Resolved Hit By Malware Part 2?

[tcbrb46]

Computer started to Freeze again when security programs run. Last couple of days Windows Defender runs 2:00 am computer froze when I get up in the morning. Ran Malwarebytes froze in System32, Ran Super Antivirus froze. This time I was able to run both programs in Safe Mode. Files are provided. The last couple of days I added ZoneAlarm and changed third party cookies(blocked in tools) was going to see if things worked ok then I was going to download Spybot and Spyware Blaster. However, I don't like to download everything at the same time in case there are problems with one. So before I do I wanted to check with you. Everything seemed ok after our last session. Malwarebytes and SuperAntivirus ran completely. Now the freeze up started again. I could not see anything new like I did last time with Best Malware Protection. I have read that sometimes Windows Defender can cause problems? Please advise



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6419

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

4/22/2011 3:35:17 PM
mbam-log-2011-04-22 (15-35-17).txt

Scan type: Quick scan
Objects scanned: 185331
Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/22/2011 at 03:55 PM

Application Version : 4.51.1000

Core Rules Database Version : 6897
Trace Rules Database Version: 4709

Scan type : Quick Scan
Total Scan Time : 00:15:32

Memory items scanned : 273
Memory threats detected : 0
Registry items scanned : 2671
Registry threats detected : 0
File items scanned : 14056
File threats detected : 46

Adware.Tracking Cookie
media.socialvibe.com [ C:\Users\bandit\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5M9MGPAK ]
msnbcmedia.msn.com [ C:\Users\bandit\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5M9MGPAK ]
secure-us.imrworldwide.com [ C:\Users\bandit\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5M9MGPAK ]
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@imrworldwide[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@tacoda.at.atwola[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@pointroll[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@revsci[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@advertising[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@ads.pointroll[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@doubleclick[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@clickbooth[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@ad.yieldmanager[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@ad.yieldmanager[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@lucidmedia[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@zedo[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@www.stopzilla[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@interclick[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@specificmedia[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@atdmt[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@segment-pixel.invitemedia[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@invitemedia[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@media6degrees[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@jmp.clickbooth[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@collective-media[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@eyewonder[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@apmebf[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@adbrite[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@ar.atwola[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@mediaplex[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@bs.serving-sys[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@stopzilla[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@media.fans.kings.nhl[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@legolas-media[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@2o7[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@c5.zedo[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@nhl.112.2o7[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@tribalfusion[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@serving-sys[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@g-pixel.invitemedia[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@at.atwola[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@trafficmp[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@questionmarket[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@specificclick[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@tacoda[2].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@mediabrandsww[1].txt
C:\Users\Sawyer\AppData\Roaming\Microsoft\Windows\Cookies\sawyer@ad.wsod[2].txt

 

[Bobbye]

Okay- give me a chance to review these logs and the previous thread. EDIT: After you reset the Cookies, go on to my next reply.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

About this:

changed third party cookies(blocked in tools)

Please go back and make sure 3rd party Cookies are not allowed. These are for all the ads, banners and other trash on the site. You only need to accept 1st party Cookie which is for the site itself.

Never compromise your security!

 

[Bobbye]

If you followed everything I asked you to do in the previous thread, you don't need to run GMER or DDS again. I had your system clean a few days ago and I'm thinking there may be a system problem causing these freezes.

So let's do this instead: Remember, if the Recovery Console is already on the system, you won't get the query about it.
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.**
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
===============================
I'd like you to try and force the freeze> try to run a security program. If the system freezes, note the time on the computer clock so you can tell me. Errors are time coded. You can reboot if you need to to recover from the freeze, then immediately run this:

Please download VEW and save it to your Desktop:

Setting up the program

Double-click VEW.exe to run.

• 
  Select log to query, select
• Application
• System
  
  Under Select type to list, select:
• Critical (Vista only)
• Error
  
  Click the radio button for Number of events
• Type 10 in the 1 to 20 box
• Then click the Run button.
• Notepad will open with the output log.
  
