Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Popups, redirects, reduced system performance, and blue screens...

This is a discussion on Popups, redirects, reduced system performance, and blue screens... within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. So, I'm at school and I receive a text from my mother stating that she is receiving porn popups and


Closed Thread
 
Thread Tools Search this Thread
Old 09-16-2011, 09:21 AM   #1
Registered Member
 
Join Date: May 2006
Posts: 30
OS: Win. 10 Pro



So, I'm at school and I receive a text from my mother stating that she is receiving porn popups and that google results are sending her off to random pages. This isn't uncommon because no one in my family understands computers anymore than your average secretary (no offense, but let's be honest. lol)... That being said, I went over and ran a few scans as I normally do which tends to clean it up fairly well. I begin by running HiJackThis and looking through it's logs and then looking at the startup items...

During this processes, I noticed several suspicious files that definitely did not belong. I then made sure to update the definitions on the current AV installed (BitDefender) and ran a scan with it. Afterwards, I continued to run Malwarebytes AntiMalware and SuperAntiSpyware. All 3 of them came back with results of finding several trojans... After running those, cleaning with them, rebooting, ect.. The popups were gone and the system was operating much more smoothly...

However, I got another text 2 days later, after returning to campus, that she was getting redirects again and BitDefender kept popping up several alerts about trojans... For insance, when I used that machine to google GMER; it showed the proper results but when clicking on the first result it then redirected me to:
"hxxp://www.njksearch.net/cc.php?id=27946228"

Also, to summarize what MBAM found, it listed Rogue.Spypro, Trojan.Agent, Trojan.FakeAlert, Trojan.Dropper, Exploit.Drop.2, and Backdoor.Bot.. Two of the files had interesting names posing as svchost.exe (in the windows/system folder, not system32 folder) and microsoftupdt32.exe

Anyway, that's my detailed description. :) Below is the log and attachment.

Thanks in advance. :)

Edit: I should also note that ComboFix results in a BSOD everytime.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_17
Run by Administrator at 17:49:43 on 2011-09-15
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcjcoms.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\BCMSMMSG.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Administrator\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = <local>
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [AdobeBridge]
uRun: [Google Update] "c:\users\Administrator\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [AppleProfilePolicy] rundll32.exe "c:\programdata\AppleProfilePolicy.dll",DllRegisterServer
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/amun/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{284B1697-036C-45B9-A550-C30ABE119C22} : DhcpNameServer = 172.16.7.167 172.16.7.167 8.8.8.8
TCP: Interfaces\{81000FD6-9E97-4521-A193-AC1E8A178C1D} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: jifdorh - c:\windows\system32\config\systemprofile\appdata\local\jifdorh.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
Hosts: 95.64.61.141 Google
Hosts: 95.64.61.142 Bing
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\Administrator\appdata\roaming\mozilla\firefox\profiles\52uwnjgf.default\
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - bf4f386a-3b0c-4580-853d-1d00f106bb1b
.
============= SERVICES / DRIVERS ===============
.
R? Adobe Version Cue CS4;Adobe Version Cue CS4
R? Arrakis3;BitDefender Arrakis Server
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? itlperf;Network Location Awarenes
R? MBAMSwissArmy;MBAMSwissArmy
R? Netaapl;Apple Mobile Device Ethernet Service
R? PCANDIS4;PCANDIS4 Protocol Driver
R? WatAdminSvc;Windows Activation Technologies Service
S? BDFM;BDFM
S? bdfwfpf;bdfwfpf
S? TeamViewer5;TeamViewer 5
S? TeamViewer6;TeamViewer 6
S? teamviewervpn;TeamViewer VPN Adapter
.
=============== Created Last 30 ================
.
2011-09-15 21:05:58 -------- d-s---w- C:\ComboFix
2011-09-15 18:53:59 98816 ----a-w- c:\windows\sed.exe
2011-09-15 18:53:59 518144 ----a-w- c:\windows\SWREG.exe
2011-09-15 18:53:59 256000 ----a-w- c:\windows\PEV.exe
2011-09-15 18:53:59 208896 ----a-w- c:\windows\MBR.exe
2011-09-15 02:11:06 185856 ----a-w- c:\programdata\AppleProfilePolicy.dll
2011-09-06 00:58:06 0 ----a-w- c:\windows\system32\0.21187082121402334.exe
2011-09-06 00:34:31 0 ----a-w- c:\users\Administrator\appdata\local\Agaqeva.bin
2011-09-06 00:34:30 -------- d-----w- c:\users\Administrator\appdata\local\{5BD9A4D4-247A-44B8-AE17-16220288BB96}
2011-09-06 00:33:29 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-09-06 00:33:25 -------- d-----w- c:\programdata\Tarma Installer
.
==================== Find3M ====================
.
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 17:51:48.71 ===============
Attached Files
File Type: zip Attach.zip (6.4 KB, 24 views)
Phaaze is offline  
Sponsored Links
Advertisement
 
Old 09-17-2011, 07:20 AM   #2
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hello,

Quote:
I should also note that ComboFix results in a BSOD everytime.
While you may see ComboFix being used quite often, and possibly you have used the tool yourself without incident, the tool should not be run unsupervised (as stated in the Disclaimer that is first displayed by ComboFix when you run the tool)

Going forward, I highly recommend you heed such instructions. As explained in Post 2 of our pre-posting topic...

Quote:
Why we don't ask you to run ComboFix from the onset

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.
That being said, I'll need a log from another tool. Again, it's important you follow these instructions as given.

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. At this time, select No when prompted to download the Avast database.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-17-2011, 08:14 AM   #3
Registered Member
 
Join Date: May 2006
Posts: 30
OS: Win. 10 Pro



I wasn't seeking assistance when I ran ComboFix, therefore I hadn't seen the instructions to follow...

As far as aswMBR goes, it too resulted in a BSOD.
Phaaze is offline  
Sponsored Links
Advertisement
 
Old 09-17-2011, 08:54 AM   #4
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



The point is, the Disclaimer does tell you it should not be run in an unsupervised environment - there is a reason for that.

Try running aswmbr.exe in Safe Mode.

If it still bsod's we'll run another tool, again - I cannot stress enough that we don't want it to Cure anything (if found) until I have a file name, or a better idea of what it's going after. If the fix goes bad, then I have no idea where to start to try to figure out what went wrong, and how to try to bring a machine back.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-17-2011, 09:28 AM   #5
Registered Member
 
Join Date: May 2006
Posts: 30
OS: Win. 10 Pro



============================
aswMBR.exe Log
============================

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-17 11:21:40
-----------------------------
11:21:40.274 OS Version: Windows 6.1.7600
11:21:40.274 Number of processors: 1 586 0x207
11:21:40.274 ComputerName: WARREN-PC UserName:
11:21:42.883 Initialize success
11:21:49.141 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:21:49.157 Disk 0 Vendor: WDC_WD5000AAJB-00YRA0 12.01C02 Size: 476940MB BusType: 3
11:21:49.157 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
11:21:49.157 Disk 1 Vendor: WDC_WD1200JB-75CRA0 16.06V16 Size: 114440MB BusType: 3
11:21:51.172 Disk 0 MBR read successfully
11:21:51.172 Disk 0 MBR scan
11:21:51.172 Disk 0 Windows XP default MBR code
11:21:51.188 Disk 0 MBR hidden
11:21:51.204 Disk 0 scanning sectors +976771072
11:21:51.219 Disk 0 scanning C:\Windows\system32\drivers
11:21:51.219 Service scanning
11:21:52.344 Service Ias C:\Windows\C:\Windows\system32\Iasex.dll **LOCKED** 123
11:21:53.219 Modules scanning
11:21:55.329 Disk 0 trace - called modules:
11:21:55.875 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85a024d0]<<
11:21:55.891 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85981ac8]
11:21:55.907 3 CLASSPNP.SYS[8829259e] -> nt!IofCallDriver -> [0x86e629d8]
11:21:55.907 \Driver\atapi[0x859a91e8] -> IRP_MJ_CREATE -> 0x85a024d0
11:21:55.922 Scan finished successfully
11:22:32.954 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
11:22:33.047 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"


