Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection? (GameVance)


  • Please log in to reply
11 replies to this topic

#1 nearfantastica

nearfantastica

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 14 January 2012 - 08:19 PM

I'm trying to clean up my parent's computer (it is really slow) so I've run some scans. ESET picked up the following:

C:\Users\Kathy\AppData\Local\Temp\m_gXVc4O.exe.part
a variant of Win32/Adware.Gamevance.AF application
cleaned by deleting - quarantined

It looks like this was just adware. I think part of the reason why the computer is slow is because they only have 1 GB of memory and are running Windows Vista. I ran CCleaner and TFC earlier and cleared up about 8 GB of disk space, but I wanted to make sure there aren't any other hidden viruses or malware. If someone could please look through the logs and let me know if there is anything else I should clean up or remove, I'd really appreciate it! Here are the DDS and GMER logs:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_29
Run by Kathy at 19:09:41 on 2012-01-14
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.958.225 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\dlbtcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.rr.com/browsers/redirect/?b=RRHSO_BLD1&CMP=OTC-RRHSO_BLD1HPRR&d=homerr
uWindow Title = Windows Internet Explorer provided by Road Runner High Speed Online
uDefault_Page_URL = hxxp://www.rr.com/browsers/redirect/?b=RRHSO_BLD1&CMP=OTC-RRHSO_BLD1HPRR&d=homerr
mStart Page = hxxp://www.rr.com/browsers/redirect/?b=RRHSO_BLD1&CMP=OTC-RRHSO_BLD1HPRR&d=homerr
mDefault_Page_URL = hxxp://www.rr.com/browsers/redirect/?b=RRHSO_BLD1&CMP=OTC-RRHSO_BLD1HPRR&d=homerr
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Road Runner PhotoShow Media Manager] c:\progra~1\roadru~1\photos~1\data\xtras\mssysmgr.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\PhotoDownloader.exe
mRun: [<NO NAME>]
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [dlbtmon.exe] "c:\program files\dell photo aio printer 922\dlbtmon.exe"
mRun: [Performance Center] c:\program files\ascentive\performance center\APCMain.exe -m
mRun: [jswtrayutil] "c:\program files\netgear\wna1100\jswtrayutil.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7F9A41FD-478D-4F5C-9E41-7CD27476CEC1} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D8BD712E-E4A5-4507-AFE1-0A0DF3D92BE9} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kathy\appdata\roaming\mozilla\firefox\profiles\8flhhrgj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.rr.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4ded6606&i=23&tp=ab&nt=1&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-28 28544]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2010-8-22 21728]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2010-8-22 20384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2010-8-22 278528]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2010-8-22 1384448]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2010-8-22 954368]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-14 23:10:32 -------- d-----w- c:\program files\CCleaner
2012-01-13 21:23:40 -------- d-----w- c:\users\kathy\appdata\roaming\ZoomBrowser EX
2012-01-13 21:16:56 -------- d-----w- c:\users\kathy\appdata\roaming\CANON INC
2012-01-13 20:51:35 -------- d-----w- c:\programdata\ZoomBrowser
2012-01-13 20:50:33 -------- d-----w- c:\program files\Canon
2012-01-13 20:47:24 -------- d-----w- c:\program files\common files\Canon
2012-01-09 00:23:21 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-09 00:23:21 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-09 00:23:21 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-09 00:23:20 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2011-12-31 20:56:57 388608 ----a-w- c:\program files\HijackThis.exe
.
==================== Find3M ====================
.
2009-01-27 23:01:45 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 19:11:29.63 ===============




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-14 20:06:11
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\0000005a HDS72808 rev.PF2O
Running: gmer.exe; Driver: C:\Users\Kathy\AppData\Local\Temp\kgloqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9B2807A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9B280848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9B2808E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9B280980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 624 81CEDC48 4 Bytes [A0, 07, 28, 9B]
.text ntkrnlpa.exe!KeSetTimerEx + 854 81CEDE78 8 Bytes [48, 08, 28, 9B, E4, 08, 28, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 8B4 81CEDED8 4 Bytes [80, 09, 28, 9B] {OR BYTE [ECX], 0x28; WAIT }
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8A204340, 0x2926E7, 0xE8000020]
? C:\Users\Kathy\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[4156] ntdll.dll!LdrLoadDll 773279B3 5 Bytes JMP 66EAB750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5448] USER32.dll!GetWindowInfo 75720560 5 Bytes JMP 6702C909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5448] USER32.dll!SetWindowLongA 75720736 5 Bytes JMP 67283A89 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5448] USER32.dll!SetWindowLongW 75721F35 5 Bytes JMP 67283A1B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5448] USER32.dll!TrackPopupMenu 75731417 5 Bytes JMP 6702CEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 PM