  Load the log
• In Notepad, click Edit> Select all
• Then press Edit > Copy
• Press Ctrl+V on your keyboard to paste the log to your next reply.

(Courtesy rev-Olie)
Do what you can in Normal Mode. some processes don't start in Safe Mode and I don't want to waste errors telling me that!

 

[tcbrb46]

Hit By Malware Part 2?-Bobbye

3rd party cookies was still blocked. After combofix I ran malwarebytes. It stopped at 2min.15sec. at windows\system32\mspbde40.dll

Downloaded VEW. Followed instructions placed a zero where it said 1-20. Kept telling me to choose 1-20. Program did not continue. Notepad did not open.

I just noticed that defender was running. When I shut it off a couple of days ago I thought I had to turn it on again manualy. Should I do this over?

ComboFix 11-04-22.03 - bandit 04/23/2011 12:19:12.7.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1518 [GMT -4:00]
Running from: c:\users\bandit\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-23 to 2011-04-23 )))))))))))))))))))))))))))))))
.
.
2011-04-23 16:28 . 2011-04-23 16:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-04-23 16:28 . 2011-04-23 16:28 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-04-23 16:28 . 2011-04-23 16:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-23 12:15 . 2011-04-23 12:15 -------- d-----w- c:\users\bandit\AppData\Local\{41C471CC-ED5B-40B5-AC31-82F1A7080593}
2011-04-23 02:36 . 2011-04-23 16:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-23 02:36 . 2011-04-23 02:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-23 02:24 . 2011-04-23 11:05 -------- d-----w- c:\program files\SpywareBlaster
2011-04-23 00:15 . 2011-04-23 00:15 -------- d-----w- c:\users\bandit\AppData\Local\{80981440-5EEF-46BC-88C3-D11E92F9E023}
2011-04-22 12:14 . 2011-04-22 12:14 -------- d-----w- c:\users\bandit\AppData\Local\{9A724B63-79B1-4EC4-8402-0AAB1E896BF8}
2011-04-22 05:44 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A58EA1C-55E4-4C2D-A443-71C63B6A3E0F}\mpengine.dll
2011-04-21 22:42 . 2011-04-21 22:42 -------- d-----w- c:\users\bandit\AppData\Local\{BB7CDDE0-723C-43DD-87F3-D49F4011D652}
2011-04-21 20:47 . 2011-04-21 20:47 -------- d-----w- c:\users\bandit\AppData\Roaming\CheckPoint
2011-04-21 20:46 . 2010-05-15 20:30 457304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-04-21 20:46 . 2011-04-21 20:46 -------- d-----w- c:\program files\Zone Labs
2011-04-21 20:46 . 2011-04-23 16:32 -------- d-----w- c:\windows\Internet Logs
2011-04-21 20:36 . 2011-04-21 20:36 -------- d-----w- c:\programdata\ZA_PreservedFiles
2011-04-21 20:19 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-04-21 20:17 . 2011-04-21 20:17 -------- d-----w- c:\programdata\CheckPoint
2011-04-21 10:41 . 2011-04-21 10:41 -------- d-----w- c:\users\bandit\AppData\Local\{D647708A-A7F5-4B26-A6E3-54141B34C1A4}
2011-04-20 18:34 . 2011-04-20 18:34 -------- d-----w- c:\users\bandit\AppData\Local\{BBA32549-20A2-489C-8D41-9B5FED52A670}
2011-04-17 17:37 . 2011-04-17 17:37 -------- d-----w- c:\users\bandit\AppData\Local\{54B3C084-B759-4984-8FAB-E3EE35F2CB6A}
2011-04-17 11:25 . 2011-04-17 11:25 -------- d-----w- c:\users\bandit\AppData\Local\{9871DB89-ADE3-4CDA-84DB-222C0CAA56A3}
2011-04-16 22:59 . 2011-04-16 22:59 -------- d-----w- c:\users\bandit\AppData\Local\{A0BCB5FF-7895-4FD2-BFCE-663965D284EC}
2011-04-16 22:24 . 2011-04-23 16:35 -------- d-----w- c:\users\bandit\AppData\Local\temp
