also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot

[Resolved] Hit By Malware Part 2?

Discussion in 'Virus and Malware Removal' started by tcbrb46, Apr 22, 2011.

Thread Status:
Not open for further replies.

  1. tcbrb46 Newcomer, in training

    Computer started to Freeze again when security programs run. Last couple of days Windows Defender runs 2:00 am computer froze when I get up in the morning. Ran Malwarebytes froze in System32, Ran Super Antivirus froze. This time I was able to run both programs in Safe Mode. Files are provided. The last couple of days I added ZoneAlarm and changed third party cookies(blocked in tools) was going to see if things worked ok then I was going to download Spybot and Spyware Blaster. However, I don't like to download everything at the same time in case there are problems with one. So before I do I wanted to check with you. Everything seemed ok after our last session. Malwarebytes and SuperAntivirus ran completely. Now the freeze up started again. I could not see anything new like I did last time with Best Malware Protection. I have read that sometimes Windows Defender can cause problems? Please advise



    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6419

    Windows 6.0.6002 Service Pack 2 (Safe Mode)
    Internet Explorer 9.0.8112.16421

    4/22/2011 3:35:17 PM
    mbam-log-2011-04-22 (15-35-17).txt

    Scan type: Quick scan
    Objects scanned: 185331
    Time elapsed: 4 minute(s), 48 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 04/22/2011 at 03:55 PM

    Application Version : 4.51.1000

    Core Rules Database Version : 6897
    Trace Rules Database Version: 4709

    Scan type : Quick Scan
    Total Scan Time : 00:15:32

    Memory items scanned : 273
    Memory threats detected : 0
    Registry items scanned : 2671
    Registry threats detected : 0
    File items scanned : 14056
    File threats detected : 46

    Adware.Tracking Cookie
    media.socialvibe.com [ C:\Users\bandit\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5M9MGPAK ]
    msnbcmedia.msn.com [ C:\Users\bandit\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5M9MGPAK ]
    secure-us.imrworldwide.com [ C:\Users\bandit\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5M9MGPAK ]
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@imrworldwide[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@tacoda.at.atwola[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@pointroll[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@revsci[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@advertising[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@ads.pointroll[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@doubleclick[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@clickbooth[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@ad.yieldmanager[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@ad.yieldmanager[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@lucidmedia[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@zedo[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@www.stopzilla[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@interclick[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@specificmedia[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@atdmt[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@segment-pixel.invitemedia[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@invitemedia[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@media6degrees[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@jmp.clickbooth[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@collective-media[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@eyewonder[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@apmebf[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@adbrite[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@ar.atwola[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@mediaplex[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@bs.serving-sys[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@stopzilla[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@media.fans.kings.nhl[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@legolas-media[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@2o7[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@c5.zedo[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@nhl.112.2o7[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@tribalfusion[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@serving-sys[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@g-pixel.invitemedia[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@at.atwola[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@trafficmp[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@questionmarket[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@specificclick[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@tacoda[2].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@mediabrandsww[1].txt
    C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@ad.wsod[2].txt
    tcbrb46, Apr 22, 2011
    #1

  2. Bobbye Helper on the Fringe

    Okay- give me a chance to review these logs and the previous thread. EDIT: After you reset the Cookies, go on to my next reply.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    About this:
    Please go back and make sure 3rd party Cookies are not allowed. These are for all the ads, banners and other trash on the site. You only need to accept 1st party Cookie which is for the site itself.

    Never compromise your security!
    Bobbye, Apr 23, 2011
    #2

  3. Bobbye Helper on the Fringe

    If you followed everything I asked you to do in the previous thread, you don't need to run GMER or DDS again. I had your system clean a few days ago and I'm thinking there may be a system problem causing these freezes.

    So let's do this instead: Remember, if the Recovery Console is already on the system, you won't get the query about it.
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.**
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===============================
    I'd like you to try and force the freeze> try to run a security program. If the system freezes, note the time on the computer clock so you can tell me. Errors are time coded. You can reboot if you need to to recover from the freeze, then immediately run this:

    Please download VEW and save it to your Desktop:

    Setting up the program

    Double-click VEW.exe to run.

    • Select log to query, select
    • Application
    • System

      Under Select type to list, select:
    • Critical (Vista only)
    • Error

      Click the radio button for Number of events
    • Type 10 in the 1 to 20 box
    • Then click the Run button.
    • Notepad will open with the output log.