Posted 20 January 2012 - 08:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/438144 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nearfantastica

nearfantastica
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 21 January 2012 - 11:15 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_29
Run by Kathy at 22:01:02 on 2012-01-21
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.958.420 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\dlbtcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.rr.com/browsers/redirect/?b=RRHSO_BLD1&CMP=OTC-RRHSO_BLD1HPRR&d=homerr
uWindow Title = Windows Internet Explorer provided by Road Runner High Speed Online
uDefault_Page_URL = hxxp://www.rr.com/browsers/redirect/?b=RRHSO_BLD1&CMP=OTC-RRHSO_BLD1HPRR&d=homerr
mStart Page = hxxp://www.rr.com/browsers/redirect/?b=RRHSO_BLD1&CMP=OTC-RRHSO_BLD1HPRR&d=homerr
mDefault_Page_URL = hxxp://www.rr.com/browsers/redirect/?b=RRHSO_BLD1&CMP=OTC-RRHSO_BLD1HPRR&d=homerr
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Road Runner PhotoShow Media Manager] c:\progra~1\roadru~1\photos~1\data\xtras\mssysmgr.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\PhotoDownloader.exe
mRun: [<NO NAME>]
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [dlbtmon.exe] "c:\program files\dell photo aio printer 922\dlbtmon.exe"
mRun: [Performance Center] c:\program files\ascentive\performance center\APCMain.exe -m
mRun: [jswtrayutil] "c:\program files\netgear\wna1100\jswtrayutil.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7F9A41FD-478D-4F5C-9E41-7CD27476CEC1} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D8BD712E-E4A5-4507-AFE1-0A0DF3D92BE9} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kathy\appdata\roaming\mozilla\firefox\profiles\8flhhrgj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.rr.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4ded6606&i=23&tp=ab&nt=1&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-28 28544]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2010-8-22 21728]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2010-8-22 20384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2010-8-22 1384448]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2010-8-22 954368]
.
=============== Created Last 30 ================
.
2012-01-14 23:10:32 -------- d-----w- c:\program files\CCleaner
2012-01-13 21:23:40 -------- d-----w- c:\users\kathy\appdata\roaming\ZoomBrowser EX
2012-01-13 21:16:56 -------- d-----w- c:\users\kathy\appdata\roaming\CANON INC
2012-01-13 20:51:35 -------- d-----w- c:\programdata\ZoomBrowser
2012-01-13 20:50:33 -------- d-----w- c:\program files\Canon
2012-01-13 20:47:24 -------- d-----w- c:\program files\common files\Canon
2012-01-09 00:23:21 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-09 00:23:21 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-09 00:23:21 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-09 00:23:20 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2011-12-31 20:56:57 388608 ----a-w- c:\program files\HijackThis.exe
.
==================== Find3M ====================
.
2009-01-27 23:01:45 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 22:03:00.69 ===============



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-21 23:13:34
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\0000005a HDS72808 rev.PF2O
Running: gmer.exe; Driver: C:\Users\Kathy\AppData\Local\Temp\kgloqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9B0D47A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9B0D4848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9B0D48E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9B0D4980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 624 81CC5C48 4 Bytes [A0, 47, 0D, 9B]
.text ntkrnlpa.exe!KeSetTimerEx + 854 81CC5E78 8 Bytes [48, 48, 0D, 9B, E4, 48, 0D, ...] {DEC EAX; DEC EAX; OR EAX, 0xd48e49b; WAIT }
.text ntkrnlpa.exe!KeSetTimerEx + 8B4 81CC5ED8 4 Bytes CALL 8F15DF5E
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x89C03340, 0x2926E7, 0xE8000020]
? C:\Users\Kathy\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Processes - GMER 1.0.15 ----

Process hidden process (*** hidden *** ) 556
Process hidden process (*** hidden *** ) 1436
Process hidden process (*** hidden *** ) 1524
Process hidden process (*** hidden *** ) 1576
Process hidden process (*** hidden *** ) 30276
Process hidden process (*** hidden *** ) 31324

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  ark.txt   4.51KB   0 downloads

Edited by nearfantastica, 21 January 2012 - 11:16 PM.


#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:42 PM

Posted 22 January 2012 - 09:04 AM

hi,

I think part of the reason why the computer is slow is because they only have 1 GB of memory

And the OS itself will require some of the 1GB.

We will get a download to start with, which you can keep and use as a anti-malware app then go from there.

Please download the free version of Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

How Can I Reduce My Risk to Malware?


#5 nearfantastica

nearfantastica
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 22 January 2012 - 07:11 PM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.22.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Kathy :: KATHY-PC [administrator]

1/22/2012 5:08:42 PM
mbam-log-2012-01-22 (17-08-42).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 361469
Time elapsed: 1 hour(s), 56 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:42 PM

Posted 22 January 2012 - 08:54 PM

Thats a good start. One more download as another check for malware. Its called combofix. There is a guide to read first. Read through the guide then apply the directions on the machine. Lets see if that digs up anything. Post the log;

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#7 nearfantastica

nearfantastica
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 23 January 2012 - 06:13 PM

Just to mention.... I disabled AVG before running combofix, but the longest I could disable it for was 15 minutes. The scan took a bit longer than that. Towards the end of the scan, AVG warned me about the following file:

C:\COMBOFIX\REGT.3XE

I allowed it because of the name having something to do with combofix. I hope this is okay!


