Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Analysis of ComFix Log Please. Thank you.


  • This topic is locked This topic is locked
7 replies to this topic

#1 SusanFL

SusanFL

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 16 October 2011 - 07:28 PM

I had tried CCleaner, Malwarebytes, SuperAntispyware, TDSS Killer, HitMan Pro and Microsoft Software Scanner. No success in removing redirect virus. AVG is my normal virus protection which said I was clean throughout. SuperAntiSpyware caught some things but the redirect virus stayed.

I uninstalled all of them (I believe I did - hopefully no remnants remain).

At my wits end, I read about ComboFix in this forum and I ran it. I seem to be golden now. Here are the logs, so you can check for sure if everything is okay. I should say, all throughout nothing strange appeared on my Hijack This logs (I run them often when I'm clean just to have a comparison to when I'm not). My infected log matched my prior clean log. I can provide that too if you would like. I ran it in regular and in safe mode.

Here's my ComboFix log.

ComboFix 11-10-16.02 - The White Family 10/16/2011 19:50:41.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.677 [GMT -4:00]
Running from: c:\documents and settings\The White Family\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fhoggxm7.default\extensions\{6d28fc2f-39bb-4eea-8da1-0092b21c86d5}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fhoggxm7.default\extensions\{6d28fc2f-39bb-4eea-8da1-0092b21c86d5}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fhoggxm7.default\extensions\{6d28fc2f-39bb-4eea-8da1-0092b21c86d5}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fhoggxm7.default\extensions\{6d28fc2f-39bb-4eea-8da1-0092b21c86d5}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fhoggxm7.default\extensions\{6d28fc2f-39bb-4eea-8da1-0092b21c86d5}\install.rdf
c:\documents and settings\The White Family\Application Data\Mozilla\Firefox\Profiles\0nnm27l0.default\extensions\{6d28fc2f-39bb-4eea-8da1-0092b21c86d5}
c:\documents and settings\The White Family\Application Data\Mozilla\Firefox\Profiles\0nnm27l0.default\extensions\{6d28fc2f-39bb-4eea-8da1-0092b21c86d5}\chrome.manifest
c:\documents and settings\The White Family\Application Data\Mozilla\Firefox\Profiles\0nnm27l0.default\extensions\{6d28fc2f-39bb-4eea-8da1-0092b21c86d5}\chrome\xulcache.jar
c:\documents and settings\The White Family\Application Data\Mozilla\Firefox\Profiles\0nnm27l0.default\extensions\{6d28fc2f-39bb-4eea-8da1-0092b21c86d5}\defaults\preferences\xulcache.js
c:\documents and settings\The White Family\Application Data\Mozilla\Firefox\Profiles\0nnm27l0.default\extensions\{6d28fc2f-39bb-4eea-8da1-0092b21c86d5}\install.rdf
c:\documents and settings\The White Family\mvcgaxfaha.tmp
c:\documents and settings\The White Family\WINDOWS
c:\program files\GuffinsEI
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\User.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Legacy_NPF
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-15 23:07 . 2011-10-15 23:07 -------- d-----w- c:\program files\Symantec
2011-10-15 14:56 . 2011-10-15 15:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-15 14:23 . 2011-10-15 14:23 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-10-14 23:33 . 2011-10-14 23:33 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-10-14 23:28 . 2011-10-15 00:42 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-14 23:28 . 2011-10-14 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-10-14 22:07 . 2011-10-14 22:07 -------- d-----w- c:\documents and settings\The White Family\Application Data\SUPERAntiSpyware.com
2011-10-14 22:07 . 2011-10-14 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-07 23:59 . 2011-10-07 23:59 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-10-07 23:59 . 2011-10-14 01:36 -------- d-----w- c:\program files\AVG Secure Search
2011-10-07 23:57 . 2011-10-07 23:57 -------- d-----w- c:\documents and settings\The White Family\Application Data\AVG2012
2011-10-07 23:54 . 2011-10-15 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-10-06 00:54 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-06 00:54 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam(2).sys
2011-10-04 21:04 . 2011-10-04 21:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2011-09-26 15:41 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
2011-09-26 15:41 . 2011-09-26 15:41 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 15:41 . 2004-08-10 17:51 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-10 17:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 10:30 . 2010-09-07 07:48 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-10 17:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-10 17:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-10 17:51 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-10 17:50 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-08 10:08 . 2010-09-07 07:48 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-06-26 12:11 . 2011-05-25 12:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-31 24576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv434]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2 (0x2)
"MpfService"=2 (0x2)
"MDM"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3689:TCP"= 3689:TCP:iTunes Home Share
"5353:UDP"= 5353:UDP:iTunes Home Share
"67:UDP"= 67:UDP:DHCP Server
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10/7/2011 7:59 PM 246600]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 16720]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 srv434;srv434;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 1:51 PM 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/12/2011 5:09 PM 984392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srv434
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.15.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\The White Family\Application Data\Mozilla\Firefox\Profiles\0nnm27l0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10140
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbb0c57&v=7.008.031.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-NavLogon - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-16 19:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv434]
"servicedll"="\\?\globalroot\Device\HarddiskVolume2\DOCUME~1\THEWHI~1\LOCALS~1\Temp\srv434.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3656)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-10-16 20:07:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-17 00:07
.
Pre-Run: 14,763,397,120 bytes free
Post-Run: 15,759,204,352 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C849C56E01A78F8ADB342783EE72E180