2011-04-16 10:56 . 2011-04-16 10:56 -------- d-----w- c:\users\bandit\AppData\Local\{846CA33D-1861-4879-B68F-BD2C59B2A27F}
2011-04-15 21:58 . 2002-11-12 16:22 569397 ----a-w- c:\program files\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll
2011-04-14 12:13 . 2011-04-14 12:13 -------- d-----w- c:\users\bandit\AppData\Local\{EEB5146B-6B3D-45A7-9265-ECCDBFA5C3D2}
2011-04-13 20:49 . 2011-04-13 20:49 388096 ----a-r- c:\users\bandit\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-13 15:23 . 2011-04-13 15:23 -------- d-----w- c:\users\bandit\AppData\Local\{C493ACB2-BEEB-409A-B379-49848A6B4693}
2011-04-12 12:05 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-12 12:05 . 2011-04-16 11:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 12:05 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-12 11:55 . 2011-04-12 11:55 -------- d-----w- c:\users\bandit\AppData\Local\{4AABA6FA-DAE2-4073-8EBB-314FC229AD92}
2011-04-10 03:47 . 2011-04-10 18:58 -------- d-sh--w- c:\programdata\BMOMLEGTCEP
2011-04-10 03:47 . 2011-04-17 17:32 -------- d-sh--w- c:\programdata\92f7a8
2011-04-09 03:27 . 2011-04-10 15:28 -------- d-----w- c:\users\bandit\AppData\Local\{A15DAA33-3E1F-4155-BF26-8C3550777BA8}
2011-04-07 00:47 . 2011-04-07 00:47 -------- d-----w- c:\users\bandit\AppData\Local\{C1E2E3B1-825A-4990-AB5C-EF0E2C4E25F3}
2011-04-04 19:18 . 2011-04-05 19:19 -------- d-----w- c:\users\bandit\AppData\Local\{D20D988D-B267-4AFA-829D-B50701341537}
2011-04-04 19:11 . 2011-04-17 17:32 -------- d-----w- c:\users\Sawyer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 10:35 . 2010-09-28 15:32 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-10 20:39 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-22 14:13 . 2011-03-23 01:03 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 01:03 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 01:03 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 11:51 . 2010-04-23 10:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 22:11 . 2009-10-03 06:19 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-12-01 16:27 2735200 ----a-w- c:\program files\ZoneAlarm_Security\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-21 23552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
.
c:\users\Sawyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\bandit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 715568]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-01-19 04:55 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-10-30 12872]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-10-30 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-10-30 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 488952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-04-17 120472]
S3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\DRIVERS\xcbda.sys [2007-09-07 156928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-12 c:\windows\Tasks\HPCeeScheduleForbandit.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-11-14 00:55]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(688)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(1512)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-04-23 12:39:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-23 16:39
.
Pre-Run: 411,436,109,824 bytes free
Post-Run: 411,350,544,384 bytes free
.
- - End Of File - - 5472AB121A8EDC99AECFACF554CB3B82