ComboFix 12-01-23.02 - Kathy 01/23/2012 17:43:29.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.958.389 [GMT -5:00]
Running from: c:\users\Kathy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kathy\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
c:\users\Kathy\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 )))))))))))))))))))))))))))))))
.
.
2012-01-23 22:55 . 2012-01-23 22:56 -------- d-----w- c:\users\Kathy\AppData\Local\temp
2012-01-23 22:55 . 2012-01-23 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-14 23:10 . 2012-01-14 23:10 -------- d-----w- c:\program files\CCleaner
2012-01-13 21:23 . 2012-01-21 15:51 -------- d-----w- c:\users\Kathy\AppData\Roaming\ZoomBrowser EX
2012-01-13 21:16 . 2012-01-13 21:16 -------- d-----w- c:\users\Kathy\AppData\Roaming\CANON INC
2012-01-13 20:51 . 2012-01-13 20:51 -------- d-----w- c:\programdata\ZoomBrowser
2012-01-13 20:50 . 2012-01-13 20:52 -------- d-----w- c:\program files\Canon
2012-01-13 20:47 . 2012-01-13 20:47 -------- d-----w- c:\program files\Common Files\Canon
2012-01-09 00:23 . 2012-01-09 00:23 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-09 00:23 . 2012-01-09 00:23 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-09 00:23 . 2012-01-09 00:23 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-09 00:23 . 2012-01-09 00:23 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-31 20:56 . 2011-12-31 20:57 388608 ----a-w- c:\program files\HijackThis.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2010-11-28 01:00 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-01-27 23:01 . 2009-01-27 23:01 774144 ----a-w- c:\program files\RngInterstitial.dll
2012-01-09 00:23 . 2011-11-10 21:33 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-12 73728]
"dlbtmon.exe"="c:\program files\Dell Photo AIO Printer 922\dlbtmon.exe" [2007-02-28 431600]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-08 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-08 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-08 81920]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-2-12 45056]
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2010-8-22 4562944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-23 c:\windows\Tasks\User_Feed_Synchronization-{3D784BF5-3F70-43C8-AEC5-32F88F4B4CE3}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/browsers/redirect/?b=RRHSO_BLD1&CMP=OTC-RRHSO_BLD1HPRR&d=homerr
mStart Page = hxxp://www.rr.com/browsers/redirect/?b=RRHSO_BLD1&CMP=OTC-RRHSO_BLD1HPRR&d=homerr
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
FF - ProfilePath - c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\8flhhrgj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.rr.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4ded6606&i=23&tp=ab&nt=1&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKCU-Run-Road Runner PhotoShow Media Manager - c:\progra~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe
HKLM-Run-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
HKLM-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
HKLM-Run-jswtrayutil - c:\program files\NETGEAR\WNA1100\jswtrayutil.exe
HKLM-Run-SigmatelSysTrayApp - sttray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-23 17:56
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-23 18:07:22
ComboFix-quarantined-files.txt 2012-01-23 23:07
.
Pre-Run: 30,666,780,672 bytes free
Post-Run: 30,498,672,640 bytes free
.
- - End Of File - - ACAD0EA2A714D700A566D718C46985B8

#8 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:42 PM

Posted 23 January 2012 - 09:13 PM

ok thanks for the info. Some AV products will flag the tools used in combofix. The log looks fine. Lets get one more download as a check for malware. Its called Tdsskiller:

Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. After it initializes click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk © as TDSSKiller.2.4.2.1_11.08.2010_17.32.21_log.txt (name, version, date, time)
Please post the log report

How Can I Reduce My Risk to Malware?


#9 nearfantastica

nearfantastica
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 24 January 2012 - 11:06 PM