============================
TDSSKiller.exe Log
============================

2011/09/17 11:26:01.0160 1848 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/17 11:26:01.0582 1848 ================================================================================
2011/09/17 11:26:01.0582 1848 SystemInfo:
2011/09/17 11:26:01.0582 1848
2011/09/17 11:26:01.0582 1848 OS Version: 6.1.7600 ServicePack: 0.0
2011/09/17 11:26:01.0582 1848 Product type: Workstation
2011/09/17 11:26:01.0582 1848 ComputerName: WARREN-PC
2011/09/17 11:26:01.0582 1848 UserName: Administrator
2011/09/17 11:26:01.0582 1848 Windows directory: C:\Windows
2011/09/17 11:26:01.0582 1848 System windows directory: C:\Windows
2011/09/17 11:26:01.0582 1848 Processor architecture: Intel x86
2011/09/17 11:26:01.0582 1848 Number of processors: 1
2011/09/17 11:26:01.0582 1848 Page size: 0x1000
2011/09/17 11:26:01.0582 1848 Boot type: Normal boot
2011/09/17 11:26:01.0582 1848 ================================================================================
2011/09/17 11:26:02.0660 1848 Initialize success
2011/09/17 11:26:07.0613 1216 ================================================================================
2011/09/17 11:26:07.0613 1216 Scan started
2011/09/17 11:26:07.0613 1216 Mode: Manual;
2011/09/17 11:26:07.0613 1216 ================================================================================
2011/09/17 11:26:08.0472 1216 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/09/17 11:26:08.0597 1216 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/09/17 11:26:08.0738 1216 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/09/17 11:26:08.0863 1216 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2011/09/17 11:26:09.0082 1216 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/17 11:26:09.0207 1216 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/17 11:26:09.0316 1216 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/17 11:26:09.0488 1216 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/09/17 11:26:09.0582 1216 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/09/17 11:26:09.0675 1216 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/09/17 11:26:09.0816 1216 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/09/17 11:26:09.0925 1216 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/09/17 11:26:10.0019 1216 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/09/17 11:26:10.0128 1216 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/17 11:26:10.0222 1216 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/17 11:26:10.0332 1216 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/09/17 11:26:10.0441 1216 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/17 11:26:10.0535 1216 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/09/17 11:26:10.0644 1216 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/09/17 11:26:10.0816 1216 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/09/17 11:26:10.0894 1216 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/17 11:26:11.0035 1216 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/17 11:26:11.0144 1216 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/09/17 11:26:11.0300 1216 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/09/17 11:26:11.0425 1216 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/09/17 11:26:11.0753 1216 BCMModem (41347688046d49cde0f6d138a534f73d) C:\Windows\system32\DRIVERS\BCMSM.sys
2011/09/17 11:26:11.0925 1216 BDFM (67c2a47db7190673350a3f9f5a1507cb) C:\Windows\system32\DRIVERS\bdfm.sys
2011/09/17 11:26:12.0035 1216 bdfsfltr (a21a4a0e6bdf0c2be0fabfa16d8c8f76) C:\Windows\system32\DRIVERS\bdfsfltr.sys
2011/09/17 11:26:12.0160 1216 bdfwfpf (3c1083ae136fc08cf5f62cf3cfce70a5) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys
2011/09/17 11:26:12.0316 1216 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/09/17 11:26:12.0488 1216 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/17 11:26:12.0628 1216 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/17 11:26:12.0738 1216 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/17 11:26:12.0816 1216 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/17 11:26:12.0941 1216 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/09/17 11:26:13.0050 1216 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/17 11:26:13.0160 1216 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/17 11:26:13.0269 1216 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/17 11:26:13.0363 1216 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/17 11:26:13.0816 1216 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/17 11:26:13.0972 1216 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/17 11:26:14.0097 1216 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/17 11:26:14.0191 1216 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/09/17 11:26:14.0363 1216 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/17 11:26:14.0457 1216 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/09/17 11:26:14.0535 1216 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/09/17 11:26:14.0628 1216 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/17 11:26:14.0753 1216 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/09/17 11:26:14.0863 1216 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/17 11:26:15.0019 1216 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/09/17 11:26:15.0144 1216 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\Windows\system32\DRIVERS\ctsfm2k.sys
2011/09/17 11:26:15.0300 1216 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/09/17 11:26:15.0425 1216 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/09/17 11:26:15.0535 1216 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/09/17 11:26:15.0722 1216 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/09/17 11:26:15.0878 1216 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/17 11:26:16.0019 1216 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
2011/09/17 11:26:16.0253 1216 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/09/17 11:26:16.0503 1216 EL90Xbc (fd3821285b943648a32adc39dacc4e11) C:\Windows\system32\DRIVERS\el90Xbc5.SYS
2011/09/17 11:26:16.0660 1216 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/17 11:26:16.0816 1216 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/09/17 11:26:17.0050 1216 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/09/17 11:26:17.0128 1216 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/09/17 11:26:17.0300 1216 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/17 11:26:17.0441 1216 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/09/17 11:26:17.0519 1216 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/09/17 11:26:17.0628 1216 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/17 11:26:17.0753 1216 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/09/17 11:26:17.0925 1216 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/09/17 11:26:18.0019 1216 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/17 11:26:18.0128 1216 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/17 11:26:18.0269 1216 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/17 11:26:18.0394 1216 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/17 11:26:18.0519 1216 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/17 11:26:18.0644 1216 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/17 11:26:18.0738 1216 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/17 11:26:18.0832 1216 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/17 11:26:18.0925 1216 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/17 11:26:19.0050 1216 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/17 11:26:19.0191 1216 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/09/17 11:26:19.0269 1216 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/09/17 11:26:19.0394 1216 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/17 11:26:19.0503 1216 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/17 11:26:19.0628 1216 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/09/17 11:26:19.0753 1216 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/17 11:26:19.0910 1216 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/09/17 11:26:20.0050 1216 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/17 11:26:20.0222 1216 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/17 11:26:20.0378 1216 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/09/17 11:26:20.0597 1216 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/09/17 11:26:20.0738 1216 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/09/17 11:26:20.0832 1216 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/09/17 11:26:20.0910 1216 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/17 11:26:21.0097 1216 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/17 11:26:21.0191 1216 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/17 11:26:21.0269 1216 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/17 11:26:21.0378 1216 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/17 11:26:21.0613 1216 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/17 11:26:21.0738 1216 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/17 11:26:21.0832 1216 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/17 11:26:21.0957 1216 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/17 11:26:22.0050 1216 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/17 11:26:22.0160 1216 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/09/17 11:26:22.0285 1216 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/09/17 11:26:22.0378 1216 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/09/17 11:26:22.0503 1216 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/17 11:26:22.0613 1216 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/17 11:26:22.0753 1216 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/09/17 11:26:22.0863 1216 MODEMCSA (25483f9d590d5f00bd951e1181453ec2) C:\Windows\system32\drivers\MODEMCSA.sys
2011/09/17 11:26:22.0972 1216 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/17 11:26:23.0050 1216 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/17 11:26:23.0160 1216 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/17 11:26:23.0269 1216 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/09/17 11:26:23.0363 1216 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/09/17 11:26:23.0457 1216 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/17 11:26:23.0550 1216 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/09/17 11:26:23.0675 1216 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/17 11:26:23.0800 1216 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/17 11:26:23.0910 1216 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/17 11:26:23.0988 1216 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/09/17 11:26:24.0144 1216 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/09/17 11:26:24.0253 1216 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/09/17 11:26:24.0363 1216 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/17 11:26:24.0425 1216 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/09/17 11:26:24.0582 1216 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/17 11:26:24.0675 1216 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/17 11:26:24.0769 1216 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/09/17 11:26:24.0925 1216 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/09/17 11:26:25.0082 1216 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/17 11:26:25.0160 1216 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/09/17 11:26:25.0238 1216 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/17 11:26:25.0347 1216 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/09/17 11:26:25.0457 1216 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/17 11:26:25.0582 1216 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/09/17 11:26:25.0675 1216 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/17 11:26:25.0769 1216 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/17 11:26:25.0925 1216 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/17 11:26:26.0003 1216 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/17 11:26:26.0097 1216 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/09/17 11:26:26.0207 1216 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys
2011/09/17 11:26:26.0300 1216 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/17 11:26:26.0410 1216 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/17 11:26:26.0628 1216 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/17 11:26:26.0769 1216 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/09/17 11:26:26.0847 1216 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/17 11:26:27.0003 1216 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/09/17 11:26:27.0128 1216 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/09/17 11:26:27.0410 1216 nvlddmkm (d37174e8014da46be1a81e7b02237ac0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/17 11:26:27.0644 1216 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/09/17 11:26:27.0753 1216 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/09/17 11:26:27.0847 1216 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/09/17 11:26:27.0972 1216 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/17 11:26:28.0113 1216 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\Windows\system32\DRIVERS\ctoss2k.sys
2011/09/17 11:26:28.0269 1216 P16X (f051107ff80f132882e71e3a5d302ec1) C:\Windows\system32\drivers\P16X.sys
2011/09/17 11:26:28.0457 1216 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/09/17 11:26:28.0550 1216 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/09/17 11:26:28.0644 1216 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/09/17 11:26:28.0832 1216 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/09/17 11:26:28.0925 1216 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/09/17 11:26:29.0066 1216 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/17 11:26:29.0144 1216 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/09/17 11:26:29.0253 1216 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/09/17 11:26:29.0613 1216 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/17 11:26:29.0738 1216 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/09/17 11:26:29.0878 1216 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys
2011/09/17 11:26:30.0082 1216 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/17 11:26:30.0191 1216 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
2011/09/17 11:26:30.0316 1216 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/17 11:26:30.0472 1216 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/17 11:26:30.0582 1216 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/17 11:26:30.0691 1216 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/17 11:26:30.0769 1216 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/17 11:26:30.0878 1216 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/17 11:26:31.0003 1216 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/17 11:26:31.0097 1216 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/17 11:26:31.0191 1216 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/17 11:26:31.0300 1216 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/17 11:26:31.0394 1216 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/17 11:26:31.0550 1216 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/09/17 11:26:31.0628 1216 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/17 11:26:31.0738 1216 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/17 11:26:31.0816 1216 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/09/17 11:26:31.0925 1216 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/09/17 11:26:32.0113 1216 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/17 11:26:32.0207 1216 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/09/17 11:26:32.0347 1216 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/09/17 11:26:32.0457 1216 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/17 11:26:32.0613 1216 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/17 11:26:32.0769 1216 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/17 11:26:32.0878 1216 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/09/17 11:26:32.0957 1216 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/17 11:26:33.0097 1216 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/17 11:26:33.0207 1216 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/09/17 11:26:33.0300 1216 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/17 11:26:33.0394 1216 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/17 11:26:33.0503 1216 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/09/17 11:26:33.0597 1216 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/17 11:26:33.0707 1216 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/17 11:26:33.0816 1216 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/09/17 11:26:33.0972 1216 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/09/17 11:26:34.0160 1216 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
2011/09/17 11:26:34.0285 1216 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/17 11:26:34.0410 1216 srvnet (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/17 11:26:34.0550 1216 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/17 11:26:34.0675 1216 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/09/17 11:26:34.0769 1216 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/09/17 11:26:34.0847 1216 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/17 11:26:35.0175 1216 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/09/17 11:26:35.0378 1216 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/17 11:26:35.0503 1216 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/17 11:26:35.0628 1216 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/09/17 11:26:35.0738 1216 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/09/17 11:26:35.0832 1216 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/17 11:26:35.0988 1216 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys
2011/09/17 11:26:36.0082 1216 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/17 11:26:36.0285 1216 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys
2011/09/17 11:26:36.0441 1216 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/17 11:26:36.0550 1216 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/17 11:26:36.0675 1216 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/17 11:26:36.0769 1216 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/17 11:26:36.0925 1216 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/09/17 11:26:37.0035 1216 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/17 11:26:37.0128 1216 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/17 11:26:37.0300 1216 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/17 11:26:37.0394 1216 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/17 11:26:37.0488 1216 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/09/17 11:26:37.0597 1216 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/17 11:26:37.0707 1216 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/17 11:26:37.0816 1216 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/17 11:26:37.0925 1216 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/17 11:26:38.0035 1216 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/17 11:26:38.0128 1216 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/17 11:26:38.0238 1216 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/17 11:26:38.0378 1216 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/09/17 11:26:38.0472 1216 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/17 11:26:38.0582 1216 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/09/17 11:26:38.0644 1216 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/09/17 11:26:38.0753 1216 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/09/17 11:26:38.0863 1216 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/09/17 11:26:38.0957 1216 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/09/17 11:26:39.0050 1216 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/09/17 11:26:39.0191 1216 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/09/17 11:26:39.0269 1216 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/09/17 11:26:39.0378 1216 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/09/17 11:26:39.0488 1216 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/09/17 11:26:39.0597 1216 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/17 11:26:39.0738 1216 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/09/17 11:26:39.0878 1216 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/17 11:26:40.0003 1216 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/17 11:26:40.0050 1216 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/17 11:26:40.0253 1216 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/09/17 11:26:40.0363 1216 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/17 11:26:40.0582 1216 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/17 11:26:40.0707 1216 wg111nd5 (5dc04e2badf701d7a9d00365b623df2f) C:\Windows\system32\DRIVERS\wg111nd5.sys
2011/09/17 11:26:40.0832 1216 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/09/17 11:26:41.0082 1216 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/17 11:26:41.0160 1216 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/17 11:26:41.0363 1216 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/17 11:26:41.0503 1216 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/09/17 11:26:41.0660 1216 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/17 11:26:41.0894 1216 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/09/17 11:26:41.0925 1216 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/17 11:26:41.0941 1216 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/09/17 11:26:42.0003 1216 Boot (0x1200) (634b76699dbbc956e2fd74af1526ecf8) \Device\Harddisk0\DR0\Partition0
2011/09/17 11:26:42.0050 1216 Boot (0x1200) (3e467e0745268a5dd2a8901d625f6b4b) \Device\Harddisk1\DR1\Partition0
2011/09/17 11:26:42.0082 1216 ================================================================================
2011/09/17 11:26:42.0082 1216 Scan finished
2011/09/17 11:26:42.0082 1216 ================================================================================
2011/09/17 11:26:42.0128 1644 Detected object count: 1
2011/09/17 11:26:42.0128 1644 Actual detected object count: 1
Attached Files
File Type: zip MBR.zip (498 Bytes, 16 views)
Phaaze is offline  
Old 09-17-2011, 09:37 AM   #6
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. :)