      Load the log
    • In Notepad, click Edit> Select all
    • Then press Edit > Copy
    • Press Ctrl+V on your keyboard to paste the log to your next reply.
    (Courtesy rev-Olie)
    Do what you can in Normal Mode. some processes don't start in Safe Mode and I don't want to waste errors telling me that!
    Bobbye, Apr 23, 2011
    #3

  4. tcbrb46 Newcomer, in training

    Hit By Malware Part 2?-Bobbye

    3rd party cookies was still blocked. After combofix I ran malwarebytes. It stopped at 2min.15sec. at windows\system32\mspbde40.dll

    Downloaded VEW. Followed instructions placed a zero where it said 1-20. Kept telling me to choose 1-20. Program did not continue. Notepad did not open.

    I just noticed that defender was running. When I shut it off a couple of days ago I thought I had to turn it on again manualy. Should I do this over?

    ComboFix 11-04-22.03 - bandit 04/23/2011 12:19:12.7.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1518 [GMT -4:00]
    Running from: c:\users\bandit\Downloads\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-23 to 2011-04-23 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-23 16:28 . 2011-04-23 16:28 -------- d-----w- c:\users\Public\AppData\Local\temp
    2011-04-23 16:28 . 2011-04-23 16:28 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
    2011-04-23 16:28 . 2011-04-23 16:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-23 12:15 . 2011-04-23 12:15 -------- d-----w- c:\users\bandit\AppData\Local\{41C471CC-ED5B-40B5-AC31-82F1A7080593}
    2011-04-23 02:36 . 2011-04-23 16:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-04-23 02:36 . 2011-04-23 02:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-04-23 02:24 . 2011-04-23 11:05 -------- d-----w- c:\program files\SpywareBlaster
    2011-04-23 00:15 . 2011-04-23 00:15 -------- d-----w- c:\users\bandit\AppData\Local\{80981440-5EEF-46BC-88C3-D11E92F9E023}
    2011-04-22 12:14 . 2011-04-22 12:14 -------- d-----w- c:\users\bandit\AppData\Local\{9A724B63-79B1-4EC4-8402-0AAB1E896BF8}
    2011-04-22 05:44 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A58EA1C-55E4-4C2D-A443-71C63B6A3E0F}\mpengine.dll
    2011-04-21 22:42 . 2011-04-21 22:42 -------- d-----w- c:\users\bandit\AppData\Local\{BB7CDDE0-723C-43DD-87F3-D49F4011D652}
    2011-04-21 20:47 . 2011-04-21 20:47 -------- d-----w- c:\users\bandit\AppData\Roaming\CheckPoint
    2011-04-21 20:46 . 2010-05-15 20:30 457304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
    2011-04-21 20:46 . 2011-04-21 20:46 -------- d-----w- c:\program files\Zone Labs
    2011-04-21 20:46 . 2011-04-23 16:32 -------- d-----w- c:\windows\Internet Logs
    2011-04-21 20:36 . 2011-04-21 20:36 -------- d-----w- c:\programdata\ZA_PreservedFiles
    2011-04-21 20:19 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-04-21 20:17 . 2011-04-21 20:17 -------- d-----w- c:\programdata\CheckPoint
    2011-04-21 10:41 . 2011-04-21 10:41 -------- d-----w- c:\users\bandit\AppData\Local\{D647708A-A7F5-4B26-A6E3-54141B34C1A4}
    2011-04-20 18:34 . 2011-04-20 18:34 -------- d-----w- c:\users\bandit\AppData\Local\{BBA32549-20A2-489C-8D41-9B5FED52A670}
    2011-04-17 17:37 . 2011-04-17 17:37 -------- d-----w- c:\users\bandit\AppData\Local\{54B3C084-B759-4984-8FAB-E3EE35F2CB6A}
    2011-04-17 11:25 . 2011-04-17 11:25 -------- d-----w- c:\users\bandit\AppData\Local\{9871DB89-ADE3-4CDA-84DB-222C0CAA56A3}
    2011-04-16 22:59 . 2011-04-16 22:59 -------- d-----w- c:\users\bandit\AppData\Local\{A0BCB5FF-7895-4FD2-BFCE-663965D284EC}
    2011-04-16 22:24 . 2011-04-23 16:35 -------- d-----w- c:\users\bandit\AppData\Local\temp
    2011-04-16 10:56 . 2011-04-16 10:56 -------- d-----w- c:\users\bandit\AppData\Local\{846CA33D-1861-4879-B68F-BD2C59B2A27F}
    2011-04-15 21:58 . 2002-11-12 16:22 569397 ----a-w- c:\program files\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll
    2011-04-14 12:13 . 2011-04-14 12:13 -------- d-----w- c:\users\bandit\AppData\Local\{EEB5146B-6B3D-45A7-9265-ECCDBFA5C3D2}
    2011-04-13 20:49 . 2011-04-13 20:49 388096 ----a-r- c:\users\bandit\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-04-13 15:23 . 2011-04-13 15:23 -------- d-----w- c:\users\bandit\AppData\Local\{C493ACB2-BEEB-409A-B379-49848A6B4693}