23:04:41.0146 60424 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
23:04:41.0567 60424 ============================================================
23:04:41.0567 60424 Current date / time: 2012/01/24 23:04:41.0567
23:04:41.0567 60424 SystemInfo:
23:04:41.0567 60424
23:04:41.0567 60424 OS Version: 6.0.6001 ServicePack: 1.0
23:04:41.0567 60424 Product type: Workstation
23:04:41.0567 60424 ComputerName: KATHY-PC
23:04:41.0567 60424 UserName: Kathy
23:04:41.0567 60424 Windows directory: C:\Windows
23:04:41.0567 60424 System windows directory: C:\Windows
23:04:41.0567 60424 Processor architecture: Intel x86
23:04:41.0567 60424 Number of processors: 1
23:04:41.0567 60424 Page size: 0x1000
23:04:41.0567 60424 Boot type: Normal boot
23:04:41.0567 60424 ============================================================
23:04:43.0221 60424 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:04:43.0392 60424 Initialize success
23:04:47.0074 60704 ============================================================
23:04:47.0074 60704 Scan started
23:04:47.0074 60704 Mode: Manual;
23:04:47.0074 60704 ============================================================
23:04:48.0650 60704 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
23:04:48.0712 60704 ACPI - ok
23:04:49.0008 60704 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
23:04:49.0055 60704 adp94xx - ok
23:04:49.0336 60704 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
23:04:49.0352 60704 adpahci - ok
23:04:49.0476 60704 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
23:04:49.0508 60704 adpu160m - ok
23:04:49.0757 60704 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
23:04:49.0804 60704 adpu320 - ok
23:04:50.0100 60704 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
23:04:50.0116 60704 AFD - ok
23:04:50.0381 60704 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
23:04:50.0412 60704 agp440 - ok
23:04:50.0662 60704 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:04:50.0709 60704 aic78xx - ok
23:04:50.0834 60704 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
23:04:50.0849 60704 aliide - ok
23:04:50.0974 60704 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
23:04:50.0974 60704 amdagp - ok
23:04:51.0177 60704 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
23:04:51.0177 60704 amdide - ok
23:04:51.0348 60704 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
23:04:51.0364 60704 AmdK7 - ok
23:04:51.0489 60704 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
23:04:51.0520 60704 AmdK8 - ok
23:04:51.0801 60704 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
23:04:51.0863 60704 arc - ok
23:04:52.0019 60704 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
23:04:52.0019 60704 arcsas - ok
23:04:52.0253 60704 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:04:52.0269 60704 AsyncMac - ok
23:04:52.0316 60704 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys
23:04:52.0347 60704 atapi - ok
23:04:52.0877 60704 athur (3efbcc92721a1ceaf7da6bda02e81366) C:\Windows\system32\DRIVERS\athur.sys
23:04:53.0080 60704 athur - ok
23:04:53.0345 60704 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
23:04:53.0408 60704 AVGIDSDriver - ok
23:04:53.0720 60704 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
23:04:53.0720 60704 AVGIDSEH - ok
23:04:53.0969 60704 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
23:04:53.0969 60704 AVGIDSFilter - ok
23:04:54.0094 60704 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
23:04:54.0094 60704 AVGIDSShim - ok
23:04:54.0156 60704 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
23:04:54.0172 60704 Avgldx86 - ok
23:04:54.0234 60704 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
23:04:54.0234 60704 Avgmfx86 - ok
23:04:54.0281 60704 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
23:04:54.0281 60704 Avgrkx86 - ok
23:04:54.0328 60704 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
23:04:54.0344 60704 Avgtdix - ok
23:04:54.0406 60704 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
23:04:54.0406 60704 bcm4sbxp - ok
23:04:54.0484 60704 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:04:54.0484 60704 Beep - ok
23:04:54.0562 60704 blbdrive - ok
23:04:54.0593 60704 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
23:04:54.0609 60704 bowser - ok
23:04:54.0656 60704 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:04:54.0671 60704 BrFiltLo - ok
23:04:54.0671 60704 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:04:54.0687 60704 BrFiltUp - ok
23:04:54.0749 60704 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:04:54.0749 60704 Brserid - ok
23:04:54.0780 60704 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:04:54.0780 60704 BrSerWdm - ok
23:04:54.0812 60704 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:04:54.0812 60704 BrUsbMdm - ok
23:04:54.0890 60704 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:04:54.0890 60704 BrUsbSer - ok
23:04:54.0952 60704 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:04:54.0968 60704 BTHMODEM - ok
23:04:55.0030 60704 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
23:04:55.0030 60704 BVRPMPR5 - ok
23:04:55.0108 60704 catchme - ok
23:04:55.0202 60704 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:04:55.0217 60704 cdfs - ok
23:04:55.0264 60704 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
23:04:55.0264 60704 cdrom - ok
23:04:55.0326 60704 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
23:04:55.0326 60704 circlass - ok
23:04:55.0404 60704 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
23:04:55.0420 60704 CLFS - ok
23:04:55.0451 60704 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
23:04:55.0451 60704 cmdide - ok
23:04:55.0482 60704 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
23:04:55.0498 60704 Compbatt - ok
23:04:55.0514 60704 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
23:04:55.0529 60704 crcdisk - ok
23:04:55.0748 60704 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
23:04:55.0763 60704 Crusoe - ok
23:04:55.0919 60704 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
23:04:55.0919 60704 DfsC - ok
23:04:56.0013 60704 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
23:04:56.0013 60704 disk - ok
23:04:56.0091 60704 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\Windows\system32\DLA\DLABMFSM.SYS
23:04:56.0106 60704 DLABMFSM - ok
23:04:56.0138 60704 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\Windows\system32\DLA\DLABOIOM.SYS
23:04:56.0153 60704 DLABOIOM - ok
23:04:56.0184 60704 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
23:04:56.0200 60704 DLACDBHM - ok
23:04:56.0216 60704 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\Windows\system32\DLA\DLADResM.SYS
23:04:56.0231 60704 DLADResM - ok
23:04:56.0247 60704 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\Windows\system32\DLA\DLAIFS_M.SYS
23:04:56.0247 60704 DLAIFS_M - ok
23:04:56.0309 60704 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\Windows\system32\DLA\DLAOPIOM.SYS
23:04:56.0309 60704 DLAOPIOM - ok
23:04:56.0325 60704 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\Windows\system32\DLA\DLAPoolM.SYS
23:04:56.0340 60704 DLAPoolM - ok
23:04:56.0372 60704 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\Windows\system32\Drivers\DLARTL_M.SYS