We're going to use TDSSkiller to fix this. Run it again, and this time allow it to Cure.

When it has completed, post the TDSSk log, located on the C:\ drive.

Once we verify the success, we'll have a bit more to do.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-17-2011, 09:56 AM   #7
Registered Member
 
Join Date: May 2006
Posts: 30
OS: Win. 10 Pro



I rebooted as it requested... Below is the log...

2011/09/17 11:49:11.0824 1656 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/17 11:49:12.0261 1656 ================================================================================
2011/09/17 11:49:12.0261 1656 SystemInfo:
2011/09/17 11:49:12.0261 1656
2011/09/17 11:49:12.0261 1656 OS Version: 6.1.7600 ServicePack: 0.0
2011/09/17 11:49:12.0261 1656 Product type: Workstation
2011/09/17 11:49:12.0261 1656 ComputerName: WARREN-PC
2011/09/17 11:49:12.0261 1656 UserName: Administrator
2011/09/17 11:49:12.0261 1656 Windows directory: C:\Windows
2011/09/17 11:49:12.0261 1656 System windows directory: C:\Windows
2011/09/17 11:49:12.0261 1656 Processor architecture: Intel x86
2011/09/17 11:49:12.0261 1656 Number of processors: 1
2011/09/17 11:49:12.0261 1656 Page size: 0x1000
2011/09/17 11:49:12.0261 1656 Boot type: Normal boot
2011/09/17 11:49:12.0261 1656 ================================================================================
2011/09/17 11:49:12.0324 1656 Initialize success
2011/09/17 11:49:14.0605 4072 ================================================================================
2011/09/17 11:49:14.0605 4072 Scan started
2011/09/17 11:49:14.0605 4072 Mode: Manual;
2011/09/17 11:49:14.0605 4072 ================================================================================
2011/09/17 11:49:15.0308 4072 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/09/17 11:49:15.0464 4072 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/09/17 11:49:15.0574 4072 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/09/17 11:49:15.0699 4072 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2011/09/17 11:49:15.0839 4072 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/17 11:49:15.0964 4072 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/17 11:49:16.0105 4072 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/17 11:49:16.0261 4072 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/09/17 11:49:16.0433 4072 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/09/17 11:49:16.0527 4072 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/09/17 11:49:16.0667 4072 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/09/17 11:49:16.0746 4072 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/09/17 11:49:16.0839 4072 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/09/17 11:49:16.0933 4072 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/17 11:49:17.0011 4072 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/17 11:49:17.0105 4072 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/09/17 11:49:17.0199 4072 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/17 11:49:17.0292 4072 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/09/17 11:49:17.0386 4072 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/09/17 11:49:17.0574 4072 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/09/17 11:49:17.0652 4072 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/17 11:49:17.0761 4072 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/17 11:49:17.0839 4072 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/09/17 11:49:17.0996 4072 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/09/17 11:49:18.0105 4072 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/09/17 11:49:18.0277 4072 BCMModem (41347688046d49cde0f6d138a534f73d) C:\Windows\system32\DRIVERS\BCMSM.sys
2011/09/17 11:49:18.0480 4072 BDFM (67c2a47db7190673350a3f9f5a1507cb) C:\Windows\system32\DRIVERS\bdfm.sys
2011/09/17 11:49:18.0589 4072 bdfsfltr (a21a4a0e6bdf0c2be0fabfa16d8c8f76) C:\Windows\system32\DRIVERS\bdfsfltr.sys
2011/09/17 11:49:18.0730 4072 bdfwfpf (3c1083ae136fc08cf5f62cf3cfce70a5) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys
2011/09/17 11:49:18.0902 4072 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/09/17 11:49:19.0027 4072 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/17 11:49:19.0167 4072 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/17 11:49:19.0246 4072 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/17 11:49:19.0339 4072 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/17 11:49:19.0417 4072 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/09/17 11:49:19.0511 4072 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/17 11:49:19.0636 4072 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/17 11:49:19.0714 4072 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/17 11:49:19.0792 4072 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/17 11:49:20.0167 4072 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/17 11:49:20.0277 4072 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/17 11:49:20.0402 4072 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/17 11:49:20.0496 4072 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/09/17 11:49:20.0652 4072 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/17 11:49:20.0714 4072 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/09/17 11:49:20.0824 4072 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/09/17 11:49:20.0917 4072 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/17 11:49:20.0996 4072 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/09/17 11:49:21.0105 4072 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/17 11:49:21.0355 4072 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/09/17 11:49:21.0527 4072 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\Windows\system32\DRIVERS\ctsfm2k.sys
2011/09/17 11:49:21.0667 4072 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/09/17 11:49:21.0777 4072 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/09/17 11:49:21.0886 4072 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/09/17 11:49:22.0074 4072 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/09/17 11:49:22.0183 4072 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/17 11:49:22.0292 4072 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
2011/09/17 11:49:22.0496 4072 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/09/17 11:49:22.0683 4072 EL90Xbc (fd3821285b943648a32adc39dacc4e11) C:\Windows\system32\DRIVERS\el90Xbc5.SYS
2011/09/17 11:49:22.0761 4072 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/17 11:49:22.0855 4072 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/09/17 11:49:23.0011 4072 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/09/17 11:49:23.0121 4072 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/09/17 11:49:23.0277 4072 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/17 11:49:23.0386 4072 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/09/17 11:49:23.0480 4072 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/09/17 11:49:23.0589 4072 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/17 11:49:23.0683 4072 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/09/17 11:49:23.0792 4072 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/09/17 11:49:23.0871 4072 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/17 11:49:24.0027 4072 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/17 11:49:24.0136 4072 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/17 11:49:24.0277 4072 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/17 11:49:24.0355 4072 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/17 11:49:24.0480 4072 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/17 11:49:24.0589 4072 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/17 11:49:24.0667 4072 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/17 11:49:24.0777 4072 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/17 11:49:24.0902 4072 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/17 11:49:25.0027 4072 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/09/17 11:49:25.0136 4072 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/09/17 11:49:25.0214 4072 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/17 11:49:25.0308 4072 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/17 11:49:25.0449 4072 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/09/17 11:49:25.0558 4072 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/17 11:49:25.0683 4072 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/09/17 11:49:25.0777 4072 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/17 11:49:25.0933 4072 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/17 11:49:26.0058 4072 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/09/17 11:49:26.0167 4072 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/09/17 11:49:26.0246 4072 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/09/17 11:49:26.0355 4072 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/09/17 11:49:26.0558 4072 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/17 11:49:26.0746 4072 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/17 11:49:26.0839 4072 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/17 11:49:26.0933 4072 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/17 11:49:27.0042 4072 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/17 11:49:27.0230 4072 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/17 11:49:27.0402 4072 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/17 11:49:27.0496 4072 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/17 11:49:27.0574 4072 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/17 11:49:27.0667 4072 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/17 11:49:27.0746 4072 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/09/17 11:49:27.0871 4072 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/09/17 11:49:27.0980 4072 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/09/17 11:49:28.0074 4072 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/17 11:49:28.0167 4072 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/17 11:49:28.0324 4072 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/09/17 11:49:28.0417 4072 MODEMCSA (25483f9d590d5f00bd951e1181453ec2) C:\Windows\system32\drivers\MODEMCSA.sys
2011/09/17 11:49:28.0496 4072 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/17 11:49:28.0605 4072 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/17 11:49:28.0699 4072 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/17 11:49:28.0808 4072 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/09/17 11:49:28.0871 4072 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/09/17 11:49:28.0996 4072 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/17 11:49:29.0105 4072 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/09/17 11:49:29.0214 4072 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/17 11:49:29.0292 4072 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/17 11:49:29.0402 4072 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/17 11:49:29.0480 4072 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/09/17 11:49:29.0574 4072 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/09/17 11:49:29.0714 4072 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/09/17 11:49:29.0792 4072 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/17 11:49:29.0871 4072 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/09/17 11:49:29.0996 4072 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/17 11:49:30.0089 4072 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/17 11:49:30.0152 4072 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/09/17 11:49:30.0261 4072 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/09/17 11:49:30.0371 4072 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/17 11:49:30.0511 4072 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/09/17 11:49:30.0574 4072 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/17 11:49:30.0667 4072 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/09/17 11:49:30.0808 4072 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/17 11:49:30.0917 4072 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/09/17 11:49:30.0996 4072 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/17 11:49:31.0105 4072 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/17 11:49:31.0199 4072 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/17 11:49:31.0292 4072 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/17 11:49:31.0371 4072 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/09/17 11:49:31.0464 4072 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys
2011/09/17 11:49:31.0542 4072 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/17 11:49:31.0683 4072 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/17 11:49:31.0855 4072 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/17 11:49:31.0949 4072 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/09/17 11:49:32.0058 4072 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/17 11:49:32.0214 4072 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/09/17 11:49:32.0324 4072 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/09/17 11:49:32.0574 4072 nvlddmkm (d37174e8014da46be1a81e7b02237ac0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/17 11:49:32.0730 4072 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/09/17 11:49:32.0808 4072 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/09/17 11:49:32.0902 4072 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/09/17 11:49:33.0011 4072 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/17 11:49:33.0152 4072 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\Windows\system32\DRIVERS\ctoss2k.sys
2011/09/17 11:49:33.0292 4072 P16X (f051107ff80f132882e71e3a5d302ec1) C:\Windows\system32\drivers\P16X.sys
2011/09/17 11:49:33.0417 4072 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/09/17 11:49:33.0511 4072 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/09/17 11:49:33.0605 4072 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/09/17 11:49:33.0792 4072 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/09/17 11:49:33.0902 4072 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/09/17 11:49:33.0980 4072 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/17 11:49:34.0089 4072 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/09/17 11:49:34.0199 4072 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/09/17 11:49:34.0511 4072 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/17 11:49:34.0589 4072 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/09/17 11:49:34.0746 4072 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys
2011/09/17 11:49:34.0964 4072 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/17 11:49:35.0042 4072 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
2011/09/17 11:49:35.0167 4072 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/17 11:49:35.0292 4072 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/17 11:49:35.0417 4072 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/17 11:49:35.0496 4072 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/17 11:49:35.0589 4072 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/17 11:49:35.0699 4072 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/17 11:49:35.0824 4072 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/17 11:49:35.0902 4072 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/17 11:49:35.0996 4072 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/17 11:49:36.0105 4072 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/17 11:49:36.0167 4072 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/17 11:49:36.0277 4072 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/09/17 11:49:36.0355 4072 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/17 11:49:36.0527 4072 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/17 11:49:36.0667 4072 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/09/17 11:49:36.0761 4072 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/09/17 11:49:36.0964 4072 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/17 11:49:37.0027 4072 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/09/17 11:49:37.0167 4072 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/09/17 11:49:37.0292 4072 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/17 11:49:37.0433 4072 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/17 11:49:37.0589 4072 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/17 11:49:37.0683 4072 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/09/17 11:49:37.0761 4072 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/17 11:49:37.0917 4072 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/17 11:49:38.0011 4072 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/09/17 11:49:38.0089 4072 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/17 11:49:38.0183 4072 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/17 11:49:38.0292 4072 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/09/17 11:49:38.0386 4072 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/17 11:49:38.0464 4072 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/17 11:49:38.0574 4072 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/09/17 11:49:38.0730 4072 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/09/17 11:49:38.0902 4072 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
2011/09/17 11:49:39.0011 4072 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/17 11:49:39.0089 4072 srvnet (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/17 11:49:39.0261 4072 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/17 11:49:39.0402 4072 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/09/17 11:49:39.0496 4072 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/09/17 11:49:39.0558 4072 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/17 11:49:39.0824 4072 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/09/17 11:49:39.0996 4072 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/17 11:49:40.0089 4072 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/17 11:49:40.0199 4072 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/09/17 11:49:40.0261 4072 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/09/17 11:49:40.0371 4072 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/17 11:49:40.0511 4072 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys
2011/09/17 11:49:40.0636 4072 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/17 11:49:40.0824 4072 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys
2011/09/17 11:49:40.0996 4072 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/17 11:49:41.0136 4072 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/17 11:49:41.0230 4072 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/17 11:49:41.0308 4072 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/17 11:49:41.0464 4072 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/09/17 11:49:41.0574 4072 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/17 11:49:41.0636 4072 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/17 11:49:41.0777 4072 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/17 11:49:41.0917 4072 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/17 11:49:42.0027 4072 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/09/17 11:49:42.0105 4072 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/17 11:49:42.0214 4072 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/17 11:49:42.0324 4072 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/17 11:49:42.0417 4072 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/17 11:49:42.0589 4072 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/17 11:49:42.0667 4072 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/17 11:49:42.0777 4072 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/17 11:49:42.0917 4072 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/09/17 11:49:43.0027 4072 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/17 11:49:43.0136 4072 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/09/17 11:49:43.0230 4072 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/09/17 11:49:43.0339 4072 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/09/17 11:49:43.0417 4072 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/09/17 11:49:43.0511 4072 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/09/17 11:49:43.0621 4072 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/09/17 11:49:43.0699 4072 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/09/17 11:49:43.0792 4072 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/09/17 11:49:43.0902 4072 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/09/17 11:49:43.0996 4072 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/09/17 11:49:44.0089 4072 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/17 11:49:44.0230 4072 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/09/17 11:49:44.0402 4072 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/17 11:49:44.0496 4072 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/17 11:49:44.0542 4072 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/17 11:49:44.0746 4072 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/09/17 11:49:44.0839 4072 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/17 11:49:45.0058 4072 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/17 11:49:45.0183 4072 wg111nd5 (5dc04e2badf701d7a9d00365b623df2f) C:\Windows\system32\DRIVERS\wg111nd5.sys
2011/09/17 11:49:45.0277 4072 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/09/17 11:49:45.0496 4072 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/17 11:49:45.0589 4072 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/17 11:49:45.0808 4072 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/17 11:49:45.0933 4072 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/09/17 11:49:46.0058 4072 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/17 11:49:46.0261 4072 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/09/17 11:49:46.0308 4072 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/17 11:49:46.0339 4072 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/09/17 11:49:46.0386 4072 Boot (0x1200) (634b76699dbbc956e2fd74af1526ecf8) \Device\Harddisk0\DR0\Partition0
2011/09/17 11:49:46.0449 4072 Boot (0x1200) (3e467e0745268a5dd2a8901d625f6b4b) \Device\Harddisk1\DR1\Partition0
2011/09/17 11:49:46.0480 4072 ================================================================================
2011/09/17 11:49:46.0480 4072 Scan finished
2011/09/17 11:49:46.0480 4072 ================================================================================
2011/09/17 11:49:46.0542 3364 Detected object count: 1
2011/09/17 11:49:46.0542 3364 Actual detected object count: 1
2011/09/17 11:50:05.0917 3364 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/17 11:50:05.0917 3364 \Device\Harddisk0\DR0 - ok
2011/09/17 11:50:05.0917 3364 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/17 11:50:13.0027 3556 Deinitialize success
Phaaze is offline  
Old 09-17-2011, 10:46 AM   #8
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Good. Now disable any onboard protection programs and run ComboFix.exe. If it prompts you that an update is available, please allow it to update.