    2011-04-12 12:05 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-12 12:05 . 2011-04-16 11:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-12 12:05 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-12 11:55 . 2011-04-12 11:55 -------- d-----w- c:\users\bandit\AppData\Local\{4AABA6FA-DAE2-4073-8EBB-314FC229AD92}
    2011-04-10 03:47 . 2011-04-10 18:58 -------- d-sh--w- c:\programdata\BMOMLEGTCEP
    2011-04-10 03:47 . 2011-04-17 17:32 -------- d-sh--w- c:\programdata\92f7a8
    2011-04-09 03:27 . 2011-04-10 15:28 -------- d-----w- c:\users\bandit\AppData\Local\{A15DAA33-3E1F-4155-BF26-8C3550777BA8}
    2011-04-07 00:47 . 2011-04-07 00:47 -------- d-----w- c:\users\bandit\AppData\Local\{C1E2E3B1-825A-4990-AB5C-EF0E2C4E25F3}
    2011-04-04 19:18 . 2011-04-05 19:19 -------- d-----w- c:\users\bandit\AppData\Local\{D20D988D-B267-4AFA-829D-B50701341537}
    2011-04-04 19:11 . 2011-04-17 17:32 -------- d-----w- c:\users\Sawyer
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-17 10:35 . 2010-09-28 15:32 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-03-10 20:39 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-02-22 14:13 . 2011-03-23 01:03 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33 . 2011-03-23 01:03 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33 . 2011-03-23 01:03 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-22 11:51 . 2010-04-23 10:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 22:11 . 2009-10-03 06:19 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
    .
    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    2010-12-01 16:27 2735200 ----a-w- c:\program files\ZoneAlarm_Security\tbZone.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
    .
    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
    "Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536]
    "HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
    "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
    "CTxfiHlp"="CTXFIHLP.EXE" [2008-02-21 23552]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
    .
    c:\users\Sawyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\users\bandit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 715568]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
    Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2010-01-19 04:55 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
    R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
    R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-10-30 12872]
    R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-10-30 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-10-30 67656]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
    S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
    S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
    S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 26872]
    S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 488952]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
    S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-04-17 120472]
    S3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\DRIVERS\xcbda.sys [2007-09-07 156928]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-12 c:\windows\Tasks\HPCeeScheduleForbandit.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-11-14 00:55]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTxfiHlp = CTXFIHLP.EXE?
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(688)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    - - - - - - - > 'Explorer.exe'(1512)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    c:\windows\system32\btmmhook.dll
    c:\windows\system32\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Microsoft\BingBar\SeaPort.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\RtHDVCpl.exe
    c:\windows\System32\rundll32.exe
    c:\windows\ehome\ehmsas.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\SYSTEM32\CTXFISPI.EXE
    c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2011-04-23 12:39:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-04-23 16:39
    .
    Pre-Run: 411,436,109,824 bytes free
    Post-Run: 411,350,544,384 bytes free
    .
    - - End Of File - - 5472AB121A8EDC99AECFACF554CB3B82
    tcbrb46, Apr 23, 2011
    #4

  5. tcbrb46 Newcomer, in training

    Hit By Malware Part 2?-Bobbye

    I found the recent combofix quarantine files on the last run in a separate file. Wasn't sure if this is important with the last post. So I thought I should send it for you to look at.