 

[tcbrb46]

Hit By Malware Part 2?-Bobbye

I found the recent combofix quarantine files on the last run in a separate file. Wasn't sure if this is important with the last post. So I thought I should send it for you to look at.

2011-04-23 16:35:24 . 2011-04-23 16:35:24 54,024 ----a-w- C:\Qoobox\Quarantine\C\Windows\Temp\logishrd\_LVPrcInj01_.dll.zip
2011-04-23 16:16:19 . 2011-04-23 16:35:31 248 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-04-23 11:24:01 . 2009-04-30 20:01:00 109,080 ----a-w- C:\Qoobox\Quarantine\C\Windows\Temp\logishrd\LVPrcInj01.dll.vir
2011-04-16 22:12:29 . 2011-04-23 16:25:20 6,538 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

 

[Bobbye]

Oh gosh! I'm sorry- I meant to change the # of Errors to 10 instead of the 20 that was already in. Old dopey me deleted the 2 and didn't put the 1 in. Please try it again. I made the correction in the previous reply. Will also follow in a bit checking Combofix.

Please download VEW and save it to your Desktop:

Setting up the program

Double-click VEW.exe to run.

• 
  Select log to query, select
• Application
• System
  
  Under Select type to list, select:
• Critical (Vista only)
• Error
  
  Click the radio button for Number of events
• Type 10 in the 1 to 20 box
• Then click the Run button.
• Notepad will open with the output log.
  
  Load the log
• In Notepad, click Edit> Select all
• Then press Edit > Copy
• Press Ctrl+V on your keyboard to paste the log to your next reply.

(Courtesy rev-Olie)
================================
Regarding this:

I found the recent combofix quarantine files on the last run in a separate file. Wasn't sure if this is important with the last post. So I thought I should send it for you to look at.

The Qoobox is where Combofix sends the quarantined entries. They are no longer active in the system. It is usually removed when Combofix is uninstalled.

 

[tcbrb46]

Hit By Malware Part 2?-Bobbye

Downloaded VEW had to find it in downloads and placed short cut on desktop. did not have a choice to save to the desktop. Tried to run and kept getting error message. run-time error "75": path file access error. I used 10 instead of 0. do I need to close everything including anti virus?

 

[Bobbye]

Please run the following- wait on trying VEW again:

• Download the file TDSSKiller.zip and save to the desktop.
  (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
• Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
• Double click on TDSSKiller.exe. to run the scan
• When the scan is over, the utility outputs a list of detected objects with description.
  The utility automatically selects an action (Cure or Delete) for malicious objects.
  The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
• Select the action Quarantine to quarantine detected objects.
  The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
• After clicking Next, the utility applies selected actions and outputs the result.
• A reboot is required after disinfection.

The only problem you have is that when you try to do a security scan, the system freezes> is this correct?
Do you have to reboot to get the system back?

 

[tcbrb46]

Hit By Malware Part 2?-Bobbye

I will download the program. Yes I have to reboot anytime I use Malwarebytes, Superantivirus, spybot etc. they all freeze the computer at some point when they run.

 

[Bobbye]

If it's a rootkit, hopefully this will help. Leave the logs when ready.

 

[tcbrb46]