Post the ComboFix.txt when it has completed, along with an update on machine behavior.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-17-2011, 11:08 AM   #9
Registered Member
 
Join Date: May 2006
Posts: 30
OS: Win. 10 Pro



I've been doing all of this via TeamViewer as I'm actually on campus. It appears as if the machine BSOD'd again and TeamViewer failed to start up properly when the machine rebooted. Therefore, I am left without access to the machine until my mother returns home so that I can instruct her to reboot the machine and ensure that TeamViewer launches properly.

Please let me know what the next step is and I'll do it as soon as I regain access.

Thanks
Phaaze is offline  
Old 09-17-2011, 12:26 PM   #10
Registered Member
 
Join Date: May 2006
Posts: 30
OS: Win. 10 Pro



ComboFix 11-09-16.01 - Administrator 09/17/2011 12:54:12.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1279.718 [GMT -4:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Outdated* {982ADE23-275B-0766-37C5-DE01A484098E}
SP: BitDefender Antispyware *Disabled/Outdated* {234B3FC7-0161-08E8-0D75-E573DF034333}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AppleProfilePolicy.dll
c:\programdata\fuxh.exe
c:\programdata\lvsk.exe
c:\programdata\pbuh.exe
c:\programdata\rrpv.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\users\Administrator\AppData\Roaming\OpenCloud Security
c:\users\Cathy\AppData\Local\{5BD9A4D4-247A-44B8-AE17-16220288BB96}
c:\users\Cathy\AppData\Local\{5BD9A4D4-247A-44B8-AE17-16220288BB96}\chrome.manifest
c:\users\Cathy\AppData\Local\{5BD9A4D4-247A-44B8-AE17-16220288BB96}\chrome\content\_cfg.js
c:\users\Cathy\AppData\Local\{5BD9A4D4-247A-44B8-AE17-16220288BB96}\chrome\content\overlay.xul
c:\users\Cathy\AppData\Local\{5BD9A4D4-247A-44B8-AE17-16220288BB96}\install.rdf
c:\users\Cathy\AppData\Local\imogosul.dll
c:\users\Cathy\AppData\Roaming\Adobe\plugs
c:\users\Cathy\AppData\Roaming\Adobe\shed
c:\windows\system32\0.21187082121402334.exe
c:\windows\system32\0.3846348175591836.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\OpenCloud Security\sySL32.dll
c:\windows\system32\eafa.exe
c:\windows\system32\fphm.exe
c:\windows\system32\no
c:\windows\system32\no\AuthFWSnapIn.Resources.dll
c:\windows\system32\no\AuthFWWizFwk.Resources.dll
c:\windows\system32\no\Narrator.resources.dll
c:\windows\system32\oduq.exe
c:\windows\system32\xrnq.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Ias
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-17 to 2011-09-17 )))))))))))))))))))))))))))))))
.
.
2011-09-17 17:10 . 2011-09-17 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-17 17:10 . 2011-09-17 17:10 -------- d-----w- c:\users\Cathy\AppData\Local\temp
2011-09-17 15:18 . 2011-09-17 15:19 -------- d-----w- c:\users\Administrator
2011-09-16 15:19 . 2011-09-16 15:19 49152 ----a-w- c:\windows\system32\sname
2011-09-16 15:19 . 2011-09-16 15:19 49152 ----a-w- c:\windows\system32\mdhcp32.dll
2011-09-06 00:34 . 2011-09-07 00:14 0 ----a-w- c:\users\Cathy\AppData\Local\Agaqeva.bin
2011-09-06 00:33 . 2011-09-15 19:22 -------- d-----w- c:\program files\Yontoo Layers Runtime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:52 . 2011-02-15 15:09 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-02-15 15:09 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-11 23:01 . 2003-04-24 06:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-03-31 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-15 04:46 195360 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-01 1123360]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-10-10 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-10 7741440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-10 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jifdorh]
2011-09-09 23:56 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\jifdorh.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-20 18432]
R3 PCANDIS4;PCANDIS4 Protocol Driver;c:\windows\system32\PCANDIS4.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-06 1343400]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-01-13 79368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-11-27 185640]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-09 153448]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
itnetsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3831304034-3670355242-1837247823-1000Core.job
- c:\users\Cathy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 15:30]
.
2011-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3831304034-3670355242-1837247823-1000UA.job
- c:\users\Cathy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 15:30]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\52uwnjgf.default\
FF - user.js: extentions.y2layers.installId - bf4f386a-3b0c-4580-853d-1d00f106bb1b
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-AppleProfilePolicy - c:\programdata\AppleProfilePolicy.dll
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_av=\"0\" />"
"Device"="xr3Pxr2+yLnPx87MzrzMy8y7zcs="
.
[HKEY_USERS\S-1-5-21-3831304034-3670355242-1837247823-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,3b,1b,f4,c0,61,
4b,91,b3,1f,0c,ae,16,6d,12,b5,56,dd,db
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,3b,1b,d5,00,56,
1d,16,c3,f5,03,88,75,86,02,97,d9,20,0a
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,c5,
02,9b,b8,ec,0b,b9,9e,bc,17,8f,6b,ff,df
"{19090308-636D-4E9B-A1CE-A647B6F794BF}"=hex:51,66,7a,6c,4c,1d,3b,1b,18,1e,13,
03,5b,33,f4,07,bd,c6,e0,07,b5,b2,d6,a3
"{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"=hex:51,66,7a,6c,4c,1d,3b,1b,16,5e,2c,
35,73,fa,da,0e,83,95,7f,e8,ba,0b,3c,eb
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2c,9f,
68,f3,60,4d,04,ab,f1,4d,fc,1e,7d,e1,62
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,d2,
c1,73,f4,34,0a,a0,7c,da,65,c2,80,ca,b5
"{F156768E-81EF-470C-9057-481BA8380DBA}"=hex:51,66,7a,6c,4c,1d,3b,1b,9e,6b,4c,
eb,d9,d1,63,0e,8c,5f,0e,5b,ab,7d,4f,a6
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,3b,1b,0e,1b,68,
e7,e8,cf,22,01,b9,82,4d,eb,42,14,88,c4
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,07,4e,
30,c0,0b,0a,0f,b4,ab,89,e9,64,6b,00,8d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,1f,
e5,6c,9c,41,07,a3,33,d0,a9,2a,93,17,1f
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c3,f0,
a7,53,92,bf,58,a0,e5,46,e0,ca,4f,f7,13
.
[HKEY_USERS\S-1-5-21-3831304034-3670355242-1837247823-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:72,2f,74,31,4d,75,cc,01
.
[HKEY_USERS\S-1-5-21-3831304034-3670355242-1837247823-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,6f,83,56,de,0e,7e,42,be,b3,c5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,6f,83,56,de,0e,7e,42,be,b3,c5,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2020)
c:\program files\TeamViewer\Version6\tv_w32.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2010\vsserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcjcoms.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\rundll32.exe
c:\windows\BCMSMMSG.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
c:\program files\TeamViewer\Version6\tv_w32.exe
c:\windows\system32\AUDIODG.EXE
.
**************************************************************************
.
Completion time: 2011-09-17 14:19:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-17 18:19
.
Pre-Run: 448,694,149,120 bytes free
Post-Run: 448,314,105,856 bytes free
.
- - End Of File - - FE1821AA4616FA369D6B33885FB7F61E
Phaaze is offline  
Old 09-17-2011, 06:12 PM   #11
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