    2011-04-23 16:35:24 . 2011-04-23 16:35:24 54,024 ----a-w- C:\Qoobox\Quarantine\C\Windows\Temp\logishrd\_LVPrcInj01_.dll.zip
    2011-04-23 16:16:19 . 2011-04-23 16:35:31 248 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2011-04-23 11:24:01 . 2009-04-30 20:01:00 109,080 ----a-w- C:\Qoobox\Quarantine\C\Windows\Temp\logishrd\LVPrcInj01.dll.vir
    2011-04-16 22:12:29 . 2011-04-23 16:25:20 6,538 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    tcbrb46, Apr 23, 2011
    #5

  6. Bobbye Helper on the Fringe

    Oh gosh! I'm sorry- I meant to change the # of Errors to 10 instead of the 20 that was already in. :eek:Old dopey me deleted the 2 and didn't put the 1 in. Please try it again. I made the correction in the previous reply. Will also follow in a bit checking Combofix.

    Please download VEW and save it to your Desktop:

    Setting up the program

    Double-click VEW.exe to run.

    • Select log to query, select
    • Application
    • System

      Under Select type to list, select:
    • Critical (Vista only)
    • Error

      Click the radio button for Number of events
    • Type 10 in the 1 to 20 box
    • Then click the Run button.
    • Notepad will open with the output log.

      Load the log
    • In Notepad, click Edit> Select all
    • Then press Edit > Copy
    • Press Ctrl+V on your keyboard to paste the log to your next reply.
    (Courtesy rev-Olie)
    ================================
    Regarding this:
    The Qoobox is where Combofix sends the quarantined entries. They are no longer active in the system. It is usually removed when Combofix is uninstalled.
    Bobbye, Apr 23, 2011
    #6

  7. tcbrb46 Newcomer, in training

    Hit By Malware Part 2?-Bobbye

    Downloaded VEW had to find it in downloads and placed short cut on desktop. did not have a choice to save to the desktop. Tried to run and kept getting error message. run-time error "75": path file access error. I used 10 instead of 0. do I need to close everything including anti virus?
    tcbrb46, Apr 23, 2011
    #7

  8. Bobbye Helper on the Fringe

    Please run the following- wait on trying VEW again:

    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.

    The only problem you have is that when you try to do a security scan, the system freezes> is this correct?
    Do you have to reboot to get the system back?
    Bobbye, Apr 25, 2011
    #8

  9. tcbrb46 Newcomer, in training

    Hit By Malware Part 2?-Bobbye

    I will download the program. Yes I have to reboot anytime I use Malwarebytes, Superantivirus, spybot etc. they all freeze the computer at some point when they run.
    tcbrb46, Apr 25, 2011
    #9

  10. Bobbye Helper on the Fringe

    If it's a rootkit, hopefully this will help. Leave the logs when ready.
    Bobbye, Apr 25, 2011
    #10