Hit By Malware Part 2?-Bobbye

Nothing found



2011/04/25 19:54:41.0393 4588 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/25 19:54:43.0393 4588 ================================================================================
2011/04/25 19:54:43.0393 4588 SystemInfo:
2011/04/25 19:54:43.0394 4588
2011/04/25 19:54:43.0394 4588 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/25 19:54:43.0394 4588 Product type: Workstation
2011/04/25 19:54:43.0394 4588 ComputerName: HOME
2011/04/25 19:54:43.0394 4588 UserName: bandit
2011/04/25 19:54:43.0394 4588 Windows directory: C:\Windows
2011/04/25 19:54:43.0394 4588 System windows directory: C:\Windows
2011/04/25 19:54:43.0394 4588 Processor architecture: Intel x86
2011/04/25 19:54:43.0394 4588 Number of processors: 4
2011/04/25 19:54:43.0394 4588 Page size: 0x1000
2011/04/25 19:54:43.0394 4588 Boot type: Normal boot
2011/04/25 19:54:43.0394 4588 ================================================================================
2011/04/25 19:54:43.0700 4588 Initialize success
2011/04/25 19:55:50.0477 3524 ================================================================================
2011/04/25 19:55:50.0477 3524 Scan started
2011/04/25 19:55:50.0477 3524 Mode: Manual;
2011/04/25 19:55:50.0477 3524 ================================================================================
2011/04/25 19:55:51.0145 3524 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/25 19:55:51.0218 3524 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/25 19:55:51.0300 3524 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/25 19:55:51.0333 3524 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/25 19:55:51.0377 3524 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/25 19:55:51.0485 3524 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/25 19:55:51.0531 3524 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/25 19:55:51.0577 3524 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/25 19:55:51.0615 3524 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/25 19:55:51.0647 3524 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/25 19:55:51.0694 3524 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/25 19:55:51.0716 3524 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/25 19:55:51.0741 3524 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/25 19:55:51.0925 3524 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/25 19:55:51.0972 3524 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/25 19:55:52.0037 3524 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/25 19:55:52.0053 3524 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
2011/04/25 19:55:52.0140 3524 athr (7b58b2fd287948466fc2887561d6f674) C:\Windows\system32\DRIVERS\athr.sys
2011/04/25 19:55:52.0217 3524 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/25 19:55:52.0236 3524 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/25 19:55:52.0300 3524 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/25 19:55:52.0465 3524 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/25 19:55:52.0508 3524 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/25 19:55:52.0528 3524 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/25 19:55:52.0576 3524 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/25 19:55:52.0597 3524 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/25 19:55:52.0642 3524 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/25 19:55:52.0672 3524 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/25 19:55:52.0742 3524 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/25 19:55:52.0780 3524 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/25 19:55:52.0836 3524 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/25 19:55:52.0876 3524 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/04/25 19:55:52.0909 3524 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/25 19:55:52.0951 3524 btwaudio (f064be7316889ec0a63f8a91856047a1) C:\Windows\system32\drivers\btwaudio.sys
2011/04/25 19:55:52.0985 3524 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
2011/04/25 19:55:53.0029 3524 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/04/25 19:55:53.0225 3524 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/25 19:55:53.0297 3524 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/25 19:55:53.0361 3524 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/25 19:55:53.0417 3524 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/25 19:55:53.0484 3524 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/25 19:55:53.0506 3524 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/04/25 19:55:53.0551 3524 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/25 19:55:53.0576 3524 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/25 19:55:53.0692 3524 CT20XUT.DLL (fb466dc89962c8fe92031928ca267e02) C:\Windows\system32\CT20XUT.DLL
2011/04/25 19:55:53.0760 3524 ctac32k (3bfcca0d8117d62edda80f17f9d07332) C:\Windows\system32\drivers\ctac32k.sys
2011/04/25 19:55:53.0856 3524 ctaud2k (40e20da0134b0950c1fc3e4f80a888a4) C:\Windows\system32\drivers\ctaud2k.sys
2011/04/25 19:55:53.0919 3524 CTEXFIFX.DLL (c8753d58e08d694c6e5462054c137667) C:\Windows\system32\CTEXFIFX.DLL
2011/04/25 19:55:53.0994 3524 CTHWIUT.DLL (984acbaaf5c3a82ebe378f13cc84a3b9) C:\Windows\system32\CTHWIUT.DLL
2011/04/25 19:55:54.0014 3524 ctprxy2k (74f15d0a00a682a1182bdbb262bb342b) C:\Windows\system32\drivers\ctprxy2k.sys
2011/04/25 19:55:54.0036 3524 ctsfm2k (35a21513552a91d868f425b34e72d4e0) C:\Windows\system32\drivers\ctsfm2k.sys
2011/04/25 19:55:54.0118 3524 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/25 19:55:54.0205 3524 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/25 19:55:54.0281 3524 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/25 19:55:54.0364 3524 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/25 19:55:54.0455 3524 e1express (88b16142b40cc080a2d86ae769a30396) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/04/25 19:55:54.0503 3524 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/25 19:55:54.0597 3524 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/25 19:55:54.0648 3524 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/25 19:55:54.0727 3524 emupia (c0807ee755e2754e30d297c363736fd3) C:\Windows\system32\drivers\emupia2k.sys
2011/04/25 19:55:54.0816 3524 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/25 19:55:54.0887 3524 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/25 19:55:54.0959 3524 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/25 19:55:55.0006 3524 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/25 19:55:55.0038 3524 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/25 19:55:55.0058 3524 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/25 19:55:55.0090 3524 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/25 19:55:55.0172 3524 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/04/25 19:55:55.0210 3524 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/25 19:55:55.0253 3524 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/25 19:55:55.0316 3524 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/25 19:55:55.0385 3524 ha20x2k (8478c5e1e7fa5763cdc5ee57c28adee1) C:\Windows\system32\drivers\ha20x2k.sys