You did fine. :)

Please run Combofix again. Allow it to update if prompted, then post the ComboFix.txt when it has completed.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-18-2011, 11:21 AM   #12
Registered Member
 
Join Date: May 2006
Posts: 30
OS: Win. 10 Pro



I'm having some problems with ComboFix now... When I run it, I receive a prompt to update and it connects and updates properly. However, it then says it will restart ComboFix and it closes, opens, and goes through the extraction process but then all of it's associated windows close. "xwscacls.3XE" is still running, according to taskmgr but even when left alone for an hour, nothing else happens and I am left viewing my desktop...

Aside from this issue with ComboFix, the redirects in Google's Search Results have been fixed and from what little time I've spent on the computer - it seems to be running properly.
Phaaze is offline  
Old 09-18-2011, 06:14 PM   #13
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



It may be acting 'normally' now, but that is temporary. I still see malware onboard that CF should have been able to remove.

Delete your existing ComboFix.exe and download the latest version from here

You must disable the onboard protection, or it will interfere with the running of ComboFix.

Post the ComboFix.txt when it has completed.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-18-2011, 07:32 PM   #14
Registered Member
 
Join Date: May 2006
Posts: 30
OS: Win. 10 Pro



Just out of curiosity, what in the previous log indicated that it was still there?


ComboFix 11-09-18.03 - Administrator 09/18/2011 20:54:53.3.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1279.737 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Outdated* {982ADE23-275B-0766-37C5-DE01A484098E}
SP: BitDefender Antispyware *Disabled/Outdated* {234B3FC7-0161-08E8-0D75-E573DF034333}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-19 to 2011-09-19 )))))))))))))))))))))))))))))))
.
.
2011-09-19 01:11 . 2011-09-19 01:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-19 01:11 . 2011-09-19 01:11 -------- d-----w- c:\users\Cathy\AppData\Local\temp
2011-09-17 15:18 . 2011-09-17 15:19 -------- d-----w- c:\users\Administrator
2011-09-16 15:19 . 2011-09-16 15:19 49152 ----a-w- c:\windows\system32\sname
2011-09-16 15:19 . 2011-09-16 15:19 49152 ----a-w- c:\windows\system32\mdhcp32.dll
2011-09-06 00:34 . 2011-09-07 00:14 0 ----a-w- c:\users\Cathy\AppData\Local\Agaqeva.bin
2011-09-06 00:33 . 2011-09-15 19:22 -------- d-----w- c:\program files\Yontoo Layers Runtime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:52 . 2011-02-15 15:09 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-02-15 15:09 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-11 23:01 . 2003-04-24 06:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-15 04:46 195360 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-01 1123360]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-10-10 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-10 7741440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-10 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jifdorh]
2011-09-09 23:56 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\jifdorh.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-20 18432]
R3 PCANDIS4;PCANDIS4 Protocol Driver;c:\windows\system32\PCANDIS4.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-06 1343400]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-01-13 79368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-11-27 185640]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-09 153448]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
itnetsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3831304034-3670355242-1837247823-1000Core.job
- c:\users\Cathy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 15:30]
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3831304034-3670355242-1837247823-1000UA.job
- c:\users\Cathy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 15:30]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\52uwnjgf.default\
FF - user.js: extentions.y2layers.installId - bf4f386a-3b0c-4580-853d-1d00f106bb1b
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_av=\"0\" />"
"Device"="xr3Pxr2+yLnPx87MzrzMy8y7zcs="
.
[HKEY_USERS\S-1-5-21-3831304034-3670355242-1837247823-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,3b,1b,f4,c0,61,
4b,91,b3,1f,0c,ae,16,6d,12,b5,56,dd,db
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,3b,1b,d5,00,56,
1d,16,c3,f5,03,88,75,86,02,97,d9,20,0a
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,c5,
02,9b,b8,ec,0b,b9,9e,bc,17,8f,6b,ff,df
"{19090308-636D-4E9B-A1CE-A647B6F794BF}"=hex:51,66,7a,6c,4c,1d,3b,1b,18,1e,13,
03,5b,33,f4,07,bd,c6,e0,07,b5,b2,d6,a3
"{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"=hex:51,66,7a,6c,4c,1d,3b,1b,16,5e,2c,
35,73,fa,da,0e,83,95,7f,e8,ba,0b,3c,eb
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2c,9f,
68,f3,60,4d,04,ab,f1,4d,fc,1e,7d,e1,62
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,d2,
c1,73,f4,34,0a,a0,7c,da,65,c2,80,ca,b5
"{F156768E-81EF-470C-9057-481BA8380DBA}"=hex:51,66,7a,6c,4c,1d,3b,1b,9e,6b,4c,
eb,d9,d1,63,0e,8c,5f,0e,5b,ab,7d,4f,a6
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,3b,1b,0e,1b,68,
e7,e8,cf,22,01,b9,82,4d,eb,42,14,88,c4
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,07,4e,
30,c0,0b,0a,0f,b4,ab,89,e9,64,6b,00,8d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,1f,
e5,6c,9c,41,07,a3,33,d0,a9,2a,93,17,1f
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c3,f0,
a7,53,92,bf,58,a0,e5,46,e0,ca,4f,f7,13
.
[HKEY_USERS\S-1-5-21-3831304034-3670355242-1837247823-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:72,2f,74,31,4d,75,cc,01
.
[HKEY_USERS\S-1-5-21-3831304034-3670355242-1837247823-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,6f,83,56,de,0e,7e,42,be,b3,c5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,6f,83,56,de,0e,7e,42,be,b3,c5,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-18 21:21:03
ComboFix-quarantined-files.txt 2011-09-19 01:21
.
Pre-Run: 449,486,360,576 bytes free
Post-Run: 449,435,602,944 bytes free
.
- - End Of File - - E8013756558B21A26AA32799906FF42A
Phaaze is offline  
Old 09-18-2011, 09:16 PM   #15
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hi Phaaze,