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:14 PM

Posted 21 October 2011 - 09:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Before I suggest any remedial action I would like to see the result of these scans.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#3 SusanFL

SusanFL
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 21 October 2011 - 06:56 PM

Thank You. Your logs requested and zip file are included and attached.

TDSS log:

19:48:47.0390 0484 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
19:48:47.0796 0484 ============================================================
19:48:47.0796 0484 Current date / time: 2011/10/21 19:48:47.0796
19:48:47.0796 0484 SystemInfo:
19:48:47.0796 0484
19:48:47.0796 0484 OS Version: 5.1.2600 ServicePack: 3.0
19:48:47.0796 0484 Product type: Workstation
19:48:47.0796 0484 ComputerName: D453TPB1
19:48:47.0796 0484 UserName: The White Family
19:48:47.0796 0484 Windows directory: C:\WINDOWS
19:48:47.0796 0484 System windows directory: C:\WINDOWS
19:48:47.0796 0484 Processor architecture: Intel x86
19:48:47.0796 0484 Number of processors: 1
19:48:47.0796 0484 Page size: 0x1000
19:48:47.0796 0484 Boot type: Normal boot
19:48:47.0796 0484 ============================================================
19:48:49.0796 0484 Initialize success
19:48:53.0531 2676 ============================================================
19:48:53.0531 2676 Scan started
19:48:53.0531 2676 Mode: Manual;
19:48:53.0531 2676 ============================================================
19:48:54.0390 2676 Abiosdsk - ok
19:48:54.0812 2676 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:48:54.0843 2676 abp480n5 - ok
19:48:54.0953 2676 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:48:54.0968 2676 ACPI - ok
19:48:55.0062 2676 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:48:55.0078 2676 ACPIEC - ok
19:48:55.0171 2676 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:48:55.0187 2676 adpu160m - ok
19:48:55.0281 2676 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:48:55.0296 2676 aec - ok
19:48:55.0406 2676 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
19:48:55.0406 2676 Afc - ok
19:48:55.0515 2676 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:48:55.0515 2676 AFD - ok
19:48:55.0640 2676 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:48:55.0640 2676 agp440 - ok
19:48:55.0750 2676 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:48:55.0750 2676 agpCPQ - ok
19:48:55.0843 2676 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:48:55.0843 2676 Aha154x - ok
19:48:56.0125 2676 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:48:56.0140 2676 aic78u2 - ok
19:48:56.0203 2676 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:48:56.0203 2676 aic78xx - ok
19:48:56.0281 2676 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:48:56.0281 2676 AliIde - ok
19:48:56.0375 2676 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:48:56.0375 2676 alim1541 - ok
19:48:56.0421 2676 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:48:56.0421 2676 amdagp - ok
19:48:56.0484 2676 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:48:56.0500 2676 amsint - ok
19:48:56.0546 2676 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:48:56.0546 2676 asc - ok
19:48:56.0593 2676 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:48:56.0593 2676 asc3350p - ok
19:48:56.0671 2676 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:48:56.0687 2676 asc3550 - ok
19:48:56.0781 2676 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
19:48:56.0781 2676 ASCTRM - ok
19:48:56.0890 2676 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:48:56.0890 2676 AsyncMac - ok
19:48:56.0937 2676 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:48:56.0937 2676 atapi - ok
19:48:57.0000 2676 Atdisk - ok
19:48:57.0093 2676 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:48:57.0093 2676 Atmarpc - ok
19:48:57.0187 2676 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:48:57.0187 2676 audstub - ok
19:48:57.0250 2676 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
19:48:57.0250 2676 AVGIDSDriver - ok
19:48:57.0296 2676 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
19:48:57.0296 2676 AVGIDSEH - ok
19:48:57.0343 2676 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
19:48:57.0359 2676 AVGIDSFilter - ok
19:48:57.0406 2676 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
19:48:57.0406 2676 AVGIDSShim - ok
19:48:57.0453 2676 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:48:57.0468 2676 Avgldx86 - ok
19:48:57.0500 2676 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:48:57.0515 2676 Avgmfx86 - ok
19:48:57.0562 2676 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:48:57.0562 2676 Avgrkx86 - ok
19:48:57.0609 2676 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:48:57.0625 2676 Avgtdix - ok
19:48:57.0687 2676 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:48:57.0687 2676 Beep - ok
19:48:57.0734 2676 bvrp_pci - ok
19:48:57.0750 2676 catchme - ok
19:48:57.0781 2676 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:48:57.0781 2676 cbidf - ok
19:48:57.0812 2676 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:48:57.0812 2676 cbidf2k - ok
19:48:57.0890 2676 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:48:57.0890 2676 CCDECODE - ok
19:48:58.0046 2676 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:48:58.0046 2676 cd20xrnt - ok
19:48:58.0109 2676 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:48:58.0265 2676 Cdaudio - ok
19:48:58.0406 2676 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:48:58.0406 2676 Cdfs - ok
19:48:58.0515 2676 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:48:58.0515 2676 Cdrom - ok
19:48:58.0578 2676 Changer - ok
19:48:58.0687 2676 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:48:58.0687 2676 CmdIde - ok
19:48:58.0812 2676 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:48:58.0828 2676 Cpqarray - ok
19:48:58.0890 2676 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:48:58.0906 2676 dac2w2k - ok
19:48:59.0031 2676 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:48:59.0031 2676 dac960nt - ok
19:48:59.0187 2676 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:48:59.0187 2676 Disk - ok
19:48:59.0328 2676 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:48:59.0359 2676 dmboot - ok
19:48:59.0578 2676 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:48:59.0578 2676 dmio - ok
19:48:59.0796 2676 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:48:59.0812 2676 dmload - ok
19:48:59.0984 2676 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:48:59.0984 2676 DMusic - ok
19:49:00.0406 2676 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:49:00.0453 2676 dpti2o - ok
19:49:00.0671 2676 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:49:00.0671 2676 drmkaud - ok
19:49:00.0796 2676 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
19:49:00.0812 2676 DSproct - ok
19:49:00.0953 2676 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
19:49:00.0968 2676 dsunidrv - ok
19:49:01.0078 2676 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:49:01.0171 2676 E100B - ok
19:49:01.0328 2676 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:49:01.0343 2676 Fastfat - ok
19:49:01.0453 2676 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:49:01.0453 2676 Fdc - ok
19:49:01.0562 2676 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:49:01.0562 2676 Fips - ok
19:49:01.0656 2676 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:49:01.0656 2676 Flpydisk - ok
19:49:01.0750 2676 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:49:01.0750 2676 FltMgr - ok
19:49:01.0843 2676 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:49:01.0843 2676 Fs_Rec - ok
19:49:01.0937 2676 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:49:01.0937 2676 Ftdisk - ok
19:49:02.0031 2676 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:49:02.0031 2676 GearAspiWDM - ok
19:49:02.0125 2676 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:49:02.0140 2676 Gpc - ok
19:49:02.0218 2676 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:49:02.0218 2676 HidUsb - ok
19:49:02.0343 2676 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:49:02.0343 2676 hpn - ok
19:49:02.0437 2676 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
19:49:02.0484 2676 HSFHWBS2 - ok
19:49:02.0609 2676 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
19:49:02.0640 2676 HSF_DP - ok
19:49:02.0765 2676 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:49:02.0781 2676 HTTP - ok
19:49:02.0890 2676 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:49:02.0890 2676 i2omgmt - ok
19:49:02.0968 2676 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:49:02.0968 2676 i2omp - ok
19:49:03.0031 2676 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:49:03.0046 2676 i8042prt - ok
19:49:03.0125 2676 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:49:03.0156 2676 ialm - ok
19:49:03.0281 2676 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:49:03.0281 2676 Imapi - ok
19:49:03.0406 2676 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:49:03.0406 2676 ini910u - ok
19:49:03.0500 2676 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:49:03.0500 2676 IntelIde - ok
19:49:03.0593 2676 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:49:03.0609 2676 intelppm - ok
19:49:03.0687 2676 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:49:03.0687 2676 Ip6Fw - ok
19:49:03.0750 2676 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:49:03.0750 2676 IpFilterDriver - ok
19:49:03.0906 2676 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:49:03.0921 2676 IpInIp - ok
19:49:04.0171 2676 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:49:04.0359 2676 IpNat - ok
19:49:04.0546 2676 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:49:04.0546 2676 IPSec - ok
19:49:04.0578 2676 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:49:04.0578 2676 IRENUM - ok
19:49:04.0656 2676 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:49:04.0656 2676 isapnp - ok
19:49:04.0718 2676 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:49:04.0734 2676 Kbdclass - ok
19:49:04.0781 2676 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:49:04.0796 2676 kbdhid - ok
19:49:04.0843 2676 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:49:04.0859 2676 kmixer - ok
19:49:05.0015 2676 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:49:05.0046 2676 KSecDD - ok
19:49:05.0187 2676 Lbd - ok
19:49:05.0265 2676 lbrtfdc - ok
19:49:05.0390 2676 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:49:05.0390 2676 mdmxsdk - ok
19:49:05.0468 2676 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:49:05.0468 2676 mnmdd - ok
19:49:05.0546 2676 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:49:05.0546 2676 Modem - ok
19:49:05.0671 2676 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:49:05.0671 2676 MODEMCSA - ok
19:49:05.0781 2676 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:49:05.0781 2676 Mouclass - ok
19:49:05.0921 2676 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:49:05.0937 2676 MountMgr - ok
19:49:06.0078 2676 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:49:06.0078 2676 mraid35x - ok
19:49:06.0187 2676 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:49:06.0203 2676 MRxDAV - ok
19:49:06.0375 2676 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:49:06.0390 2676 MRxSmb - ok
19:49:06.0500 2676 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:49:06.0500 2676 Msfs - ok
19:49:06.0625 2676 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:49:06.0625 2676 MSKSSRV - ok
19:49:06.0718 2676 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:49:06.0734 2676 MSPCLOCK - ok
19:49:06.0812 2676 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:49:06.0843 2676 MSPQM - ok
19:49:07.0062 2676 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:49:07.0062 2676 mssmbios - ok
19:49:07.0203 2676 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:49:07.0203 2676 MSTEE - ok
19:49:07.0359 2676 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:49:07.0359 2676 Mup - ok
19:49:07.0468 2676 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:49:07.0468 2676 NABTSFEC - ok
19:49:07.0546 2676 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:49:07.0562 2676 NDIS - ok
19:49:07.0671 2676 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:49:07.0671 2676 NdisIP - ok
19:49:07.0796 2676 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:49:07.0796 2676 NdisTapi - ok
19:49:07.0875 2676 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:49:07.0875 2676 Ndisuio - ok
19:49:07.0937 2676 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:49:07.0953 2676 NdisWan - ok
19:49:08.0078 2676 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:49:08.0093 2676 NDProxy - ok
19:49:08.0203 2676 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:49:08.0218 2676 NetBIOS - ok
19:49:08.0312 2676 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:49:08.0328 2676 NetBT - ok
19:49:08.0531 2676 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:49:08.0546 2676 Npfs - ok
19:49:08.0656 2676 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:49:08.0890 2676 Ntfs - ok
19:49:09.0203 2676 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:49:09.0203 2676 Null - ok
19:49:09.0375 2676 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:49:09.0421 2676 nv - ok
19:49:09.0546 2676 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:49:09.0546 2676 NwlnkFlt - ok