2011/04/25 19:55:55.0510 3524 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/04/25 19:55:55.0623 3524 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/25 19:55:55.0660 3524 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/25 19:55:55.0684 3524 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/25 19:55:55.0753 3524 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/25 19:55:55.0801 3524 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/25 19:55:55.0873 3524 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/25 19:55:55.0906 3524 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/25 19:55:55.0950 3524 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/25 19:55:56.0005 3524 iaStor (25c3d5f66a74a7bddeca56085f040d2e) C:\Windows\system32\drivers\iastor.sys
2011/04/25 19:55:56.0039 3524 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/25 19:55:56.0092 3524 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/25 19:55:56.0226 3524 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/25 19:55:56.0354 3524 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/04/25 19:55:56.0405 3524 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/25 19:55:56.0473 3524 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/25 19:55:56.0528 3524 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/25 19:55:56.0586 3524 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/25 19:55:56.0634 3524 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/25 19:55:56.0662 3524 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/25 19:55:56.0741 3524 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/25 19:55:56.0851 3524 ISWKL (eb8594268cf50baaecbe82d70c833533) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/04/25 19:55:56.0915 3524 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/25 19:55:56.0987 3524 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/25 19:55:57.0081 3524 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/25 19:55:57.0466 3524 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/25 19:55:57.0507 3524 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/25 19:55:57.0596 3524 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/25 19:55:57.0677 3524 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/25 19:55:57.0717 3524 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/25 19:55:57.0738 3524 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/25 19:55:57.0796 3524 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/25 19:55:57.0842 3524 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/04/25 19:55:57.0903 3524 LVRS (87ecce893d8aec5a9337b917742d339c) C:\Windows\system32\DRIVERS\lvrs.sys
2011/04/25 19:55:57.0939 3524 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\drivers\LVUSBSta.sys
2011/04/25 19:55:57.0984 3524 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/25 19:55:58.0013 3524 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/25 19:55:58.0040 3524 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/25 19:55:58.0089 3524 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\Windows\system32\DRIVERS\motccgp.sys
2011/04/25 19:55:58.0122 3524 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\Windows\system32\DRIVERS\motccgpfl.sys
2011/04/25 19:55:58.0178 3524 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
2011/04/25 19:55:58.0221 3524 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motport.sys
2011/04/25 19:55:58.0255 3524 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/25 19:55:58.0283 3524 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/25 19:55:58.0328 3524 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/25 19:55:58.0357 3524 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/25 19:55:58.0382 3524 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/25 19:55:58.0409 3524 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/25 19:55:58.0471 3524 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/25 19:55:58.0540 3524 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/25 19:55:58.0607 3524 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/25 19:55:58.0651 3524 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/25 19:55:58.0686 3524 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/04/25 19:55:58.0746 3524 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/25 19:55:58.0791 3524 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/25 19:55:58.0823 3524 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/25 19:55:58.0864 3524 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/25 19:55:58.0887 3524 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/25 19:55:58.0904 3524 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/25 19:55:58.0966 3524 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/25 19:55:58.0992 3524 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/25 19:55:59.0014 3524 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/25 19:55:59.0052 3524 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/25 19:55:59.0145 3524 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/25 19:55:59.0229 3524 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/25 19:55:59.0283 3524 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/25 19:55:59.0326 3524 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/25 19:55:59.0390 3524 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/25 19:55:59.0437 3524 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/25 19:55:59.0487 3524 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/25 19:55:59.0557 3524 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/25 19:55:59.0608 3524 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/25 19:55:59.0676 3524 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/25 19:55:59.0699 3524 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/25 19:55:59.0790 3524 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/25 19:55:59.0851 3524 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/25 19:55:59.0867 3524 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/25 19:56:00.0092 3524 nvlddmkm (351265910a8ef5fc6cc4535a00054049) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/25 19:56:00.0255 3524 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/25 19:56:00.0275 3524 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/25 19:56:00.0304 3524 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/25 19:56:00.0422 3524 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/25 19:56:00.0454 3524 ossrv (323374a49d885ec956c1bded640e20eb) C:\Windows\system32\drivers\ctoss2k.sys
2011/04/25 19:56:00.0490 3524 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/25 19:56:00.0552 3524 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/25 19:56:00.0568 3524 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/25 19:56:00.0646 3524 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/25 19:56:00.0660 3524 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/04/25 19:56:00.0697 3524 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/25 19:56:00.0773 3524 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/25 19:56:00.0834 3524 pepifilter (b20f958b207e6aaac5f70d04dd2c30d8) C:\Windows\system32\DRIVERS\lv302af.sys