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

Open notepad and copy/paste the text in the code box below into it:

Quote:
File::
c:\windows\System32\config\systemprofile\AppData\Local\jifdorh.dll
c:\users\Cathy\AppData\Local\Agaqeva.bin

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jifdorh]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"itnetsvc"=-

Save this as CFScript.txt, and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe


When finished, post the C:\ComboFix.txt in your next reply, along with an update on machine behavior.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-18-2011, 10:44 PM   #16
Registered Member
 
Join Date: May 2006
Posts: 30
OS: Win. 10 Pro



ComboFix 11-09-18.03 - Administrator 09/18/2011 23:27:31.4.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1279.731 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: BitDefender Antivirus *Disabled/Outdated* {982ADE23-275B-0766-37C5-DE01A484098E}
SP: BitDefender Antispyware *Disabled/Outdated* {234B3FC7-0161-08E8-0D75-E573DF034333}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Cathy\AppData\Local\Agaqeva.bin"
"c:\windows\System32\config\systemprofile\AppData\Local\jifdorh.dll"
.
.
((((((((((((((((((((((((( Files Created from 2011-08-19 to 2011-09-19 )))))))))))))))))))))))))))))))
.
.
2011-09-19 03:43 . 2011-09-19 03:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-19 03:43 . 2011-09-19 03:43 -------- d-----w- c:\users\Cathy\AppData\Local\temp
2011-09-17 15:18 . 2011-09-17 15:19 -------- d-----w- c:\users\Administrator
2011-09-16 15:19 . 2011-09-16 15:19 49152 ----a-w- c:\windows\system32\sname
2011-09-16 15:19 . 2011-09-16 15:19 49152 ----a-w- c:\windows\system32\mdhcp32.dll
2011-09-06 00:34 . 2011-09-07 00:14 0 ----a-w- c:\users\Cathy\AppData\Local\Agaqeva.bin
2011-09-06 00:33 . 2011-09-15 19:22 -------- d-----w- c:\program files\Yontoo Layers Runtime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:52 . 2011-02-15 15:09 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-02-15 15:09 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-11 23:01 . 2003-04-24 06:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-15 04:46 195360 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-01 1123360]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-10-10 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-10 7741440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-10 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-20 18432]
R3 PCANDIS4;PCANDIS4 Protocol Driver;c:\windows\system32\PCANDIS4.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-06 1343400]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-01-13 79368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-11-27 185640]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-09 153448]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3831304034-3670355242-1837247823-1000Core.job
- c:\users\Cathy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 15:30]
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3831304034-3670355242-1837247823-1000UA.job
- c:\users\Cathy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 15:30]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\52uwnjgf.default\
FF - user.js: extentions.y2layers.installId - bf4f386a-3b0c-4580-853d-1d00f106bb1b
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_av=\"0\" />"
"Device"="xr3Pxr2+yLnPx87MzrzMy8y7zcs="
.
[HKEY_USERS\S-1-5-21-3831304034-3670355242-1837247823-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,3b,1b,f4,c0,61,
4b,91,b3,1f,0c,ae,16,6d,12,b5,56,dd,db
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,3b,1b,d5,00,56,
1d,16,c3,f5,03,88,75,86,02,97,d9,20,0a
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,c5,
02,9b,b8,ec,0b,b9,9e,bc,17,8f,6b,ff,df
"{19090308-636D-4E9B-A1CE-A647B6F794BF}"=hex:51,66,7a,6c,4c,1d,3b,1b,18,1e,13,
03,5b,33,f4,07,bd,c6,e0,07,b5,b2,d6,a3
"{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"=hex:51,66,7a,6c,4c,1d,3b,1b,16,5e,2c,
35,73,fa,da,0e,83,95,7f,e8,ba,0b,3c,eb
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2c,9f,
68,f3,60,4d,04,ab,f1,4d,fc,1e,7d,e1,62
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,d2,
c1,73,f4,34,0a,a0,7c,da,65,c2,80,ca,b5
"{F156768E-81EF-470C-9057-481BA8380DBA}"=hex:51,66,7a,6c,4c,1d,3b,1b,9e,6b,4c,
eb,d9,d1,63,0e,8c,5f,0e,5b,ab,7d,4f,a6
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,3b,1b,0e,1b,68,
e7,e8,cf,22,01,b9,82,4d,eb,42,14,88,c4
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,07,4e,
30,c0,0b,0a,0f,b4,ab,89,e9,64,6b,00,8d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,1f,
e5,6c,9c,41,07,a3,33,d0,a9,2a,93,17,1f
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c3,f0,
a7,53,92,bf,58,a0,e5,46,e0,ca,4f,f7,13
.
[HKEY_USERS\S-1-5-21-3831304034-3670355242-1837247823-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:72,2f,74,31,4d,75,cc,01
.
[HKEY_USERS\S-1-5-21-3831304034-3670355242-1837247823-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,6f,83,56,de,0e,7e,42,be,b3,c5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,6f,83,56,de,0e,7e,42,be,b3,c5,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-18 23:52:58
ComboFix-quarantined-files.txt 2011-09-19 03:52
ComboFix2.txt 2011-09-19 01:21
.
Pre-Run: 449,486,151,680 bytes free
Post-Run: 449,434,578,944 bytes free
.
- - End Of File - - 44B687D1012C0B45D53EB40158E30CB5
Phaaze is offline  
Old 09-19-2011, 06:21 AM   #17
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



We're almost through here. :)

Using Windows Explorer, navigate to, and delete this file:

c:\users\Cathy\AppData\Local\Agaqeva.bin

=======================================

Lastly, it's important to run an online scan to search for any remnants that may be lurking. Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-19-2011, 01:56 PM   #18
Registered Member
 
Join Date: May 2006
Posts: 30
OS: Win. 10 Pro



C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\Qoobox\Quarantine\C\Windows\System32\0.3846348175591836.exe.vir a variant of Win32/Lukicsel.W trojan
C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\AppData\Roaming\OpenCloud Security\sySL32.dll.vir a variant of Win32/Adware.BlueFlareAntivirus.B application
C:\Windows\System32\mdhcp32.dll Win32/Lukicsel.T trojan
C:\Windows\System32\sname Win32/Lukicsel.T trojan
C:\Windows\System32\config\systemprofile\AppData\Local\abtottb.exe a variant of Win32/Kryptik.SVL trojan
C:\Windows\System32\config\systemprofile\AppData\Local\dlqoineios.exe a variant of Win32/Kryptik.SVL trojan
C:\Windows\System32\config\systemprofile\AppData\Local\gszpaflqy.exe a variant of Win32/Kryptik.SVL trojan
C:\Windows\System32\config\systemprofile\AppData\Local\jfkaebklz.exe a variant of Win32/Kryptik.SVL trojan
C:\Windows\System32\config\systemprofile\AppData\Local\lafqk.exe a variant of Win32/Kryptik.SVL trojan
C:\Windows\System32\config\systemprofile\AppData\Local\lzzsqrfzs.exe a variant of Win32/Kryptik.SVL trojan
C:\Windows\System32\config\systemprofile\AppData\Local\pgavncfzv.exe a variant of Win32/Kryptik.SVL trojan
C:\Windows\System32\config\systemprofile\AppData\Local\ptfrueamdd.exe a variant of Win32/Kryptik.SVL trojan
C:\Windows\System32\config\systemprofile\AppData\Local\tdzvqtoju.exe a variant of Win32/Kryptik.SVL trojan
C:\Windows\System32\config\systemprofile\AppData\Local\xuxzldol.exe a variant of Win32/Kryptik.SVL trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\2eabbcb7-1c35b7e0 a variant of Win32/Lukicsel.W trojan
C:\Windows\System32\config\systemprofile\AppData\Roaming\OpenCloud Security\OpenCloud Security.exe a variant of Win32/Kryptik.SVU trojan
D:\OSF\Desktop\misc\SmitfraudFix\Process.exe Win32/PrcView application
D:\OSF\Desktop\misc\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
Operating memory a variant of Win32/Adware.Yontoo.A application
Phaaze is offline  
Old 09-19-2011, 02:17 PM   #19
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Open notepad and copy/paste the text in the code box below into it:

Quote:
File::
C:\Windows\System32\mdhcp32.dll
C:\Windows\System32\sname
C:\Windows\System32\config\systemprofile\AppData\Local\abtottb.exe
C:\Windows\System32\config\systemprofile\AppData\Local\dlqoineios.exe
C:\Windows\System32\config\systemprofile\AppData\Local\gszpaflqy.exe
C:\Windows\System32\config\systemprofile\AppData\Local\jfkaebklz.exe
C:\Windows\System32\config\systemprofile\AppData\Local\lafqk.exe
C:\Windows\System32\config\systemprofile\AppData\Local\lzzsqrfzs.exe
C:\Windows\System32\config\systemprofile\AppData\Local\pgavncfzv.exe
C:\Windows\System32\config\systemprofile\AppData\Local\ptfrueamdd.exe
C:\Windows\System32\config\systemprofile\AppData\Local\tdzvqtoju.exe
C:\Windows\System32\config\systemprofile\AppData\Local\xuxzldol.exe

Folder::
C:\Windows\System32\config\systemprofile\AppData\Roaming\OpenCloud Security

ClearJavaCache::

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you. Post the C:\ComboFix.txt in your next reply.