19:49:09.0671 2676 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:49:09.0671 2676 NwlnkFwd - ok
19:49:09.0765 2676 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:49:09.0781 2676 Parport - ok
19:49:09.0859 2676 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:49:09.0859 2676 PartMgr - ok
19:49:09.0921 2676 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:49:09.0937 2676 ParVdm - ok
19:49:10.0015 2676 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:49:10.0015 2676 PCI - ok
19:49:10.0062 2676 PCIDump - ok
19:49:10.0156 2676 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:49:10.0156 2676 PCIIde - ok
19:49:10.0265 2676 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:49:10.0265 2676 Pcmcia - ok
19:49:10.0312 2676 PDCOMP - ok
19:49:10.0359 2676 PDFRAME - ok
19:49:10.0375 2676 PDRELI - ok
19:49:10.0390 2676 PDRFRAME - ok
19:49:10.0453 2676 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:49:10.0453 2676 perc2 - ok
19:49:10.0531 2676 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:49:10.0531 2676 perc2hib - ok
19:49:10.0656 2676 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:49:10.0656 2676 PptpMiniport - ok
19:49:10.0703 2676 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:49:10.0703 2676 PSched - ok
19:49:10.0750 2676 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:49:10.0750 2676 Ptilink - ok
19:49:10.0828 2676 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:49:10.0828 2676 PxHelp20 - ok
19:49:10.0890 2676 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:49:10.0890 2676 ql1080 - ok
19:49:11.0250 2676 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:49:11.0265 2676 Ql10wnt - ok
19:49:11.0375 2676 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:49:11.0390 2676 ql12160 - ok
19:49:11.0453 2676 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:49:11.0453 2676 ql1240 - ok
19:49:11.0515 2676 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:49:11.0531 2676 ql1280 - ok
19:49:11.0578 2676 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:49:11.0593 2676 RasAcd - ok
19:49:11.0687 2676 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:49:11.0687 2676 Rasl2tp - ok
19:49:11.0734 2676 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:49:11.0750 2676 RasPppoe - ok
19:49:11.0796 2676 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:49:11.0796 2676 Raspti - ok
19:49:11.0890 2676 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:49:11.0890 2676 Rdbss - ok
19:49:11.0937 2676 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:49:11.0937 2676 RDPCDD - ok
19:49:12.0031 2676 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:49:12.0031 2676 rdpdr - ok
19:49:12.0125 2676 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:49:12.0125 2676 RDPWD - ok
19:49:12.0234 2676 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:49:12.0250 2676 redbook - ok
19:49:12.0359 2676 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:49:12.0359 2676 Secdrv - ok
19:49:12.0468 2676 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
19:49:12.0500 2676 senfilt - ok
19:49:12.0593 2676 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:49:12.0609 2676 serenum - ok
19:49:12.0640 2676 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:49:12.0640 2676 Serial - ok
19:49:12.0687 2676 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:49:12.0687 2676 Sfloppy - ok
19:49:12.0750 2676 Simbad - ok
19:49:12.0812 2676 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:49:12.0812 2676 sisagp - ok
19:49:12.0906 2676 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:49:12.0906 2676 SLIP - ok
19:49:13.0015 2676 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
19:49:13.0031 2676 smwdm - ok
19:49:13.0140 2676 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:49:13.0140 2676 Sparrow - ok
19:49:13.0250 2676 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:49:13.0250 2676 splitter - ok
19:49:13.0359 2676 SQTECH905C (7724447e0bc2fa6d5a2e44c66ed770cf) C:\WINDOWS\system32\Drivers\Capt905c.sys
19:49:13.0375 2676 SQTECH905C - ok
19:49:13.0484 2676 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:49:13.0484 2676 sr - ok
19:49:13.0625 2676 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:49:13.0640 2676 Srv - ok
19:49:13.0765 2676 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:49:13.0765 2676 streamip - ok
19:49:13.0843 2676 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:49:13.0843 2676 swenum - ok
19:49:13.0937 2676 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:49:13.0937 2676 swmidi - ok
19:49:14.0046 2676 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:49:14.0046 2676 symc810 - ok
19:49:14.0109 2676 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:49:14.0109 2676 symc8xx - ok
19:49:14.0187 2676 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:49:14.0187 2676 sym_hi - ok
19:49:14.0234 2676 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:49:14.0234 2676 sym_u3 - ok
19:49:14.0328 2676 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:49:14.0343 2676 sysaudio - ok
19:49:14.0437 2676 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:49:14.0453 2676 Tcpip - ok
19:49:14.0531 2676 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:49:14.0531 2676 TDPIPE - ok
19:49:14.0609 2676 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:49:14.0609 2676 TDTCP - ok
19:49:14.0656 2676 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:49:14.0656 2676 TermDD - ok
19:49:14.0734 2676 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
19:49:14.0734 2676 TosIde - ok
19:49:14.0828 2676 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:49:14.0828 2676 Udfs - ok
19:49:14.0921 2676 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:49:14.0921 2676 ultra - ok
19:49:15.0031 2676 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:49:15.0046 2676 Update - ok
19:49:15.0125 2676 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:49:15.0140 2676 USBAAPL - ok
19:49:15.0234 2676 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:49:15.0234 2676 usbaudio - ok
19:49:15.0359 2676 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:49:15.0375 2676 usbccgp - ok
19:49:15.0468 2676 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:49:15.0484 2676 usbehci - ok
19:49:15.0546 2676 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:49:15.0593 2676 usbhub - ok
19:49:15.0687 2676 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:49:15.0687 2676 usbprint - ok
19:49:15.0750 2676 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:49:15.0750 2676 usbscan - ok
19:49:15.0796 2676 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:49:15.0796 2676 USBSTOR - ok
19:49:15.0968 2676 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:49:15.0968 2676 usbuhci - ok
19:49:16.0078 2676 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:49:16.0078 2676 usbvideo - ok
19:49:16.0187 2676 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:49:16.0187 2676 VgaSave - ok
19:49:16.0296 2676 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:49:16.0296 2676 viaagp - ok
19:49:16.0375 2676 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:49:16.0375 2676 ViaIde - ok
19:49:16.0468 2676 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:49:16.0468 2676 VolSnap - ok
19:49:16.0593 2676 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:49:16.0593 2676 Wanarp - ok
19:49:16.0640 2676 wanatw - ok
19:49:16.0718 2676 WDICA - ok
19:49:16.0812 2676 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:49:16.0812 2676 wdmaud - ok
19:49:16.0937 2676 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:49:16.0953 2676 winachsf - ok
19:49:17.0109 2676 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
19:49:17.0125 2676 WpdUsb - ok
19:49:17.0218 2676 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:49:17.0218 2676 WS2IFSL - ok
19:49:17.0328 2676 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:49:17.0328 2676 WSTCODEC - ok
19:49:17.0375 2676 MBR (0x1B8) (91722e6bc3a2b40ff00222dca4a3db3e) \Device\Harddisk0\DR0
19:49:17.0390 2676 \Device\Harddisk0\DR0 - ok
19:49:17.0406 2676 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR5
19:49:17.0421 2676 \Device\Harddisk1\DR5 - ok
19:49:17.0437 2676 Boot (0x1200) (bae33cb1bb1963d2c90467a5496e909a) \Device\Harddisk0\DR0\Partition0
19:49:17.0437 2676 \Device\Harddisk0\DR0\Partition0 - ok
19:49:17.0468 2676 Boot (0x1200) (80b1fef73a3694aa88eb587ea970d8d7) \Device\Harddisk0\DR0\Partition1
19:49:17.0468 2676 \Device\Harddisk0\DR0\Partition1 - ok
19:49:17.0468 2676 Boot (0x1200) (fa438d3adae23d40b6abef8af062316b) \Device\Harddisk1\DR5\Partition0
19:49:17.0468 2676 \Device\Harddisk1\DR5\Partition0 - ok
19:49:17.0484 2676 ============================================================
19:49:17.0484 2676 Scan finished
19:49:17.0484 2676 ============================================================
19:49:17.0500 3200 Detected object count: 0
19:49:17.0500 3200 Actual detected object count: 0

- - Avast log --

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-21 19:16:04
-----------------------------
19:16:04.062 OS Version: Windows 5.1.2600 Service Pack 3
19:16:04.062 Number of processors: 1 586 0x409
19:16:04.062 ComputerName: D453TPB1 UserName:
19:16:05.312 Initialize success
19:25:44.250 AVAST engine defs: 11102101
19:26:17.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:26:17.890 Disk 0 Vendor: SAMSUNG_SP0802N/P TK300-08 Size: 76293MB BusType: 3
19:26:19.921 Disk 0 MBR read successfully
19:26:19.921 Disk 0 MBR scan
19:26:19.953 Disk 0 unknown MBR code
19:26:19.968 Disk 0 scanning sectors +156232125
19:26:20.046 Disk 0 scanning C:\WINDOWS\system32\drivers
19:26:42.812 Service scanning
19:26:44.218 Modules scanning
19:26:50.781 Disk 0 trace - called modules:
19:26:50.796 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
19:26:50.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a28dab8]
19:26:50.796 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a29eb00]
19:26:51.656 AVAST engine scan C:\WINDOWS
19:27:04.531 AVAST engine scan C:\WINDOWS\system32
19:30:11.250 AVAST engine scan C:\WINDOWS\system32\drivers
19:30:34.687 AVAST engine scan C:\Documents and Settings\The White Family
19:41:05.984 AVAST engine scan C:\Documents and Settings\All Users
19:45:27.718 Scan finished successfully
- - -
zip file attached.

Thank you.

Attached Files

  • Attached File  MBR.zip   588bytes   1 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:14 PM

Posted 22 October 2011 - 09:25 AM

You are cleared to run this tool.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

#5 SusanFL

SusanFL
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 22 October 2011 - 07:55 PM

ComboFix 11-10-21.06 - The White Family 10/22/2011 20:31:32.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.821 [GMT -4:00]
Running from: c:\documents and settings\The White Family\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\help\tours\htmltour\unlock_playing.htm
.
.
((((((((((((((((((((((((( Files Created from 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 15:41 . 2004-08-10 17:51 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-10 17:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 10:30 . 2010-09-07 07:48 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-10 17:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-10 17:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-10 17:51 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-10 17:50 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-08 10:08 . 2010-09-07 07:48 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-06-26 12:11 . 2011-05-25 12:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-16_23.59.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-23 00:37 . 2011-10-23 00:37 16384 c:\windows\Temp\Perflib_Perfdata_e48.dat
+ 2011-10-23 00:40 . 2011-10-23 00:40 16384 c:\windows\Temp\Perflib_Perfdata_154.dat
+ 2011-10-18 22:31 . 2011-10-18 22:31 2185216 c:\windows\Installer\5100b93.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-31 24576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv434]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2 (0x2)
"MpfService"=2 (0x2)
"MDM"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3689:TCP"= 3689:TCP:iTunes Home Share
"5353:UDP"= 5353:UDP:iTunes Home Share
"67:UDP"= 67:UDP:DHCP Server
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10/7/2011 7:59 PM 246600]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 16720]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 srv434;srv434;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 1:51 PM 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/12/2011 5:09 PM 984392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srv434
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.15.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\The White Family\Application Data\Mozilla\Firefox\Profiles\0nnm27l0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10140
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbb0c57&v=7.008.031.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-22 20:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv434]
"servicedll"="\\?\globalroot\Device\HarddiskVolume2\DOCUME~1\THEWHI~1\LOCALS~1\Temp\srv434.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3380)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-10-22 20:51:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-23 00:50
ComboFix2.txt 2011-10-17 00:07
.
Pre-Run: 15,339,479,040 bytes free
Post-Run: 15,515,992,064 bytes free
.
- - End Of File - - 2F84AC78256393F5CC5BB10F99A1EF14

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:14 PM

Posted 23 October 2011 - 09:15 AM

Open notepad and copy/paste the text in the quote box below into it:

Driver::
srv434

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv434]



Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#7 SusanFL

SusanFL
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 23 October 2011 - 03:44 PM

Here are the logs. I think everything seems fine but I see that my Java and Flash aare not up to date. Could this be the problem? Firefox makes updating these things a pain.

ComboFix 11-10-21.06 - The White Family 10/23/2011 16:20:01.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.678 [GMT -4:00]
Running from: c:\documents and settings\The White Family\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\The White Family\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRV434
-------\Service_srv434
.
.
((((((((((((((((((((((((( Files Created from 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))))
.
.
2011-10-23 20:31 . 2011-10-23 20:31 -------- d-----w- C:\32788R22FWJFW
2011-10-15 23:07 . 2011-10-15 23:07 -------- d-----w- c:\program files\Symantec
2011-10-15 14:23 . 2011-10-15 14:23 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-10-14 23:33 . 2011-10-14 23:33 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-10-14 23:28 . 2011-10-15 00:42 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-14 23:28 . 2011-10-14 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-10-14 22:07 . 2011-10-14 22:07 -------- d-----w- c:\documents and settings\The White Family\Application Data\SUPERAntiSpyware.com
2011-10-14 22:07 . 2011-10-14 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-07 23:59 . 2011-10-07 23:59 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-10-07 23:59 . 2011-10-14 01:36 -------- d-----w- c:\program files\AVG Secure Search
2011-10-07 23:57 . 2011-10-07 23:57 -------- d-----w- c:\documents and settings\The White Family\Application Data\AVG2012
2011-10-07 23:54 . 2011-10-15 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-10-06 00:54 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam(2).sys
2011-10-04 21:04 . 2011-10-04 21:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2011-09-26 15:41 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
2011-09-26 15:41 . 2011-09-26 15:41 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 15:41 . 2004-08-10 17:51 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-10 17:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 10:30 . 2010-09-07 07:48 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-10 17:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-10 17:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-10 17:51 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-10 17:50 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-08 10:08 . 2010-09-07 07:48 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-06-26 12:11 . 2011-05-25 12:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-16_23.59.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-23 20:27 . 2011-10-23 20:27 16384 c:\windows\Temp\Perflib_Perfdata_afc.dat
+ 2011-10-23 20:30 . 2011-10-23 20:30 16384 c:\windows\Temp\Perflib_Perfdata_164.dat
+ 2011-10-18 22:31 . 2011-10-18 22:31 2185216 c:\windows\Installer\5100b93.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-31 24576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2 (0x2)
"MpfService"=2 (0x2)
"MDM"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3689:TCP"= 3689:TCP:iTunes Home Share
"5353:UDP"= 5353:UDP:iTunes Home Share
"67:UDP"= 67:UDP:DHCP Server
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10/7/2011 7:59 PM 246600]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 16720]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/12/2011 5:09 PM 984392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.15.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\The White Family\Application Data\Mozilla\Firefox\Profiles\0nnm27l0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10140
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbb0c57&v=7.008.031.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-23 16:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3172)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-10-23 16:36:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-23 20:36
ComboFix2.txt 2011-10-23 00:51
ComboFix3.txt 2011-10-17 00:07
.
Pre-Run: 15,495,430,144 bytes free
Post-Run: 15,562,878,976 bytes free
.
- - End Of File - - 4C509F91C94435B8C87B50242D2E6A8F
- - - -
Checkup log, next:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
```````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
Java™ 6 Update 21
Out of date Java installed!
Adobe Flash Player ( 10.2.159.1) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:14 PM

Posted 24 October 2011 - 08:37 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


list....

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Adobe Flash Player 11.0.1.152

Flash Player 11.0.1.152

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Let me know of the difficulties you are having while trying to update these programs.
===

You can remove ComboFix.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users