23:04:56.0372 60704 DLARTL_M - ok
23:04:56.0387 60704 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\Windows\system32\DLA\DLAUDFAM.SYS
23:04:56.0387 60704 DLAUDFAM - ok
23:04:56.0403 60704 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\Windows\system32\DLA\DLAUDF_M.SYS
23:04:56.0418 60704 DLAUDF_M - ok
23:04:56.0512 60704 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:04:56.0528 60704 drmkaud - ok
23:04:56.0590 60704 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
23:04:56.0606 60704 DRVMCDB - ok
23:04:56.0621 60704 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
23:04:56.0637 60704 DRVNDDM - ok
23:04:56.0746 60704 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
23:04:56.0777 60704 DSproct - ok
23:04:56.0808 60704 dsunidrv (64fa28c15dd71a80bef3527e1ef07df6) C:\Program Files\DellSupport\Drivers\dsunidrv.sys
23:04:56.0808 60704 dsunidrv - ok
23:04:56.0949 60704 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
23:04:56.0980 60704 DXGKrnl - ok
23:04:57.0120 60704 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
23:04:57.0120 60704 e1express - ok
23:04:57.0183 60704 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:04:57.0198 60704 E1G60 - ok
23:04:57.0276 60704 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
23:04:57.0292 60704 Ecache - ok
23:04:57.0417 60704 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
23:04:57.0448 60704 elxstor - ok
23:04:57.0807 60704 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
23:04:57.0807 60704 exfat - ok
23:04:57.0963 60704 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
23:04:57.0978 60704 fastfat - ok
23:04:58.0056 60704 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
23:04:58.0072 60704 fdc - ok
23:04:58.0197 60704 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:04:58.0212 60704 FileInfo - ok
23:04:58.0337 60704 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:04:58.0337 60704 Filetrace - ok
23:04:58.0446 60704 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
23:04:58.0446 60704 flpydisk - ok
23:04:58.0556 60704 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
23:04:58.0571 60704 FltMgr - ok
23:04:58.0805 60704 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:04:58.0821 60704 Fs_Rec - ok
23:04:59.0086 60704 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
23:04:59.0102 60704 gagp30kx - ok
23:04:59.0382 60704 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
23:04:59.0414 60704 HdAudAddService - ok
23:04:59.0616 60704 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:04:59.0632 60704 HDAudBus - ok
23:04:59.0741 60704 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:04:59.0757 60704 HidBth - ok
23:04:59.0835 60704 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:04:59.0835 60704 HidIr - ok
23:04:59.0991 60704 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
23:04:59.0991 60704 HidUsb - ok
23:05:00.0084 60704 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
23:05:00.0100 60704 HpCISSs - ok
23:05:00.0225 60704 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:05:00.0256 60704 HSF_DPV - ok
23:05:00.0381 60704 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
23:05:00.0396 60704 HSXHWBS2 - ok
23:05:00.0646 60704 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
23:05:00.0677 60704 HTTP - ok
23:05:00.0896 60704 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
23:05:00.0911 60704 i2omp - ok
23:05:01.0161 60704 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:05:01.0161 60704 i8042prt - ok
23:05:01.0239 60704 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
23:05:01.0286 60704 iaStorV - ok
23:05:01.0488 60704 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:05:01.0504 60704 iirsp - ok
23:05:01.0566 60704 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
23:05:01.0566 60704 intelide - ok
23:05:01.0769 60704 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
23:05:01.0769 60704 intelppm - ok
23:05:01.0878 60704 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:05:01.0878 60704 IpFilterDriver - ok
23:05:02.0034 60704 IpInIp - ok
23:05:02.0128 60704 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
23:05:02.0144 60704 IPMIDRV - ok
23:05:02.0315 60704 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:05:02.0315 60704 IPNAT - ok
23:05:02.0440 60704 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:05:02.0456 60704 IRENUM - ok
23:05:02.0549 60704 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
23:05:02.0549 60704 isapnp - ok
23:05:02.0705 60704 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
23:05:02.0705 60704 iScsiPrt - ok
23:05:02.0783 60704 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:05:02.0783 60704 iteatapi - ok
23:05:02.0846 60704 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:05:02.0846 60704 iteraid - ok
23:05:03.0017 60704 jswpslwf (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys
23:05:03.0017 60704 jswpslwf - ok
23:05:03.0126 60704 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:05:03.0126 60704 kbdclass - ok
23:05:03.0236 60704 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
23:05:03.0236 60704 kbdhid - ok
23:05:03.0532 60704 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
23:05:03.0563 60704 KSecDD - ok
23:05:03.0797 60704 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:05:03.0797 60704 lltdio - ok
23:05:03.0875 60704 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
23:05:03.0891 60704 LSI_FC - ok
23:05:04.0156 60704 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
23:05:04.0156 60704 LSI_SAS - ok
23:05:04.0281 60704 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
23:05:04.0296 60704 LSI_SCSI - ok
23:05:04.0359 60704 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:05:04.0374 60704 luafv - ok
23:05:04.0406 60704 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:05:04.0406 60704 mdmxsdk - ok
23:05:04.0468 60704 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
23:05:04.0468 60704 megasas - ok
23:05:04.0671 60704 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:05:04.0671 60704 Modem - ok
23:05:04.0905 60704 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:05:04.0920 60704 monitor - ok
23:05:05.0014 60704 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:05:05.0030 60704 mouclass - ok
23:05:05.0123 60704 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:05:05.0139 60704 mouhid - ok
23:05:05.0154 60704 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:05:05.0170 60704 MountMgr - ok
23:05:05.0357 60704 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
23:05:05.0373 60704 mpio - ok
23:05:05.0529 60704 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:05:05.0544 60704 mpsdrv - ok
23:05:05.0654 60704 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:05:05.0654 60704 Mraid35x - ok
23:05:05.0794 60704 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
23:05:05.0810 60704 MRxDAV - ok
23:05:05.0934 60704 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:05:05.0950 60704 mrxsmb - ok
23:05:06.0059 60704 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:05:06.0075 60704 mrxsmb10 - ok
23:05:06.0231 60704 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:05:06.0231 60704 mrxsmb20 - ok