  11. tcbrb46 Newcomer, in training

    Hit By Malware Part 2?-Bobbye

    Nothing found



    2011/04/25 19:54:41.0393 4588 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/25 19:54:43.0393 4588 ================================================================================
    2011/04/25 19:54:43.0393 4588 SystemInfo:
    2011/04/25 19:54:43.0394 4588
    2011/04/25 19:54:43.0394 4588 OS Version: 6.0.6002 ServicePack: 2.0
    2011/04/25 19:54:43.0394 4588 Product type: Workstation
    2011/04/25 19:54:43.0394 4588 ComputerName: HOME
    2011/04/25 19:54:43.0394 4588 UserName: bandit
    2011/04/25 19:54:43.0394 4588 Windows directory: C:\Windows
    2011/04/25 19:54:43.0394 4588 System windows directory: C:\Windows
    2011/04/25 19:54:43.0394 4588 Processor architecture: Intel x86
    2011/04/25 19:54:43.0394 4588 Number of processors: 4
    2011/04/25 19:54:43.0394 4588 Page size: 0x1000
    2011/04/25 19:54:43.0394 4588 Boot type: Normal boot
    2011/04/25 19:54:43.0394 4588 ================================================================================
    2011/04/25 19:54:43.0700 4588 Initialize success
    2011/04/25 19:55:50.0477 3524 ================================================================================
    2011/04/25 19:55:50.0477 3524 Scan started
    2011/04/25 19:55:50.0477 3524 Mode: Manual;
    2011/04/25 19:55:50.0477 3524 ================================================================================
    2011/04/25 19:55:51.0145 3524 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/04/25 19:55:51.0218 3524 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/04/25 19:55:51.0300 3524 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/04/25 19:55:51.0333 3524 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/04/25 19:55:51.0377 3524 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/04/25 19:55:51.0485 3524 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/04/25 19:55:51.0531 3524 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2011/04/25 19:55:51.0577 3524 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/04/25 19:55:51.0615 3524 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2011/04/25 19:55:51.0647 3524 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/04/25 19:55:51.0694 3524 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2011/04/25 19:55:51.0716 3524 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/04/25 19:55:51.0741 3524 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2011/04/25 19:55:51.0925 3524 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/04/25 19:55:51.0972 3524 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/04/25 19:55:52.0037 3524 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/04/25 19:55:52.0053 3524 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
    2011/04/25 19:55:52.0140 3524 athr (7b58b2fd287948466fc2887561d6f674) C:\Windows\system32\DRIVERS\athr.sys
    2011/04/25 19:55:52.0217 3524 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
    2011/04/25 19:55:52.0236 3524 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
    2011/04/25 19:55:52.0300 3524 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/04/25 19:55:52.0465 3524 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    2011/04/25 19:55:52.0508 3524 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/04/25 19:55:52.0528 3524 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/04/25 19:55:52.0576 3524 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/04/25 19:55:52.0597 3524 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/04/25 19:55:52.0642 3524 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/04/25 19:55:52.0672 3524 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/04/25 19:55:52.0742 3524 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/04/25 19:55:52.0780 3524 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/04/25 19:55:52.0836 3524 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/04/25 19:55:52.0876 3524 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
    2011/04/25 19:55:52.0909 3524 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/04/25 19:55:52.0951 3524 btwaudio (f064be7316889ec0a63f8a91856047a1) C:\Windows\system32\drivers\btwaudio.sys
    2011/04/25 19:55:52.0985 3524 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
    2011/04/25 19:55:53.0029 3524 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
    2011/04/25 19:55:53.0225 3524 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/04/25 19:55:53.0297 3524 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/04/25 19:55:53.0361 3524 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
    2011/04/25 19:55:53.0417 3524 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/04/25 19:55:53.0484 3524 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2011/04/25 19:55:53.0506 3524 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
    2011/04/25 19:55:53.0551 3524 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/04/25 19:55:53.0576 3524 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/04/25 19:55:53.0692 3524 CT20XUT.DLL (fb466dc89962c8fe92031928ca267e02) C:\Windows\system32\CT20XUT.DLL
    2011/04/25 19:55:53.0760 3524 ctac32k (3bfcca0d8117d62edda80f17f9d07332) C:\Windows\system32\drivers\ctac32k.sys
    2011/04/25 19:55:53.0856 3524 ctaud2k (40e20da0134b0950c1fc3e4f80a888a4) C:\Windows\system32\drivers\ctaud2k.sys
    2011/04/25 19:55:53.0919 3524 CTEXFIFX.DLL (c8753d58e08d694c6e5462054c137667) C:\Windows\system32\CTEXFIFX.DLL
    2011/04/25 19:55:53.0994 3524 CTHWIUT.DLL (984acbaaf5c3a82ebe378f13cc84a3b9) C:\Windows\system32\CTHWIUT.DLL
    2011/04/25 19:55:54.0014 3524 ctprxy2k (74f15d0a00a682a1182bdbb262bb342b) C:\Windows\system32\drivers\ctprxy2k.sys
    2011/04/25 19:55:54.0036 3524 ctsfm2k (35a21513552a91d868f425b34e72d4e0) C:\Windows\system32\drivers\ctsfm2k.sys
    2011/04/25 19:55:54.0118 3524 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/04/25 19:55:54.0205 3524 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/04/25 19:55:54.0281 3524 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/04/25 19:55:54.0364 3524 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/04/25 19:55:54.0455 3524 e1express (88b16142b40cc080a2d86ae769a30396) C:\Windows\system32\DRIVERS\e1e6032.sys
    2011/04/25 19:55:54.0503 3524 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/04/25 19:55:54.0597 3524 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/04/25 19:55:54.0648 3524 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/04/25 19:55:54.0727 3524 emupia (c0807ee755e2754e30d297c363736fd3) C:\Windows\system32\drivers\emupia2k.sys
    2011/04/25 19:55:54.0816 3524 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/04/25 19:55:54.0887 3524 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/04/25 19:55:54.0959 3524 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/04/25 19:55:55.0006 3524 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/04/25 19:55:55.0038 3524 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/04/25 19:55:55.0058 3524 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/04/25 19:55:55.0090 3524 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/04/25 19:55:55.0172 3524 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    2011/04/25 19:55:55.0210 3524 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/04/25 19:55:55.0253 3524 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/04/25 19:55:55.0316 3524 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/04/25 19:55:55.0385 3524 ha20x2k (8478c5e1e7fa5763cdc5ee57c28adee1) C:\Windows\system32\drivers\ha20x2k.sys
    2011/04/25 19:55:55.0510 3524 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
    2011/04/25 19:55:55.0623 3524 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/04/25 19:55:55.0660 3524 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/04/25 19:55:55.0684 3524 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
    2011/04/25 19:55:55.0753 3524 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/04/25 19:55:55.0801 3524 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/04/25 19:55:55.0873 3524 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/04/25 19:55:55.0906 3524 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/04/25 19:55:55.0950 3524 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/04/25 19:55:56.0005 3524 iaStor (25c3d5f66a74a7bddeca56085f040d2e) C:\Windows\system32\drivers\iastor.sys
    2011/04/25 19:55:56.0039 3524 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/04/25 19:55:56.0092 3524 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/04/25 19:55:56.0226 3524 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/04/25 19:55:56.0354 3524 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    2011/04/25 19:55:56.0405 3524 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/04/25 19:55:56.0473 3524 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/04/25 19:55:56.0528 3524 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/04/25 19:55:56.0586 3524 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/04/25 19:55:56.0634 3524 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/04/25 19:55:56.0662 3524 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/04/25 19:55:56.0741 3524 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/04/25 19:55:56.0851 3524 ISWKL (eb8594268cf50baaecbe82d70c833533) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
    2011/04/25 19:55:56.0915 3524 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/04/25 19:55:56.0987 3524 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/04/25 19:55:57.0081 3524 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/04/25 19:55:57.0466 3524 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/04/25 19:55:57.0507 3524 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/04/25 19:55:57.0596 3524 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/04/25 19:55:57.0677 3524 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/04/25 19:55:57.0717 3524 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/04/25 19:55:57.0738 3524 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/04/25 19:55:57.0796 3524 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/04/25 19:55:57.0842 3524 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
    2011/04/25 19:55:57.0903 3524 LVRS (87ecce893d8aec5a9337b917742d339c) C:\Windows\system32\DRIVERS\lvrs.sys
    2011/04/25 19:55:57.0939 3524 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\drivers\LVUSBSta.sys
    2011/04/25 19:55:57.0984 3524 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/04/25 19:55:58.0013 3524 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/04/25 19:55:58.0040 3524 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/04/25 19:55:58.0089 3524 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\Windows\system32\DRIVERS\motccgp.sys
    2011/04/25 19:55:58.0122 3524 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\Windows\system32\DRIVERS\motccgpfl.sys
    2011/04/25 19:55:58.0178 3524 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
    2011/04/25 19:55:58.0221 3524 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motport.sys
    2011/04/25 19:55:58.0255 3524 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/04/25 19:55:58.0283 3524 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/04/25 19:55:58.0328 3524 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/04/25 19:55:58.0357 3524 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/04/25 19:55:58.0382 3524 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/04/25 19:55:58.0409 3524 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/04/25 19:55:58.0471 3524 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/04/25 19:55:58.0540 3524 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/04/25 19:55:58.0607 3524 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/04/25 19:55:58.0651 3524 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/04/25 19:55:58.0686 3524 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2011/04/25 19:55:58.0746 3524 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/04/25 19:55:58.0791 3524 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/04/25 19:55:58.0823 3524 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/04/25 19:55:58.0864 3524 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/04/25 19:55:58.0887 3524 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/04/25 19:55:58.0904 3524 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/04/25 19:55:58.0966 3524 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/04/25 19:55:58.0992 3524 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/04/25 19:55:59.0014 3524 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/04/25 19:55:59.0052 3524 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/04/25 19:55:59.0145 3524 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/04/25 19:55:59.0229 3524 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/04/25 19:55:59.0283 3524 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/04/25 19:55:59.0326 3524 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/04/25 19:55:59.0390 3524 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/04/25 19:55:59.0437 3524 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/04/25 19:55:59.0487 3524 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/04/25 19:55:59.0557 3524 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/04/25 19:55:59.0608 3524 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/04/25 19:55:59.0676 3524 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/04/25 19:55:59.0699 3524 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/04/25 19:55:59.0790 3524 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/04/25 19:55:59.0851 3524 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/04/25 19:55:59.0867 3524 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/04/25 19:56:00.0092 3524 nvlddmkm (351265910a8ef5fc6cc4535a00054049) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/04/25 19:56:00.0255 3524 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2011/04/25 19:56:00.0275 3524 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2011/04/25 19:56:00.0304 3524 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2011/04/25 19:56:00.0422 3524 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/04/25 19:56:00.0454 3524 ossrv (323374a49d885ec956c1bded640e20eb) C:\Windows\system32\drivers\ctoss2k.sys
    2011/04/25 19:56:00.0490 3524 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/04/25 19:56:00.0552 3524 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/04/25 19:56:00.0568 3524 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/04/25 19:56:00.0646 3524 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/04/25 19:56:00.0660 3524 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    2011/04/25 19:56:00.0697 3524 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/04/25 19:56:00.0773 3524 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/04/25 19:56:00.0834 3524 pepifilter (b20f958b207e6aaac5f70d04dd2c30d8) C:\Windows\system32\DRIVERS\lv302af.sys
    2011/04/25 19:56:00.0947 3524 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
    2011/04/25 19:56:01.0102 3524 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/04/25 19:56:01.0131 3524 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/04/25 19:56:01.0203 3524 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/04/25 19:56:01.0272 3524 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
    2011/04/25 19:56:01.0307 3524 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/04/25 19:56:01.0374 3524 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/04/25 19:56:01.0409 3524 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/04/25 19:56:01.0466 3524 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/04/25 19:56:01.0505 3524 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/04/25 19:56:01.0539 3524 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/04/25 19:56:01.0604 3524 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/04/25 19:56:01.0644 3524 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/04/25 19:56:01.0685 3524 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/04/25 19:56:01.0701 3524 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/04/25 19:56:01.0734 3524 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2011/04/25 19:56:01.0751 3524 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/04/25 19:56:01.0807 3524 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/04/25 19:56:01.0925 3524 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/04/25 19:56:01.0977 3524 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/04/25 19:56:02.0039 3524 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2011/04/25 19:56:02.0067 3524 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    2011/04/25 19:56:02.0105 3524 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    2011/04/25 19:56:02.0133 3524 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/04/25 19:56:02.0210 3524 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/04/25 19:56:02.0250 3524 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/04/25 19:56:02.0283 3524 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/04/25 19:56:02.0337 3524 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/04/25 19:56:02.0372 3524 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
    2011/04/25 19:56:02.0396 3524 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/04/25 19:56:02.0418 3524 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
    2011/04/25 19:56:02.0437 3524 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/04/25 19:56:02.0470 3524 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2011/04/25 19:56:02.0510 3524 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/04/25 19:56:02.0531 3524 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/04/25 19:56:02.0616 3524 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/04/25 19:56:02.0660 3524 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/04/25 19:56:02.0725 3524 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    2011/04/25 19:56:02.0788 3524 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
    2011/04/25 19:56:02.0844 3524 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/04/25 19:56:02.0881 3524 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    2011/04/25 19:56:02.0935 3524 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/04/25 19:56:02.0955 3524 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/04/25 19:56:02.0973 3524 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/04/25 19:56:02.0987 3524 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/04/25 19:56:03.0081 3524 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
    2011/04/25 19:56:03.0151 3524 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/04/25 19:56:03.0218 3524 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
    2011/04/25 19:56:03.0261 3524 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/04/25 19:56:03.0285 3524 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/04/25 19:56:03.0352 3524 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/04/25 19:56:03.0411 3524 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/04/25 19:56:03.0473 3524 TotRec7 (7e55cbc1f285258c0475a8337f5ba324) C:\Windows\system32\drivers\TotRec7.sys
    2011/04/25 19:56:03.0506 3524 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/04/25 19:56:03.0550 3524 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/04/25 19:56:03.0613 3524 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/04/25 19:56:03.0652 3524 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2011/04/25 19:56:03.0722 3524 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/04/25 19:56:03.0805 3524 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/04/25 19:56:03.0881 3524 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/04/25 19:56:03.0926 3524 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/04/25 19:56:03.0950 3524 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/04/25 19:56:04.0001 3524 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/04/25 19:56:04.0058 3524 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
    2011/04/25 19:56:04.0143 3524 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    2011/04/25 19:56:04.0207 3524 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/04/25 19:56:04.0238 3524 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/04/25 19:56:04.0268 3524 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/04/25 19:56:04.0334 3524 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/04/25 19:56:04.0377 3524 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/04/25 19:56:04.0408 3524 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/04/25 19:56:04.0425 3524 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/04/25 19:56:04.0457 3524 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/04/25 19:56:04.0494 3524 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/04/25 19:56:04.0532 3524 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/04/25 19:56:04.0556 3524 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/04/25 19:56:04.0604 3524 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/04/25 19:56:04.0628 3524 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2011/04/25 19:56:04.0662 3524 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/04/25 19:56:04.0730 3524 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/04/25 19:56:04.0794 3524 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/04/25 19:56:04.0865 3524 Vsdatant (6be75cfce25e42e79c0757c60d88fecb) C:\Windows\system32\DRIVERS\vsdatant.sys
    2011/04/25 19:56:04.0921 3524 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/04/25 19:56:04.0951 3524 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/04/25 19:56:04.0992 3524 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/25 19:56:05.0001 3524 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/25 19:56:05.0026 3524 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/04/25 19:56:05.0062 3524 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/04/25 19:56:05.0137 3524 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    2011/04/25 19:56:05.0202 3524 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/04/25 19:56:05.0236 3524 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/04/25 19:56:05.0306 3524 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/04/25 19:56:05.0378 3524 xcbdaNtsc (da57c74aaeabd6f97f404151069be42e) C:\Windows\system32\DRIVERS\xcbda.sys
    2011/04/25 19:56:05.0439 3524 ================================================================================
    2011/04/25 19:56:05.0439 3524 Scan finished
    2011/04/25 19:56:05.0439 3524 ================================================================================
    tcbrb46, Apr 25, 2011
    #11

  12. Bobbye Helper on the Fringe

    Many of us have the desktop as the default 'Save' location. This is very handy because 1. If it's a setup for a program, we can easily find it, then delete the setup or 2. We may be sure where we want what we download to go.

    How To Set Default Download Location In Internet Explorer
    • Open Internet Explorer
    • Hold Ctrl+J
    • Hover to Options and click it
      [IMG]
    • Default Download Location> Click on Browse
    • Set the Deskstop as default when the browse reaches it.

    Now your downloads will go to the Desktop when there is no choice.
    Some setups do give a choice for the Save In location. For those that do, you will be able to browser to the location you want it to go.
    ==================================-
    For the run-time error 75:
    • Right-click on the program that is generating the Runtime 75 error. A context menu appears.
    • Select "Run as Administrator" from the context menu. The program should now run without any errors.

    Then run VEW. Remember what I said about running it in Normal Mode.
    Bobbye, Apr 25, 2011
    #12

  13. tcbrb46 Newcomer, in training

    Hit By Malware Part 2?-Bobbye

    I ran TDSSkiller. It required a reboot which I did. When it rebooted and got to the welcome notice it sat for a long long time as if it froze. I made a decision to restart by turning off the computer. When I turned it back on all that came on from the boot was a black screen that said disk error and to use control-alt-delete. I restarted several times to see the same message. Looks like I or something screwed up. It left me no choice but to reformat to original factory settings. My computer works fine now and all your recommended programs for security has been installed. Unfortunately, I lost my stuff. It's not the first time and I will survive.

    Thanks again for your help and time. I'm sure I will be asking for help again sometime down the road. You can close this post.
    tcbrb46, Apr 27, 2011
    #13

  14. Bobbye Helper on the Fringe

    Sorry it came to that point: But I am hell-bent in helping users learn how to troubleshoot!!!

    Two things happened: 1. when you turned the computer off, then back on, you caused an improper shutdown. 2. This caused the disc error that could most likely have been fixed.

    What you should have done: Both can be done in Safe Mode:
    • Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    • Error Check: Using Windows Explorer (Windows key + E)> My Computer> Right click on Local Drive(C)> Properties> Tools tab>
      [o] Error Checking> Click on Check Now
      [o] Check Options screen> Check box to Automatically fix file system errors> Check Scan for and attempt recovery of bad sectors
      [o] Check OK> Apply> Close message that comes up> Click on OK
      [o] Reboot the computer
      Error checking will begin in a few seconds. Let it finish. The system will reboot when through
    • System Restore: If the Error Check does not get you back into the system correctly, do a System Restore to the date closest to right before the system went down.
      [o] All Programs> Accessories> System Tools> System Restore
      [o] Check Restore my system to an earlier time
      [o] Choose date in bold Black closest as mentioned
      [o] Okay out and let system restore.
    ===================================================
    It may not be the first time, but you can make it the last time: backup, backup, backup before something goes wrong!
    Bobbye, Apr 27, 2011
    #14
Thread Status:
Not open for further replies.