2011/04/25 19:56:00.0947 3524 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/04/25 19:56:01.0102 3524 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/25 19:56:01.0131 3524 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/25 19:56:01.0203 3524 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/25 19:56:01.0272 3524 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/04/25 19:56:01.0307 3524 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/25 19:56:01.0374 3524 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/25 19:56:01.0409 3524 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/25 19:56:01.0466 3524 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/25 19:56:01.0505 3524 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/25 19:56:01.0539 3524 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/25 19:56:01.0604 3524 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/25 19:56:01.0644 3524 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/25 19:56:01.0685 3524 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/25 19:56:01.0701 3524 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/25 19:56:01.0734 3524 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/25 19:56:01.0751 3524 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/25 19:56:01.0807 3524 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/25 19:56:01.0925 3524 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/25 19:56:01.0977 3524 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/25 19:56:02.0039 3524 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/25 19:56:02.0067 3524 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/04/25 19:56:02.0105 3524 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/04/25 19:56:02.0133 3524 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/25 19:56:02.0210 3524 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/25 19:56:02.0250 3524 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/25 19:56:02.0283 3524 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/25 19:56:02.0337 3524 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/25 19:56:02.0372 3524 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/04/25 19:56:02.0396 3524 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/25 19:56:02.0418 3524 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/25 19:56:02.0437 3524 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/25 19:56:02.0470 3524 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/25 19:56:02.0510 3524 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/25 19:56:02.0531 3524 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/25 19:56:02.0616 3524 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/25 19:56:02.0660 3524 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/25 19:56:02.0725 3524 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/25 19:56:02.0788 3524 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/25 19:56:02.0844 3524 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/25 19:56:02.0881 3524 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/25 19:56:02.0935 3524 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/25 19:56:02.0955 3524 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/25 19:56:02.0973 3524 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/25 19:56:02.0987 3524 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/25 19:56:03.0081 3524 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/04/25 19:56:03.0151 3524 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/25 19:56:03.0218 3524 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/25 19:56:03.0261 3524 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/25 19:56:03.0285 3524 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/25 19:56:03.0352 3524 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/25 19:56:03.0411 3524 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/25 19:56:03.0473 3524 TotRec7 (7e55cbc1f285258c0475a8337f5ba324) C:\Windows\system32\drivers\TotRec7.sys
2011/04/25 19:56:03.0506 3524 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/25 19:56:03.0550 3524 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/25 19:56:03.0613 3524 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/25 19:56:03.0652 3524 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/25 19:56:03.0722 3524 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/25 19:56:03.0805 3524 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/25 19:56:03.0881 3524 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/25 19:56:03.0926 3524 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/25 19:56:03.0950 3524 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/25 19:56:04.0001 3524 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/25 19:56:04.0058 3524 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/25 19:56:04.0143 3524 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/25 19:56:04.0207 3524 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/25 19:56:04.0238 3524 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/25 19:56:04.0268 3524 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/25 19:56:04.0334 3524 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/25 19:56:04.0377 3524 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/25 19:56:04.0408 3524 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/25 19:56:04.0425 3524 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/25 19:56:04.0457 3524 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/25 19:56:04.0494 3524 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/25 19:56:04.0532 3524 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/25 19:56:04.0556 3524 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/25 19:56:04.0604 3524 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/25 19:56:04.0628 3524 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/25 19:56:04.0662 3524 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/25 19:56:04.0730 3524 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/25 19:56:04.0794 3524 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/25 19:56:04.0865 3524 Vsdatant (6be75cfce25e42e79c0757c60d88fecb) C:\Windows\system32\DRIVERS\vsdatant.sys
2011/04/25 19:56:04.0921 3524 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/25 19:56:04.0951 3524 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/25 19:56:04.0992 3524 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/25 19:56:05.0001 3524 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/25 19:56:05.0026 3524 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/25 19:56:05.0062 3524 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/25 19:56:05.0137 3524 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/25 19:56:05.0202 3524 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/25 19:56:05.0236 3524 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/25 19:56:05.0306 3524 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/25 19:56:05.0378 3524 xcbdaNtsc (da57c74aaeabd6f97f404151069be42e) C:\Windows\system32\DRIVERS\xcbda.sys
2011/04/25 19:56:05.0439 3524 ================================================================================
2011/04/25 19:56:05.0439 3524 Scan finished
2011/04/25 19:56:05.0439 3524 ================================================================================

 

[Bobbye]

did not have a choice to save to the desktop

Many of us have the desktop as the default 'Save' location. This is very handy because 1. If it's a setup for a program, we can easily find it, then delete the setup or 2. We may be sure where we want what we download to go.

How To Set Default Download Location In Internet Explorer

• Open Internet Explorer
• Hold Ctrl+J
• Hover to Options and click it
  
  
• Default Download Location> Click on Browse
• Set the Deskstop as default when the browse reaches it.

Now your downloads will go to the Desktop when there is no choice.
Some setups do give a choice for the Save In location. For those that do, you will be able to browser to the location you want it to go.
==================================-
For the run-time error 75:

• Right-click on the program that is generating the Runtime 75 error. A context menu appears.
• Select "Run as Administrator" from the context menu. The program should now run without any errors.

Then run VEW. Remember what I said about running it in Normal Mode.

 

[tcbrb46]

Hit By Malware Part 2?-Bobbye

I ran TDSSkiller. It required a reboot which I did. When it rebooted and got to the welcome notice it sat for a long long time as if it froze. I made a decision to restart by turning off the computer. When I turned it back on all that came on from the boot was a black screen that said disk error and to use control-alt-delete. I restarted several times to see the same message. Looks like I or something screwed up. It left me no choice but to reformat to original factory settings. My computer works fine now and all your recommended programs for security has been installed. Unfortunately, I lost my stuff. It's not the first time and I will survive.

Thanks again for your help and time. I'm sure I will be asking for help again sometime down the road. You can close this post.

 

[Bobbye]

Sorry it came to that point: But I am hell-bent in helping users learn how to troubleshoot!!!

I ran TDSSkiller. It required a reboot which I did. When it rebooted and got to the welcome notice it sat for a long long time as if it froze. I made a decision to restart by turning off the computer. When I turned it back on all that came on from the boot was a black screen that said disk error and to use control-alt-delete.

Two things happened: 1. when you turned the computer off, then back on, you caused an improper shutdown. 2. This caused the disc error that could most likely have been fixed.

What you should have done: Both can be done in Safe Mode:

• Boot into Safe Mode
• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

• Error Check: Using Windows Explorer (Windows key + E)> My Computer> Right click on Local Drive(C)> Properties> Tools tab>
  [o] Error Checking> Click on Check Now
  [o] Check Options screen> Check box to Automatically fix file system errors> Check Scan for and attempt recovery of bad sectors
  [o] Check OK> Apply> Close message that comes up> Click on OK
  [o] Reboot the computer
  Error checking will begin in a few seconds. Let it finish. The system will reboot when through
  
• System Restore: If the Error Check does not get you back into the system correctly, do a System Restore to the date closest to right before the system went down.
  [o] All Programs> Accessories> System Tools> System Restore
  [o] Check Restore my system to an earlier time
  [o] Choose date in bold Black closest as mentioned
  [o] Okay out and let system restore.

===================================================

Unfortunately, I lost my stuff. It's not the first time and I will survive.

It may not be the first time, but you can make it the last time: backup, backup, backup before something goes wrong!