23:05:06.0309 60704 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
23:05:06.0309 60704 msahci - ok
23:05:06.0590 60704 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
23:05:06.0605 60704 msdsm - ok
23:05:06.0792 60704 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:05:06.0808 60704 Msfs - ok
23:05:06.0886 60704 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:05:06.0886 60704 msisadrv - ok
23:05:07.0120 60704 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:05:07.0120 60704 MSKSSRV - ok
23:05:07.0229 60704 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:05:07.0245 60704 MSPCLOCK - ok
23:05:07.0370 60704 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:05:07.0370 60704 MSPQM - ok
23:05:07.0448 60704 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
23:05:07.0463 60704 MsRPC - ok
23:05:07.0572 60704 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:05:07.0588 60704 mssmbios - ok
23:05:07.0697 60704 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:05:07.0713 60704 MSTEE - ok
23:05:07.0853 60704 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
23:05:07.0853 60704 Mup - ok
23:05:08.0025 60704 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
23:05:08.0056 60704 NativeWifiP - ok
23:05:08.0150 60704 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
23:05:08.0165 60704 NDIS - ok
23:05:08.0243 60704 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:05:08.0243 60704 NdisTapi - ok
23:05:08.0290 60704 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:05:08.0290 60704 Ndisuio - ok
23:05:08.0368 60704 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
23:05:08.0384 60704 NdisWan - ok
23:05:08.0430 60704 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:05:08.0446 60704 NDProxy - ok
23:05:08.0508 60704 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:05:08.0508 60704 NetBIOS - ok
23:05:08.0555 60704 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
23:05:08.0555 60704 netbt - ok
23:05:08.0633 60704 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:05:08.0633 60704 nfrd960 - ok
23:05:08.0696 60704 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
23:05:08.0711 60704 Npfs - ok
23:05:08.0742 60704 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:05:08.0742 60704 nsiproxy - ok
23:05:08.0805 60704 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
23:05:08.0836 60704 Ntfs - ok
23:05:08.0914 60704 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:05:08.0914 60704 ntrigdigi - ok
23:05:08.0945 60704 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:05:08.0945 60704 Null - ok
23:05:09.0101 60704 nvlddmkm (b02587fa997723297384c95f424e78fa) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:05:09.0226 60704 nvlddmkm - ok
23:05:09.0335 60704 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
23:05:09.0351 60704 nvraid - ok
23:05:09.0398 60704 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
23:05:09.0413 60704 nvstor - ok
23:05:09.0491 60704 nvstor32 (a1ce1a6fd74c046f029448fcfa5e386d) C:\Windows\system32\DRIVERS\nvstor32.sys
23:05:09.0491 60704 nvstor32 - ok
23:05:09.0585 60704 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
23:05:09.0585 60704 nv_agp - ok
23:05:09.0600 60704 NwlnkFlt - ok
23:05:09.0616 60704 NwlnkFwd - ok
23:05:09.0663 60704 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
23:05:09.0663 60704 ohci1394 - ok
23:05:09.0741 60704 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:05:09.0741 60704 Parport - ok
23:05:09.0819 60704 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
23:05:09.0834 60704 partmgr - ok
23:05:09.0881 60704 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:05:09.0897 60704 Parvdm - ok
23:05:09.0959 60704 pavboot (210a628a0d7b3f45257850efbff27538) C:\Windows\system32\drivers\pavboot.sys
23:05:09.0975 60704 pavboot - ok
23:05:10.0100 60704 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
23:05:10.0100 60704 pci - ok
23:05:10.0162 60704 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
23:05:10.0162 60704 pciide - ok
23:05:10.0240 60704 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:05:10.0256 60704 pcmcia - ok
23:05:10.0380 60704 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:05:10.0412 60704 PEAUTH - ok
23:05:10.0583 60704 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:05:10.0583 60704 PptpMiniport - ok
23:05:10.0646 60704 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
23:05:10.0646 60704 Processor - ok
23:05:10.0708 60704 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
23:05:10.0708 60704 PSched - ok
23:05:10.0786 60704 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
23:05:10.0786 60704 PxHelp20 - ok
23:05:10.0911 60704 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
23:05:10.0926 60704 ql2300 - ok
23:05:10.0973 60704 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:05:10.0973 60704 ql40xx - ok
23:05:11.0067 60704 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:05:11.0067 60704 QWAVEdrv - ok
23:05:11.0207 60704 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
23:05:11.0254 60704 R300 - ok
23:05:11.0379 60704 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:05:11.0379 60704 RasAcd - ok
23:05:11.0457 60704 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:05:11.0472 60704 Rasl2tp - ok
23:05:11.0519 60704 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
23:05:11.0550 60704 RasPppoe - ok
23:05:11.0597 60704 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
23:05:11.0597 60704 RasSstp - ok
23:05:11.0644 60704 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
23:05:11.0644 60704 rdbss - ok
23:05:11.0738 60704 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:05:11.0753 60704 RDPCDD - ok
23:05:11.0800 60704 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
23:05:11.0800 60704 rdpdr - ok
23:05:11.0831 60704 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:05:11.0831 60704 RDPENCDD - ok
23:05:11.0894 60704 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
23:05:11.0894 60704 RDPWD - ok
23:05:11.0987 60704 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:05:11.0987 60704 rspndr - ok
23:05:12.0081 60704 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:05:12.0081 60704 SASDIFSV - ok
23:05:12.0112 60704 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:05:12.0112 60704 SASKUTIL - ok
23:05:12.0190 60704 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:05:12.0206 60704 sbp2port - ok
23:05:12.0252 60704 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
23:05:12.0268 60704 SCMNdisP - ok
23:05:12.0330 60704 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:05:12.0330 60704 secdrv - ok
23:05:12.0377 60704 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:05:12.0377 60704 Serenum - ok
23:05:12.0408 60704 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:05:12.0424 60704 Serial - ok
23:05:12.0502 60704 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:05:12.0518 60704 sermouse - ok
23:05:12.0580 60704 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
23:05:12.0580 60704 sffdisk - ok
23:05:12.0627 60704 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
23:05:12.0627 60704 sffp_mmc - ok
23:05:12.0658 60704 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
23:05:12.0658 60704 sffp_sd - ok
23:05:12.0736 60704 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:05:12.0736 60704 sfloppy - ok
23:05:12.0783 60704 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
23:05:12.0783 60704 sisagp - ok
23:05:12.0814 60704 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
23:05:12.0830 60704 SiSRaid2 - ok
23:05:12.0861 60704 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
23:05:12.0861 60704 SiSRaid4 - ok
23:05:12.0923 60704 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
23:05:12.0923 60704 Smb - ok
23:05:13.0017 60704 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:05:13.0017 60704 spldr - ok
23:05:13.0079 60704 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
23:05:13.0095 60704 srv - ok
23:05:13.0142 60704 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
23:05:13.0157 60704 srv2 - ok
23:05:13.0251 60704 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
23:05:13.0251 60704 srvnet - ok
23:05:13.0376 60704 STHDA (ab2059ae6d9243c502c86824bc40439e) C:\Windows\system32\drivers\stwrt.sys
23:05:13.0407 60704 STHDA - ok
23:05:13.0500 60704 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:05:13.0500 60704 swenum - ok
23:05:13.0594 60704 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:05:13.0594 60704 Symc8xx - ok
23:05:13.0625 60704 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:05:13.0625 60704 Sym_hi - ok
23:05:13.0656 60704 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:05:13.0672 60704 Sym_u3 - ok
23:05:13.0781 60704 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
23:05:13.0797 60704 Tcpip - ok
23:05:13.0875 60704 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
23:05:13.0890 60704 Tcpip6 - ok
23:05:13.0922 60704 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
23:05:13.0922 60704 tcpipreg - ok
23:05:13.0968 60704 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:05:13.0968 60704 TDPIPE - ok
23:05:14.0000 60704 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:05:14.0000 60704 TDTCP - ok
23:05:14.0046 60704 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
23:05:14.0062 60704 tdx - ok
23:05:14.0140 60704 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
23:05:14.0156 60704 TermDD - ok
23:05:14.0234 60704 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\Windows\system32\DRIVERS\tmcomm.sys
23:05:14.0234 60704 tmcomm - ok
23:05:14.0374 60704 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:05:14.0374 60704 tssecsrv - ok
23:05:14.0436 60704 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:05:14.0436 60704 tunmp - ok
23:05:14.0468 60704 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
23:05:14.0483 60704 tunnel - ok
23:05:14.0592 60704 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
23:05:14.0592 60704 uagp35 - ok
23:05:14.0655 60704 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
23:05:14.0670 60704 udfs - ok
23:05:14.0780 60704 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
23:05:14.0795 60704 uliagpkx - ok
23:05:14.0904 60704 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
23:05:14.0920 60704 uliahci - ok
23:05:14.0967 60704 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:05:14.0967 60704 UlSata - ok
23:05:15.0045 60704 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:05:15.0045 60704 ulsata2 - ok
23:05:15.0123 60704 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:05:15.0123 60704 umbus - ok
23:05:15.0263 60704 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:05:15.0263 60704 usbccgp - ok
23:05:15.0326 60704 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:05:15.0341 60704 usbcir - ok
23:05:15.0419 60704 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
23:05:15.0435 60704 usbehci - ok
23:05:15.0544 60704 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
23:05:15.0575 60704 usbhub - ok
23:05:15.0622 60704 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
23:05:15.0622 60704 usbohci - ok
23:05:15.0669 60704 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:05:15.0669 60704 usbprint - ok
23:05:15.0778 60704 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:05:15.0778 60704 usbscan - ok
23:05:15.0809 60704 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:05:15.0825 60704 USBSTOR - ok
23:05:15.0872 60704 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
23:05:15.0872 60704 usbuhci - ok
23:05:15.0934 60704 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
23:05:15.0950 60704 vga - ok
23:05:16.0028 60704 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:05:16.0028 60704 VgaSave - ok
23:05:16.0059 60704 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
23:05:16.0074 60704 viaagp - ok
23:05:16.0121 60704 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
23:05:16.0121 60704 ViaC7 - ok
23:05:16.0152 60704 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
23:05:16.0152 60704 viaide - ok
23:05:16.0215 60704 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:05:16.0215 60704 volmgr - ok
23:05:16.0308 60704 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
23:05:16.0324 60704 volmgrx - ok
23:05:16.0402 60704 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
23:05:16.0418 60704 volsnap - ok
23:05:16.0480 60704 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
23:05:16.0480 60704 vsmraid - ok
23:05:16.0620 60704 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:05:16.0636 60704 WacomPen - ok
23:05:16.0714 60704 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:05:16.0714 60704 Wanarp - ok
23:05:16.0761 60704 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:05:16.0761 60704 Wanarpv6 - ok
23:05:16.0839 60704 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
23:05:16.0854 60704 Wd - ok
23:05:16.0964 60704 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:05:16.0979 60704 Wdf01000 - ok
23:05:17.0073 60704 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:05:17.0088 60704 winachsf - ok
23:05:17.0182 60704 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
23:05:17.0182 60704 WmiAcpi - ok
23:05:17.0307 60704 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
23:05:17.0322 60704 WpdUsb - ok
23:05:17.0385 60704 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:05:17.0385 60704 ws2ifsl - ok
23:05:17.0478 60704 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:05:17.0494 60704 WUDFRd - ok
23:05:17.0588 60704 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
23:05:17.0588 60704 XAudio - ok
23:05:17.0666 60704 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:05:17.0712 60704 \Device\Harddisk0\DR0 - ok
23:05:17.0759 60704 Boot (0x1200) (b56070a4a8e3abf144f6ddd21a0f2946) \Device\Harddisk0\DR0\Partition0
23:05:17.0759 60704 \Device\Harddisk0\DR0\Partition0 - ok
23:05:17.0775 60704 Boot (0x1200) (ddac3638f7da4ede17b684c8e01f3170) \Device\Harddisk0\DR0\Partition1
23:05:17.0775 60704 \Device\Harddisk0\DR0\Partition1 - ok
23:05:17.0790 60704 ============================================================
23:05:17.0790 60704 Scan finished
23:05:17.0790 60704 ============================================================
23:05:17.0837 60692 Detected object count: 0
23:05:17.0837 60692 Actual detected object count: 0

#10 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:42 PM

Posted 25 January 2012 - 07:40 PM

Not much there to worry about. You can delete combofix like this:
start>run and type in:
combofix /uninstall
click ok or enter
note the space after the x and before the /

You can delete the tdsskiller icon from the desktop.

You may want to try the free Panda Cloud AV instead of AVG. Panda will be lighter on system resources. Uninstall AVG via the add/remove programs panel first if you try it.

How Can I Reduce My Risk to Malware?


#11 nearfantastica

nearfantastica
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 30 January 2012 - 10:51 PM

Thank you for looking over the logs! I was a bit worried when I did a little research on that Gamevance. One thing said it was critical and could be a very malicious threat, so better to be safe! I will look into the Panda AV and also into getting them some more memory for the computer. Thanks again!

#12 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:42 PM

Posted 01 February 2012 - 07:33 PM

ok, no problem. If all you had was Gamevance (adware) then your doing good compared to most of the other posters. Note the free version of malwarebytes must be updated manually and a scan started manually. You can delete the tdsskiller icon from your desktop.
For your reference;


10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes, media players, browser plugins and add-ons. More and more third party applications are being targeted. Not sure if you are using the latest version of software? Check their version status and get the updates here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks.

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) The why and how to secure your browser for safer surfing.

10) Warez, cracks, keygens etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. A file can be named anything, be nothing but malware or have malware bundled in it.
Do you really trust the source?

More info/tips with pictures in links below.

Happy Safe Surfing.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users