigned file(tfsnifs) - User select action: Skip
2010/10/28 19:53:27.0093 Unsigned file(tfsnopio) - User select action: Skip
2010/10/28 19:53:27.0093 Unsigned file(tfsnpool) - User select action: Skip
2010/10/28 19:53:27.0109 Unsigned file(tfsnudf) - User select action: Skip
2010/10/28 19:53:27.0109 Unsigned file(tfsnudfa) - User select action: Skip
2010/10/28 19:53:46.0687 Deinitialize success

by **askey127** » October 28th, 2010, 12:27 pm

shauni_g,
-----------------------------------------------------------
Download and Run a Diagnostic Tool (MGADiag.exe) from here and save this to your desktop.
http://go.microsoft.com/fwlink/?linkid=56062
* Double-click on MGADiag.exe
* When the program has finished, click on the Validation tab and then click on Copy to Clipboard.
* Please post the results in your next reply.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

Code: Select all

:filefind
tfsnboio.sys
tfsncofs.sys
tfsndrct.sys
tfsndres.sys
tfsnifs.sys
tfsnopio.sys
tfsnpool.sys
tfsnudf.sys
tfsnudfa.sys
sscdbhk5.sys
ssrtln.sys
s24trans.sys
omci.sys
drvmcdb.sys
drvnddm.sys
APPDRV.SYS

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127

by **shauni_g** » October 29th, 2010, 8:04 pm

Log from MGADiag:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Validation Control not Installed
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 76477-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.2.0.hom
ID: {89FA1877-A839-4291-836B-D39E5C3A1887}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Basic Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{89FA1877-A839-4291-836B-D39E5C3A1887}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>76477-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1618653696-4247087301-1619217388</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>MM061 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="4"/><Date>20060309000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>E5263ECF0184606E</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Inspiron I6400</name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91130409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Basic Edition 2003</Name><Ver>11</Ver><Val>2A93422C492971A</Val><Hash>4l6v1BSeLZeh72csltE+SL60eH8=</Hash><Pid>73102-OEM-5690994-38680</Pid><PidType>6</PidType></Product></Products><Applications><App Id="16" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 4000:Dell Inc|4000:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A

Contents of SystemLook.txt:

SystemLook 04.09.10 by jpshortstuff
Log created at 10:56 on 30/10/2010 by Shaun and Melanie
Administrator - Elevation successful

========== filefind ==========

Searching for "tfsnboio.sys"
C:\i386\tfsnboio.sys --a---- 25883 bytes [08:04 06/05/2006] [17:05 05/12/2004] 30698355067D07DA5F9EB81132C9FDD6
C:\Program Files\Sonic\DLA\install\tfsnboio.sys --a---- 25883 bytes [17:05 05/12/2004] [17:05 05/12/2004] 30698355067D07DA5F9EB81132C9FDD6
C:\WINDOWS\system32\dla\tfsnboio.sys --a---- 25883 bytes [00:12 02/05/2006] [17:05 05/12/2004] 30698355067D07DA5F9EB81132C9FDD6

Searching for "tfsncofs.sys"
C:\i386\tfsncofs.sys --a---- 34843 bytes [08:04 06/05/2006] [17:05 05/12/2004] FB9D825BB4A2ABDF24600F7505050E2B
C:\Program Files\Sonic\DLA\install\tfsncofs.sys --a---- 34843 bytes [17:05 05/12/2004] [17:05 05/12/2004] FB9D825BB4A2ABDF24600F7505050E2B
C:\WINDOWS\system32\dla\tfsncofs.sys --a---- 34843 bytes [00:12 02/05/2006] [17:05 05/12/2004] FB9D825BB4A2ABDF24600F7505050E2B

Searching for "tfsndrct.sys"
C:\i386\tfsndrct.sys --a---- 4123 bytes [08:04 06/05/2006] [17:05 05/12/2004] CAFD8CCA11AA1E8B6D2EA1BA8F70EC33
C:\Program Files\Sonic\DLA\install\tfsndrct.sys --a---- 4123 bytes [17:05 05/12/2004] [17:05 05/12/2004] CAFD8CCA11AA1E8B6D2EA1BA8F70EC33
C:\WINDOWS\system32\dla\tfsndrct.sys --a---- 4123 bytes [00:12 02/05/2006] [17:05 05/12/2004] CAFD8CCA11AA1E8B6D2EA1BA8F70EC33

Searching for "tfsndres.sys"
C:\i386\tfsndres.sys --a---- 2239 bytes [08:04 06/05/2006] [17:05 05/12/2004] 8DB1E78FBF7C426D8EC3D8F1A33D6485
C:\Program Files\Sonic\DLA\install\tfsndres.sys --a---- 2239 bytes [17:05 05/12/2004] [17:05 05/12/2004] 8DB1E78FBF7C426D8EC3D8F1A33D6485
C:\WINDOWS\system32\dla\tfsndres.sys --a---- 2239 bytes [00:12 02/05/2006] [17:05 05/12/2004] 8DB1E78FBF7C426D8EC3D8F1A33D6485

Searching for "tfsnifs.sys"
C:\i386\tfsnifs.sys --a---- 86586 bytes [08:04 06/05/2006] [17:05 05/12/2004] B92F67A71CC8176F331B8AA8D9F555AD
C:\Program Files\Sonic\DLA\install\tfsnifs.sys --a---- 86586 bytes [17:05 05/12/2004] [17:05 05/12/2004] B92F67A71CC8176F331B8AA8D9F555AD
C:\WINDOWS\system32\dla\tfsnifs.sys --a---- 86586 bytes [00:12 02/05/2006] [17:05 05/12/2004] B92F67A71CC8176F331B8AA8D9F555AD

Searching for "tfsnopio.sys"
C:\i386\tfsnopio.sys --a---- 15227 bytes [08:04 06/05/2006] [17:05 05/12/2004] 85985FAA9A71E2358FCC2EDEFC2A3C5C
C:\Program Files\Sonic\DLA\install\tfsnopio.sys --a---- 15227 bytes [17:05 05/12/2004] [17:05 05/12/2004] 85985FAA9A71E2358FCC2EDEFC2A3C5C
C:\WINDOWS\system32\dla\tfsnopio.sys --a---- 15227 bytes [00:12 02/05/2006] [17:05 05/12/2004] 85985FAA9A71E2358FCC2EDEFC2A3C5C

Searching for "tfsnpool.sys"
C:\i386\tfsnpool.sys --a---- 6363 bytes [08:04 06/05/2006] [17:05 05/12/2004] BBA22094F0F7C210567EFDAF11F64495
C:\Program Files\Sonic\DLA\install\tfsnpool.sys --a---- 6363 bytes [17:05 05/12/2004] [17:05 05/12/2004] BBA22094F0F7C210567EFDAF11F64495
C:\WINDOWS\system32\dla\tfsnpool.sys --a---- 6363 bytes [00:12 02/05/2006] [17:05 05/12/2004] BBA22094F0F7C210567EFDAF11F64495

Searching for "tfsnudf.sys"
C:\i386\tfsnudf.sys --a---- 98714 bytes [08:04 06/05/2006] [17:05 05/12/2004] 81340BEF80B9811E98CE64611E67E3FF
C:\Program Files\Sonic\DLA\install\tfsnudf.sys --a---- 98714 bytes [17:05 05/12/2004] [17:05 05/12/2004] 81340BEF80B9811E98CE64611E67E3FF
C:\WINDOWS\system32\dla\tfsnudf.sys --a---- 98714 bytes [00:12 02/05/2006] [17:05 05/12/2004] 81340BEF80B9811E98CE64611E67E3FF

Searching for "tfsnudfa.sys"
C:\i386\tfsnudfa.sys --a---- 100603 bytes [08:04 06/05/2006] [17:05 05/12/2004] C035FD116224CCC8325F384776B6A8BB
C:\Program Files\Sonic\DLA\install\tfsnudfa.sys --a---- 100603 bytes [17:05 05/12/2004] [17:05 05/12/2004] C035FD116224CCC8325F384776B6A8BB
C:\WINDOWS\system32\dla\tfsnudfa.sys --a---- 100603 bytes [00:12 02/05/2006] [17:05 05/12/2004] C035FD116224CCC8325F384776B6A8BB

Searching for "sscdbhk5.sys"
C:\i386\sscdbhk5.sys --a---- 5627 bytes [08:05 06/05/2006] [03:29 14/07/2004] D7968049BE0ADBB6A57CEE3960320911
C:\Program Files\Sonic\DLA\install\sscdbhk5.sys --a---- 5627 bytes [03:29 14/07/2004] [03:29 14/07/2004] D7968049BE0ADBB6A57CEE3960320911
C:\WINDOWS\system32\drivers\sscdbhk5.sys --a---- 5627 bytes [00:12 02/05/2006] [03:29 14/07/2004] D7968049BE0ADBB6A57CEE3960320911

Searching for "ssrtln.sys"
C:\i386\ssrtln.sys --a---- 23545 bytes [08:05 06/05/2006] [03:28 14/07/2004] C3FFD65ABFB6441E7606CF74F1155273
C:\Program Files\Sonic\DLA\install\ssrtln.sys --a---- 23545 bytes [03:28 14/07/2004] [03:28 14/07/2004] C3FFD65ABFB6441E7606CF74F1155273
C:\WINDOWS\system32\drivers\ssrtln.sys --a---- 23545 bytes [00:12 02/05/2006] [03:28 14/07/2004] C3FFD65ABFB6441E7606CF74F1155273

Searching for "s24trans.sys"
C:\i386\s24trans.sys --a---- 13568 bytes [08:05 06/05/2006] [05:22 28/12/2005] 2E4E912CE95F5EF4D4A5079F6CE367FC
C:\WINDOWS\system32\drivers\s24trans.sys --a---- 13568 bytes [23:52 30/04/2006] [23:52 30/04/2006] 2C0E9E777AB1849B43494626C1F308B5

Searching for "omci.sys"
C:\i386\omci.sys --a---- 17153 bytes [08:05 06/05/2006] [08:46 13/02/2004] B17228142CEC9B3C222239FD935A37CA
C:\WINDOWS\system32\drivers\omci.sys --a---- 17153 bytes [00:15 02/05/2006] [08:46 13/02/2004] B17228142CEC9B3C222239FD935A37CA

Searching for "drvmcdb.sys"
C:\i386\drvmcdb.sys --a---- 87488 bytes [08:05 06/05/2006] [19:22 30/11/2004] E814854E6B246CCF498874839AB64D77
C:\Program Files\Sonic\DLA\install\drvmcdb.sys --a---- 87488 bytes [19:22 30/11/2004] [19:22 30/11/2004] E814854E6B246CCF498874839AB64D77
C:\WINDOWS\system32\drivers\drvmcdb.sys --a---- 87488 bytes [00:12 02/05/2006] [19:22 30/11/2004] E814854E6B246CCF498874839AB64D77

Searching for "drvnddm.sys"
C:\i386\drvnddm.sys --a---- 40480 bytes [08:05 06/05/2006] [18:56 22/11/2004] EE83A4EBAE70BC93CF14879D062F548B
C:\Program Files\Sonic\DLA\install\drvnddm.sys --a---- 40480 bytes [18:56 22/11/2004] [18:56 22/11/2004] EE83A4EBAE70BC93CF14879D062F548B
C:\WINDOWS\system32\drivers\drvnddm.sys --a---- 40480 bytes [00:12 02/05/2006] [18:56 22/11/2004] EE83A4EBAE70BC93CF14879D062F548B

Searching for "APPDRV.SYS"
C:\i386\APPDRV.SYS --a---- 16128 bytes [08:05 06/05/2006] [08:50 12/08/2005] EC94E05B76D033B74394E7B2175103CF
C:\Program Files\Dell\NicConfigSvc\Appdrv.sys --a---- 16128 bytes [00:04 02/05/2006] [05:41 14/11/2005] EC94E05B76D033B74394E7B2175103CF
C:\WINDOWS\system32\drivers\APPDRV.SYS --a---- 16128 bytes [00:04 02/05/2006] [08:50 12/08/2005] EC94E05B76D033B74394E7B2175103CF

-= EOF =-

by **askey127** » October 29th, 2010, 8:53 pm

shauni_g,
Is there any reason why you have not Validated Windows yet?
Go to the Microsoft Diagnostics Site
Be sure to use Internet Explorer for this (not Firefox).
It's HERE
Click "Start Diagnostics" button. If it shows some items failed, follow the steps to fix it, and click "Try Again".

Then Please visit This website using Internet Explorer.
Follow the instructions to Validate Windows, then run MGADiag.exe again and post the new log in you're next reply.

Let me know how it goes.
askey127

by **shauni_g** » October 30th, 2010, 4:17 am

Sorry about that. I'm not sure why Windows was never validated but Office was, strange. Anyway I did what you instructed above and had no problems. Given what you mentioned about older versions of IE I also upgraded to IE8 before following the instructions in your previous post. Please find below the output from running MGADiag.exe this time.

Output from MGADiag.exe:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 76477-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.2.0.hom
ID: {89FA1877-A839-4291-836B-D39E5C3A1887}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Basic Edition 2003 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{89FA1877-A839-4291-836B-D39E5C3A1887}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>76477-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1618653696-4247087301-1619217388</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>MM061 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="4"/><Date>20060309000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>E5263ECF0184606E</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Inspiron I6400</name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91130409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Basic Edition 2003</Name><Ver>11</Ver><Val>2A93422C492971A</Val><Hash>4l6v1BSeLZeh72csltE+SL60eH8=</Hash><Pid>73102-OEM-5690994-38680</Pid><PidType>6</PidType></Product></Products><Applications><App Id="16" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 4000:Dell Inc|4000:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A

by **askey127** » October 30th, 2010, 8:08 am

shaun_g,
You're doing better.
Poker sites generally use tracking and distribute adware. They are sort of a gray area.
PokerStars has been found to be clean in the past. I have no recent data on Fulltiltpoker.
FulltiltPoker and some other poker sites don't allow their pointer links to resolve to an IP address, which is a non-standard bad practice.

Now about your machine:
Run a full scan with McAfee and have it remove anything it finds.

Next:
----------------------------------------------------------------------------------
Download SP3 and Burn the Image to a CD
It's a big download.
If you have a broadband connection, get the Windows XP Service Pack 3 download from here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=2fcde6ce-b5fb-4488-8c50-fe22559d164e&displaylang=en
It is an .iso image file, designed to be saved on your machine, then burned directly onto a CD using your CD burning software (You will need a blank CD-R disk. Sonic can make a CD from the iso image).
If that appears successful, unplug your internet connection, disable your Antivirus, and run Setup from the resulting CD.
It may take 1-2 hours to install.

You can also install it by making sure Automatic Updates is turned on in the Control panel, and letting it download itself. This may actually take a longer time, though.
The Automatic Updates function depends on whether it thinks your system is validated.
You need to be very determined to get it, however. Microsoft does not even support XP systems any longer unless they have SP3 installed.

If you make the CD, one of these two instructions can be used to disable McAfee, depending on whether you have just the Antivirus or the Suite"

DISABLE MCAFEE ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a sign.
right-click it -> choose "Exit."
a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.
The McAfee Guard is now disabled.

DISABLE MCAFEE SECURITY CENTER
Please navigate to the system tray and double-click the taskbar icon to open Security Center.
Click Advanced Menu (bottom mid-left).
Click Configure (left).
Click Computer & Files (top left).
VirusScan can be disabled in the right-hand module and set when it should resume or you can do that manually later on.
Do the same via Internet & Network for Firewall Plus.

Are you paying for McAfee, or are you getting a "freebie" from your Internet Provider, and is it up to date?

askey127

by **shauni_g** » November 1st, 2010, 4:08 am

Hi askey127,

I have performed a full scan with McAfee and it turned up nothing suspicious. I am paying for a subscription to McAfee for the full SecurityCenter suite of products and it has automatic updates turned on and it says that updates are current so it is up-to-date.

I upgraded to Windows SP3 and all seemed to go well.

What next?

Shaun

by **askey127** » November 1st, 2010, 8:12 am

shauni_g,
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and Run as Administrator in Vista)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
------------------------------------------------------------
Run MalwareBytes' Anti-Malware

Start Malwarebytes' Anti-Malware.
Click on The Update tab. Choose Check for Updates.
If an update is found, it will download and install the latest version.
If necessary, start Malwarebytes Anti-Malware again.
Once the program is running, select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
If it shows any malware items, Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
The log can also be found using the "Logs" tab in the program. You can click any log listed to open its contents.
Recent logs are named by time/date stamp in this format : mbam-log-2010-mm-dd(hour-min-sec).txt

.
askey127

by **shauni_g** » November 2nd, 2010, 7:13 am

Temp File Cleaner was downloaded and run successfully.

Find below the contents of the log file from the MalwareBytes scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5020

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/11/2010 10:11:06 PM
mbam-log-2010-11-02 (22-11-06).txt

Scan type: Quick scan
Objects scanned: 143218
Time elapsed: 12 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

by **askey127** » November 2nd, 2010, 8:04 am

shauni_g,
Your machine looks OK right now, insofar as malware is concerned.

A couple suggestions to secure it going forward:
------------------------------------------------
Reset System Restore Points

Click Start, All Programs, Accessories, System Tools, System Restore
Click Create A Restore Point then click Next. Give it a name and then click Create, then Close.
Click Start, Run and type Cleanmgr
Select the Windows drive (usually C:), then click OK.
After it scans, Click the More Options tab.
Click Clean Up in the System Restore Section.

This will remove all previous restore points except the newly created one.

Reboot your machine to record the changes you have made.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware or changes in the Restore settings.
-----------------------------------------------------------
Replace the Current HOSTS File with MVPs
You can read about HOSTS files here : http://www.mvps.org/winhelp2002/hosts.htm

Disable DNS Client Service. This is necessary when installing a large HOSTS file.
From Start, or Start, Run
Type services.msc in the box and hit <Enter>
Give permission to continue if necessary.
Scroll down to DNS Client on the list, Right Click it and choose Properties.
Under Service Status, click Stop. Wait until it reports the service stopped.
Under Startup Type, choose Disabled.
Then click Apply, OK
Use HostsXpert to Install the HOSTS File
Download HostsXpert and unzip (extract) it to your computer, somewhere where you can find it.
- Double click on HostsXpert.exe to launch the program. Give whatever Permissions are required.
- In the bottom half of the left pane, click on File Handling
- If the first button at the top is labeled Make Writeable?, click on it so the label changes to Make Read Only
- Click third button from the bottom, labeled Download. A couple new buttons will appear at the top.
- Click on the top button labeled MVPs Hosts and choose Replace
- When asked to verify if you want to Replace present Hosts file, click OK.
- When it finishes, click on File Handling again.
- Click the button at the top labeled Make Read Only, so the label changes to Make Writeable?
- Hit the X in the upper right corner to exit HostsXpert

You may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.
askey127

by **shauni_g** » November 4th, 2010, 6:22 am

Thanks for all the help askey127, that has reassured me, not to mention taught me a few valuable things. One more question: having installed the new HOSTS file do I now need to turn the DNS Client Service back on or should it remain stopped all the time now?

Thanks again,
Shaun

by **askey127** » November 4th, 2010, 6:45 am

No, DO NOT turn the DNS Client Service back on. You don't need it.
It needs to be OFF at all times while you have a large HOSTS file, or the reboot times and Internet access times will be very, very long.

by **muppy03** » November 8th, 2010, 4:25 am

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal

Free Malware Removal Forum

Possible malware problem with program called 'n'

Possible malware problem with program called 'n'

Re: Possible malware problem with program called 'n'

Re: Possible malware problem with program called 'n'

Re: Possible malware problem with program called 'n'

Re: Possible malware problem with program called 'n'

Re: Possible malware problem with program called 'n'

Re: Possible malware problem with program called 'n'

Re: Possible malware problem with program called 'n'

Re: Possible malware problem with program called 'n'

Re: Possible malware problem with program called 'n'

Re: Possible malware problem with program called 'n'

Re: Possible malware problem with program called 'n'

Re: Possible malware problem with program called 'n'

Re: Possible malware problem with program called 'n'

Re: Possible malware problem with program called 'n'

Who is online