==============================


Given the results of the Eset log, please run aswmbr.exe again. Same as before, do NOT fix anything. Please just post the results along with the ComboFix.txt

Uninstall Smitfraudfix. It is a very outdated tool and has not been maintained for several years. As such, it should not be used as there is no telling how today's malware may affect it when it runs. Depending on how old that download is, double click to start the program and you should see an option to uninstall. If you do not, let me know and we'll pull the files out ourselves.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-19-2011, 04:31 PM   #20
Registered Member
 
Join Date: May 2006
Posts: 30
OS: Win. 10 Pro



As far as Smitfraudfix goes, that file is on the storage drive and hasn't been used for years (since May of 2006 to be exact)... It just got copied over to storage by accident apparently... Anyway, it has been deleted.


ComboFix 11-09-19.02 - Administrator 09/19/2011 17:24:01.5.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1279.678 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: BitDefender Antivirus *Disabled/Outdated* {982ADE23-275B-0766-37C5-DE01A484098E}
SP: BitDefender Antispyware *Disabled/Outdated* {234B3FC7-0161-08E8-0D75-E573DF034333}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\config\systemprofile\AppData\Local\abtottb.exe"
"c:\windows\System32\config\systemprofile\AppData\Local\dlqoineios.exe"
"c:\windows\System32\config\systemprofile\AppData\Local\gszpaflqy.exe"
"c:\windows\System32\config\systemprofile\AppData\Local\jfkaebklz.exe"
"c:\windows\System32\config\systemprofile\AppData\Local\lafqk.exe"
"c:\windows\System32\config\systemprofile\AppData\Local\lzzsqrfzs.exe"
"c:\windows\System32\config\systemprofile\AppData\Local\pgavncfzv.exe"
"c:\windows\System32\config\systemprofile\AppData\Local\ptfrueamdd.exe"
"c:\windows\System32\config\systemprofile\AppData\Local\tdzvqtoju.exe"
"c:\windows\System32\config\systemprofile\AppData\Local\xuxzldol.exe"
"c:\windows\System32\mdhcp32.dll"
"c:\windows\System32\sname"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\config\systemprofile\AppData\Roaming\OpenCloud Security
c:\windows\System32\config\systemprofile\AppData\Roaming\OpenCloud Security\OpenCloud Security.exe
c:\windows\System32\config\systemprofile\AppData\Roaming\OpenCloud Security\OpenCloud Security.ico
c:\windows\System32\config\systemprofile\AppData\Roaming\OpenCloud Security\wmf.cfg
.
.
((((((((((((((((((((((((( Files Created from 2011-08-19 to 2011-09-19 )))))))))))))))))))))))))))))))
.
.
2011-09-19 21:39 . 2011-09-19 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-19 21:39 . 2011-09-19 21:39 -------- d-----w- c:\users\Cathy\AppData\Local\temp
2011-09-19 15:16 . 2011-09-19 15:16 -------- d-----w- c:\program files\ESET
2011-09-17 15:18 . 2011-09-17 15:19 -------- d-----w- c:\users\Administrator
2011-09-16 15:19 . 2011-09-16 15:19 49152 ----a-w- c:\windows\system32\sname
2011-09-16 15:19 . 2011-09-16 15:19 49152 ----a-w- c:\windows\system32\mdhcp32.dll
2011-09-06 00:33 . 2011-09-15 19:22 -------- d-----w- c:\program files\Yontoo Layers Runtime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:52 . 2011-02-15 15:09 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-02-15 15:09 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-11 23:01 . 2003-04-24 06:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-15 04:46 195360 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-01 1123360]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-10-10 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-10 7741440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-10 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-20 18432]
R3 PCANDIS4;PCANDIS4 Protocol Driver;c:\windows\system32\PCANDIS4.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-06 1343400]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-01-13 79368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-11-27 185640]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-09 153448]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3831304034-3670355242-1837247823-1000Core.job
- c:\users\Cathy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 15:30]
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3831304034-3670355242-1837247823-1000UA.job
- c:\users\Cathy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 15:30]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\52uwnjgf.default\
FF - user.js: extentions.y2layers.installId - bf4f386a-3b0c-4580-853d-1d00f106bb1b
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_av=\"0\" />"
"Device"="xr3Pxr2+yLnPx87MzrzMy8y7zcs="
.
[HKEY_USERS\S-1-5-21-3831304034-3670355242-1837247823-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,3b,1b,f4,c0,61,
4b,91,b3,1f,0c,ae,16,6d,12,b5,56,dd,db
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,3b,1b,d5,00,56,
1d,16,c3,f5,03,88,75,86,02,97,d9,20,0a
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,c5,
02,9b,b8,ec,0b,b9,9e,bc,17,8f,6b,ff,df
"{19090308-636D-4E9B-A1CE-A647B6F794BF}"=hex:51,66,7a,6c,4c,1d,3b,1b,18,1e,13,
03,5b,33,f4,07,bd,c6,e0,07,b5,b2,d6,a3
"{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"=hex:51,66,7a,6c,4c,1d,3b,1b,16,5e,2c,
35,73,fa,da,0e,83,95,7f,e8,ba,0b,3c,eb
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2c,9f,
68,f3,60,4d,04,ab,f1,4d,fc,1e,7d,e1,62
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,d2,
c1,73,f4,34,0a,a0,7c,da,65,c2,80,ca,b5
"{F156768E-81EF-470C-9057-481BA8380DBA}"=hex:51,66,7a,6c,4c,1d,3b,1b,9e,6b,4c,
eb,d9,d1,63,0e,8c,5f,0e,5b,ab,7d,4f,a6
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,3b,1b,0e,1b,68,
e7,e8,cf,22,01,b9,82,4d,eb,42,14,88,c4
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,07,4e,
30,c0,0b,0a,0f,b4,ab,89,e9,64,6b,00,8d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,1f,
e5,6c,9c,41,07,a3,33,d0,a9,2a,93,17,1f
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c3,f0,
a7,53,92,bf,58,a0,e5,46,e0,ca,4f,f7,13
.
[HKEY_USERS\S-1-5-21-3831304034-3670355242-1837247823-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:72,2f,74,31,4d,75,cc,01
.
[HKEY_USERS\S-1-5-21-3831304034-3670355242-1837247823-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,6f,83,56,de,0e,7e,42,be,b3,c5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,6f,83,56,de,0e,7e,42,be,b3,c5,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-19 17:47:42
ComboFix-quarantined-files.txt 2011-09-19 21:47
ComboFix2.txt 2011-09-19 03:52
ComboFix3.txt 2011-09-19 01:21
.
Pre-Run: 449,356,062,720 bytes free
Post-Run: 449,075,818,496 bytes free
.
- - End Of File - - 0BBBC3C93AF217D1EABD682C44FE3D8B
Phaaze is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sluggish system performance after FF Crash
Hello, I typically only use my machine for a few things these days: listening to music on winamp, watching youtube videos, and playing around on turntable.fm However, the other night, my system hung while I was on tt.fm in firefox. After the crash , I held the power button to shut my machine...
DeskLazer Resolved HJT Threads 12 08-31-2011 07:38 AM
Multiple Cold Boot Blue Screens
Hi, I have been trying to fix this problem since I made a completely new build only a few months ago. I'm tearing my hair out. I am getting a series of blue screen crashes just before and after I enter windows on a cold boot. This only occurs when the system has been powered off for an hour or...
Pete5 BSOD, App Crashes And Hangs 9 01-22-2011 08:06 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:07 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts