WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Win32/Sirefef.DN trojan [Solved]

Started by tofu1004 , Dec 18 2011 05:33 AM

This topic is locked

35 replies to this topic

#1 tofu1004

Authentic Member

Authentic Member
21 posts

Posted 18 December 2011 - 05:33 AM

Hi, I have created a post on bleepingcomputer.com but have had no reply. I am creating a post here but as soon as I have a response from either forum, I will be sure to post an update on the other forum that I have found the help I was seeking. Hi, I have a trojan on my computer. :blink:

I get Win 7 Security 2012 pop ups. I have run rkill, TDSSKiller (log below), aswMBR (log below), malwareBYTES ( don't have the log anymore but can run it again if asked). I've gotten rid of the ping.exe virus but my ESET NOD32 Antivirus 4's web access protection shows as non-functional and log file show as "12/17/2011 5:33:56 PM Startup scanner file Operating memory » C:\Windows\assembly\GAC_32\Desktop.ini a variant of Win32/Sirefef.DN trojan cleaned by deleting (after the next restart) YoonJoo-PC\YoonJoo" Every time I restart, ESET NOD32 pops up with that message. here is the log to aswMBR : aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-12-17 18:03:35 ----------------------------- 18:03:35.010 OS Version: Windows x64 6.1.7601 Service Pack 1 18:03:35.011 Number of processors: 8 586 0x1E05 18:03:35.011 ComputerName: YOONJOO-PC UserName: YoonJoo 18:03:39.247 Initialize success 18:03:44.359 AVAST engine defs: 11121700 18:03:54.935 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 18:03:54.940 Disk 0 Vendor: ST310005 CC45 Size: 953869MB BusType: 8 18:03:54.955 Disk 0 MBR read successfully 18:03:54.958 Disk 0 MBR scan 18:03:54.964 Disk 0 Windows VISTA default MBR code 18:03:54.967 Service scanning 18:03:56.676 Modules scanning 18:03:56.684 Disk 0 trace - called modules: 18:03:56.711 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 18:03:56.719 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dbb790] 18:03:56.727 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b01050] 18:03:59.744 AVAST engine scan C:\ 18:19:34.833 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp] 18:20:15.566 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj] 18:24:49.191 File: C:\Windows\System32\consrv.dll **INFECTED** Win32:Sirefef-FQ [Drp] 19:06:05.910 Scan finished successfully 19:21:43.994 Disk 0 MBR has been saved successfully to "C:\Users\YoonJoo\Desktop\MBR.dat" 19:21:43.998 The log file has been saved successfully to "C:\Users\YoonJoo\Desktop\aswMBR.txt" and here is the TDSSKiller log: 19:22:23.0291 5088 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31 19:22:23.0811 5088 ============================================================ 19:22:23.0812 5088 Current date / time: 2011/12/17 19:22:23.0811 19:22:23.0812 5088 SystemInfo: 19:22:23.0812 5088 19:22:23.0812 5088 OS Version: 6.1.7601 ServicePack: 1.0 19:22:23.0812 5088 Product type: Workstation 19:22:23.0812 5088 ComputerName: YOONJOO-PC 19:22:23.0812 5088 UserName: YoonJoo 19:22:23.0812 5088 Windows directory: C:\Windows 19:22:23.0812 5088 System windows directory: C:\Windows 19:22:23.0812 5088 Running under WOW64 19:22:23.0812 5088 Processor architecture: Intel x64 19:22:23.0812 5088 Number of processors: 8 19:22:23.0812 5088 Page size: 0x1000 19:22:23.0812 5088 Boot type: Normal boot 19:22:23.0812 5088 ============================================================ 19:22:24.0237 5088 Initialize success 19:22:38.0098 3748 ============================================================ 19:22:38.0098 3748 Scan started 19:22:38.0098 3748 Mode: Manual; 19:22:38.0098 3748 ============================================================ 19:22:39.0339 3748 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 19:22:39.0341 3748 1394ohci - ok 19:22:39.0370 3748 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 19:22:39.0372 3748 ACPI - ok 19:22:39.0388 3748 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 19:22:39.0389 3748 AcpiPmi - ok 19:22:39.0426 3748 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 19:22:39.0430 3748 adp94xx - ok 19:22:39.0455 3748 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 19:22:39.0458 3748 adpahci - ok 19:22:39.0490 3748 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 19:22:39.0491 3748 adpu320 - ok 19:22:39.0549 3748 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 19:22:39.0553 3748 AFD - ok 19:22:39.0573 3748 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 19:22:39.0574 3748 agp440 - ok 19:22:39.0589 3748 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 19:22:39.0590 3748 aliide - ok 19:22:39.0612 3748 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 19:22:39.0612 3748 amdide - ok 19:22:39.0625 3748 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 19:22:39.0625 3748 AmdK8 - ok 19:22:39.0640 3748 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 19:22:39.0641 3748 AmdPPM - ok 19:22:39.0685 3748 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 19:22:39.0686 3748 amdsata - ok 19:22:39.0713 3748 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 19:22:39.0714 3748 amdsbs - ok 19:22:39.0731 3748 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 19:22:39.0741 3748 amdxata - ok 19:22:39.0814 3748 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 19:22:39.0815 3748 AppID - ok 19:22:39.0874 3748 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 19:22:39.0875 3748 arc - ok 19:22:39.0895 3748 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 19:22:39.0895 3748 arcsas - ok 19:22:39.0944 3748 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 19:22:39.0945 3748 AsyncMac - ok 19:22:39.0986 3748 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 19:22:39.0987 3748 atapi - ok 19:22:40.0050 3748 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys 19:22:40.0063 3748 athr - ok 19:22:40.0129 3748 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys 19:22:40.0130 3748 AtiHdmiService - ok 19:22:40.0232 3748 atikmdag (79ceb8d4f25cabe69f3762c90f5b06b8) C:\Windows\system32\DRIVERS\atikmdag.sys 19:22:40.0254 3748 atikmdag - ok 19:22:40.0301 3748 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 19:22:40.0303 3748 b06bdrv - ok 19:22:40.0323 3748 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 19:22:40.0325 3748 b57nd60a - ok 19:22:40.0385 3748 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 19:22:40.0386 3748 Beep - ok 19:22:40.0403 3748 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 19:22:40.0416 3748 blbdrive - ok 19:22:40.0469 3748 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 19:22:40.0470 3748 bowser - ok 19:22:40.0482 3748 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:22:40.0482 3748 BrFiltLo - ok 19:22:40.0526 3748 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:22:40.0528 3748 BrFiltUp - ok 19:22:40.0579 3748 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 19:22:40.0608 3748 Brserid - ok 19:22:40.0634 3748 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 19:22:40.0634 3748 BrSerWdm - ok 19:22:40.0652 3748 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 19:22:40.0652 3748 BrUsbMdm - ok 19:22:40.0681 3748 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 19:22:40.0682 3748 BrUsbSer - ok 19:22:40.0701 3748 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 19:22:40.0702 3748 BTHMODEM - ok 19:22:40.0720 3748 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 19:22:40.0720 3748 cdfs - ok 19:22:40.0746 3748 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 19:22:40.0747 3748 cdrom - ok 19:22:40.0758 3748 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 19:22:40.0758 3748 circlass - ok 19:22:40.0788 3748 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 19:22:40.0789 3748 CLFS - ok 19:22:40.0813 3748 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 19:22:40.0813 3748 CmBatt - ok 19:22:40.0833 3748 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 19:22:40.0833 3748 cmdide - ok 19:22:40.0877 3748 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 19:22:40.0881 3748 CNG - ok 19:22:40.0897 3748 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 19:22:40.0898 3748 Compbatt - ok 19:22:40.0928 3748 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 19:22:40.0928 3748 CompositeBus - ok 19:22:40.0963 3748 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 19:22:40.0964 3748 crcdisk - ok 19:22:41.0028 3748 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 19:22:41.0029 3748 DfsC - ok 19:22:41.0063 3748 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 19:22:41.0063 3748 discache - ok 19:22:41.0122 3748 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 19:22:41.0122 3748 Disk - ok 19:22:41.0177 3748 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 19:22:41.0191 3748 drmkaud - ok 19:22:41.0259 3748 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 19:22:41.0268 3748 DXGKrnl - ok 19:22:41.0314 3748 eamonm (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys 19:22:41.0316 3748 eamonm - ok 19:22:41.0398 3748 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 19:22:41.0423 3748 ebdrv - ok 19:22:41.0463 3748 ehdrv (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys 19:22:41.0464 3748 ehdrv - ok 19:22:41.0503 3748 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 19:22:41.0505 3748 elxstor - ok 19:22:41.0526 3748 epfwwfpr (954fade8e59f159b0a71d0cfcc99a76e) C:\Windows\system32\DRIVERS\epfwwfpr.sys 19:22:41.0527 3748 epfwwfpr - ok 19:22:41.0547 3748 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 19:22:41.0560 3748 ErrDev - ok 19:22:41.0606 3748 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 19:22:41.0607 3748 exfat - ok 19:22:41.0628 3748 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 19:22:41.0653 3748 fastfat - ok 19:22:41.0679 3748 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 19:22:41.0679 3748 fdc - ok 19:22:41.0702 3748 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 19:22:41.0703 3748 FileInfo - ok 19:22:41.0713 3748 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 19:22:41.0714 3748 Filetrace - ok 19:22:41.0722 3748 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 19:22:41.0723 3748 flpydisk - ok 19:22:41.0768 3748 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 19:22:41.0770 3748 FltMgr - ok 19:22:41.0822 3748 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 19:22:41.0823 3748 FsDepends - ok 19:22:41.0842 3748 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 19:22:41.0853 3748 Fs_Rec - ok 19:22:41.0894 3748 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 19:22:41.0896 3748 fvevol - ok 19:22:41.0906 3748 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 19:22:41.0907 3748 gagp30kx - ok 19:22:41.0973 3748 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:22:41.0973 3748 GEARAspiWDM - ok 19:22:42.0015 3748 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 19:22:42.0016 3748 hcw85cir - ok 19:22:42.0050 3748 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 19:22:42.0050 3748 HDAudBus - ok 19:22:42.0074 3748 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 19:22:42.0075 3748 HECIx64 - ok 19:22:42.0098 3748 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 19:22:42.0099 3748 HidBatt - ok 19:22:42.0110 3748 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 19:22:42.0111 3748 HidBth - ok 19:22:42.0140 3748 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 19:22:42.0141 3748 HidIr - ok 19:22:42.0164 3748 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 19:22:42.0164 3748 HidUsb - ok 19:22:42.0194 3748 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 19:22:42.0195 3748 HpSAMD - ok 19:22:42.0242 3748 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 19:22:42.0249 3748 HTTP - ok 19:22:42.0311 3748 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 19:22:42.0338 3748 hwpolicy - ok 19:22:42.0369 3748 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 19:22:42.0370 3748 i8042prt - ok 19:22:42.0391 3748 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys 19:22:42.0396 3748 iaStor - ok 19:22:42.0444 3748 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 19:22:42.0448 3748 iaStorV - ok 19:22:42.0507 3748 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 19:22:42.0510 3748 iirsp - ok 19:22:42.0622 3748 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys 19:22:42.0630 3748 IntcAzAudAddService - ok 19:22:42.0663 3748 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys 19:22:42.0664 3748 IntcDAud - ok 19:22:42.0681 3748 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 19:22:42.0681 3748 intelide - ok 19:22:42.0722 3748 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 19:22:42.0723 3748 intelppm - ok 19:22:42.0780 3748 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:22:42.0781 3748 IpFilterDriver - ok 19:22:42.0823 3748 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 19:22:42.0825 3748 IPMIDRV - ok 19:22:42.0845 3748 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 19:22:42.0846 3748 IPNAT - ok 19:22:42.0903 3748 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 19:22:42.0903 3748 IRENUM - ok 19:22:42.0928 3748 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 19:22:42.0929 3748 isapnp - ok 19:22:42.0947 3748 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 19:22:42.0948 3748 iScsiPrt - ok 19:22:42.0975 3748 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys 19:22:42.0976 3748 k57nd60a - ok 19:22:42.0995 3748 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 19:22:42.0995 3748 kbdclass - ok 19:22:43.0020 3748 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 19:22:43.0020 3748 kbdhid - ok 19:22:43.0042 3748 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 19:22:43.0042 3748 KSecDD - ok 19:22:43.0079 3748 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 19:22:43.0080 3748 KSecPkg - ok 19:22:43.0098 3748 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 19:22:43.0098 3748 ksthunk - ok 19:22:43.0161 3748 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 19:22:43.0162 3748 lltdio - ok 19:22:43.0212 3748 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 19:22:43.0213 3748 LSI_FC - ok 19:22:43.0228 3748 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 19:22:43.0229 3748 LSI_SAS - ok 19:22:43.0249 3748 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:22:43.0250 3748 LSI_SAS2 - ok 19:22:43.0286 3748 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:22:43.0288 3748 LSI_SCSI - ok 19:22:43.0306 3748 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 19:22:43.0308 3748 luafv - ok 19:22:43.0361 3748 Lycosa (beb897ce49f7c991845d3aea0d298e53) C:\Windows\system32\drivers\Lycosa.sys 19:22:43.0362 3748 Lycosa - ok 19:22:43.0416 3748 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 19:22:43.0417 3748 megasas - ok 19:22:43.0477 3748 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 19:22:43.0511 3748 MegaSR - ok 19:22:43.0538 3748 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 19:22:43.0540 3748 Modem - ok 19:22:43.0561 3748 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 19:22:43.0571 3748 monitor - ok 19:22:43.0613 3748 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 19:22:43.0616 3748 mouclass - ok 19:22:43.0632 3748 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 19:22:43.0634 3748 mouhid - ok 19:22:43.0679 3748 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 19:22:43.0704 3748 mountmgr - ok 19:22:43.0744 3748 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 19:22:43.0753 3748 mpio - ok 19:22:43.0778 3748 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 19:22:43.0789 3748 mpsdrv - ok 19:22:43.0860 3748 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS 19:22:43.0863 3748 MREMP50 - ok 19:22:43.0895 3748 MREMP50a64 - ok 19:22:43.0900 3748 MREMPR5 - ok 19:22:43.0905 3748 MRENDIS5 - ok 19:22:43.0938 3748 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS 19:22:43.0940 3748 MRESP50 - ok 19:22:43.0946 3748 MRESP50a64 - ok 19:22:43.0990 3748 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 19:22:43.0992 3748 MRxDAV - ok 19:22:44.0025 3748 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:22:44.0028 3748 mrxsmb - ok 19:22:44.0071 3748 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:22:44.0102 3748 mrxsmb10 - ok 19:22:44.0133 3748 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:22:44.0144 3748 mrxsmb20 - ok 19:22:44.0180 3748 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 19:22:44.0208 3748 msahci - ok 19:22:44.0226 3748 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 19:22:44.0237 3748 msdsm - ok 19:22:44.0256 3748 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 19:22:44.0257 3748 Msfs - ok 19:22:44.0275 3748 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 19:22:44.0276 3748 mshidkmdf - ok 19:22:44.0288 3748 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 19:22:44.0300 3748 msisadrv - ok 19:22:44.0340 3748 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 19:22:44.0341 3748 MSKSSRV - ok 19:22:44.0368 3748 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 19:22:44.0370 3748 MSPCLOCK - ok 19:22:44.0391 3748 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 19:22:44.0401 3748 MSPQM - ok 19:22:44.0477 3748 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 19:22:44.0482 3748 MsRPC - ok 19:22:44.0515 3748 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 19:22:44.0516 3748 mssmbios - ok 19:22:44.0532 3748 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 19:22:44.0533 3748 MSTEE - ok 19:22:44.0546 3748 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 19:22:44.0547 3748 MTConfig - ok 19:22:44.0573 3748 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 19:22:44.0601 3748 Mup - ok 19:22:44.0643 3748 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 19:22:44.0668 3748 NativeWifiP - ok 19:22:44.0717 3748 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 19:22:44.0751 3748 NDIS - ok 19:22:44.0792 3748 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 19:22:44.0811 3748 NdisCap - ok 19:22:44.0841 3748 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 19:22:44.0842 3748 NdisTapi - ok 19:22:44.0882 3748 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 19:22:44.0884 3748 Ndisuio - ok 19:22:44.0936 3748 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 19:22:44.0961 3748 NdisWan - ok 19:22:45.0014 3748 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 19:22:45.0052 3748 NDProxy - ok 19:22:45.0065 3748 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 19:22:45.0076 3748 NetBIOS - ok 19:22:45.0118 3748 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 19:22:45.0143 3748 NetBT - ok 19:22:45.0180 3748 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 19:22:45.0201 3748 nfrd960 - ok 19:22:45.0212 3748 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 19:22:45.0222 3748 Npfs - ok 19:22:45.0259 3748 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 19:22:45.0286 3748 nsiproxy - ok 19:22:45.0360 3748 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 19:22:45.0389 3748 Ntfs - ok 19:22:45.0402 3748 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 19:22:45.0412 3748 Null - ok 19:22:45.0446 3748 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 19:22:45.0459 3748 nvraid - ok 19:22:45.0492 3748 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 19:22:45.0514 3748 nvstor - ok 19:22:45.0548 3748 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 19:22:45.0559 3748 nv_agp - ok 19:22:45.0589 3748 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 19:22:45.0602 3748 ohci1394 - ok 19:22:45.0667 3748 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 19:22:45.0681 3748 Parport - ok 19:22:45.0711 3748 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 19:22:45.0727 3748 partmgr - ok 19:22:45.0769 3748 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 19:22:45.0791 3748 pci - ok 19:22:45.0800 3748 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 19:22:45.0810 3748 pciide - ok 19:22:45.0834 3748 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 19:22:45.0846 3748 pcmcia - ok 19:22:45.0865 3748 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 19:22:45.0891 3748 pcw - ok 19:22:45.0913 3748 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 19:22:45.0926 3748 PEAUTH - ok 19:22:45.0983 3748 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 19:22:46.0012 3748 PptpMiniport - ok 19:22:46.0027 3748 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 19:22:46.0038 3748 Processor - ok 19:22:46.0078 3748 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 19:22:46.0092 3748 Psched - ok 19:22:46.0120 3748 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 19:22:46.0132 3748 PxHlpa64 - ok 19:22:46.0181 3748 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 19:22:46.0188 3748 ql2300 - ok 19:22:46.0230 3748 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 19:22:46.0234 3748 ql40xx - ok 19:22:46.0257 3748 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 19:22:46.0282 3748 QWAVEdrv - ok 19:22:46.0315 3748 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 19:22:46.0341 3748 RasAcd - ok 19:22:46.0365 3748 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 19:22:46.0366 3748 RasAgileVpn - ok 19:22:46.0412 3748 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:22:46.0443 3748 Rasl2tp - ok 19:22:46.0458 3748 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 19:22:46.0460 3748 RasPppoe - ok 19:22:46.0475 3748 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 19:22:46.0486 3748 RasSstp - ok 19:22:46.0522 3748 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 19:22:46.0527 3748 rdbss - ok 19:22:46.0547 3748 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 19:22:46.0587 3748 rdpbus - ok 19:22:46.0613 3748 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:22:46.0614 3748 RDPCDD - ok 19:22:46.0634 3748 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 19:22:46.0635 3748 RDPENCDD - ok 19:22:46.0647 3748 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 19:22:46.0648 3748 RDPREFMP - ok 19:22:46.0681 3748 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 19:22:46.0694 3748 RDPWD - ok 19:22:46.0732 3748 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 19:22:46.0734 3748 rdyboost - ok 19:22:46.0763 3748 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 19:22:46.0775 3748 rspndr - ok 19:22:46.0789 3748 RxFilter - ok 19:22:46.0813 3748 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 19:22:46.0824 3748 sbp2port - ok 19:22:46.0858 3748 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 19:22:46.0871 3748 scfilter - ok 19:22:46.0897 3748 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 19:22:46.0908 3748 secdrv - ok 19:22:46.0932 3748 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 19:22:46.0942 3748 Serenum - ok 19:22:46.0976 3748 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 19:22:47.0013 3748 Serial - ok 19:22:47.0032 3748 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 19:22:47.0042 3748 sermouse - ok 19:22:47.0070 3748 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 19:22:47.0081 3748 sffdisk - ok 19:22:47.0088 3748 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 19:22:47.0099 3748 sffp_mmc - ok 19:22:47.0125 3748 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 19:22:47.0126 3748 sffp_sd - ok 19:22:47.0140 3748 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 19:22:47.0150 3748 sfloppy - ok 19:22:47.0167 3748 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:22:47.0187 3748 SiSRaid2 - ok 19:22:47.0223 3748 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 19:22:47.0234 3748 SiSRaid4 - ok 19:22:47.0262 3748 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 19:22:47.0264 3748 Smb - ok 19:22:47.0298 3748 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 19:22:47.0310 3748 spldr - ok 19:22:47.0347 3748 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 19:22:47.0374 3748 srv - ok 19:22:47.0391 3748 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 19:22:47.0403 3748 srv2 - ok 19:22:47.0424 3748 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 19:22:47.0426 3748 srvnet - ok 19:22:47.0472 3748 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 19:22:47.0473 3748 stexstor - ok 19:22:47.0518 3748 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 19:22:47.0542 3748 swenum - ok 19:22:47.0630 3748 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 19:22:47.0638 3748 Tcpip - ok 19:22:47.0689 3748 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 19:22:47.0697 3748 TCPIP6 - ok 19:22:47.0738 3748 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 19:22:47.0739 3748 tcpipreg - ok 19:22:47.0763 3748 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 19:22:47.0778 3748 TDPIPE - ok 19:22:47.0792 3748 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 19:22:47.0800 3748 TDTCP - ok 19:22:47.0843 3748 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 19:22:47.0870 3748 tdx - ok 19:22:47.0930 3748 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys 19:22:47.0933 3748 teamviewervpn - ok 19:22:47.0949 3748 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 19:22:47.0966 3748 TermDD - ok 19:22:48.0025 3748 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:22:48.0027 3748 tssecsrv - ok 19:22:48.0081 3748 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 19:22:48.0119 3748 TsUsbFlt - ok 19:22:48.0137 3748 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 19:22:48.0148 3748 tunnel - ok 19:22:48.0187 3748 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 19:22:48.0205 3748 uagp35 - ok 19:22:48.0242 3748 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 19:22:48.0246 3748 udfs - ok 19:22:48.0277 3748 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 19:22:48.0296 3748 uliagpkx - ok 19:22:48.0315 3748 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 19:22:48.0328 3748 umbus - ok 19:22:48.0355 3748 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 19:22:48.0366 3748 UmPass - ok 19:22:48.0423 3748 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 19:22:48.0434 3748 USBAAPL64 - ok 19:22:48.0457 3748 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 19:22:48.0468 3748 usbaudio - ok 19:22:48.0507 3748 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 19:22:48.0518 3748 usbccgp - ok 19:22:48.0538 3748 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 19:22:48.0539 3748 usbcir - ok 19:22:48.0564 3748 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 19:22:48.0591 3748 usbehci - ok 19:22:48.0625 3748 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 19:22:48.0636 3748 usbhub - ok 19:22:48.0670 3748 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 19:22:48.0680 3748 usbohci - ok 19:22:48.0703 3748 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 19:22:48.0720 3748 usbprint - ok 19:22:48.0753 3748 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 19:22:48.0754 3748 usbscan - ok 19:22:48.0773 3748 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:22:48.0774 3748 USBSTOR - ok 19:22:48.0791 3748 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 19:22:48.0792 3748 usbuhci - ok 19:22:48.0824 3748 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 19:22:48.0849 3748 vdrvroot - ok 19:22:48.0878 3748 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 19:22:48.0879 3748 vga - ok 19:22:48.0902 3748 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 19:22:48.0912 3748 VgaSave - ok 19:22:48.0953 3748 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 19:22:48.0981 3748 vhdmp - ok 19:22:49.0005 3748 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 19:22:49.0016 3748 viaide - ok 19:22:49.0059 3748 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys 19:22:49.0095 3748 VKbms - ok 19:22:49.0133 3748 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 19:22:49.0154 3748 volmgr - ok 19:22:49.0198 3748 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 19:22:49.0200 3748 volmgrx - ok 19:22:49.0217 3748 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 19:22:49.0235 3748 volsnap - ok 19:22:49.0267 3748 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 19:22:49.0279 3748 vsmraid - ok 19:22:49.0296 3748 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 19:22:49.0307 3748 vwifibus - ok 19:22:49.0337 3748 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 19:22:49.0339 3748 vwififlt - ok 19:22:49.0362 3748 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 19:22:49.0363 3748 WacomPen - ok 19:22:49.0388 3748 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:22:49.0399 3748 WANARP - ok 19:22:49.0403 3748 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:22:49.0404 3748 Wanarpv6 - ok 19:22:49.0435 3748 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 19:22:49.0436 3748 Wd - ok 19:22:49.0462 3748 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 19:22:49.0465 3748 Wdf01000 - ok 19:22:49.0527 3748 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 19:22:49.0551 3748 WfpLwf - ok 19:22:49.0560 3748 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 19:22:49.0570 3748 WIMMount - ok 19:22:49.0642 3748 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 19:22:49.0666 3748 WinUsb - ok 19:22:49.0698 3748 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 19:22:49.0709 3748 WmiAcpi - ok 19:22:49.0756 3748 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 19:22:49.0778 3748 ws2ifsl - ok 19:22:49.0822 3748 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 19:22:49.0833 3748 WudfPf - ok 19:22:49.0855 3748 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:22:49.0867 3748 WUDFRd - ok 19:22:49.0934 3748 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0 19:22:49.0948 3748 \Device\Harddisk0\DR0 - ok 19:22:49.0955 3748 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5 19:22:54.0020 3748 \Device\Harddisk5\DR5 - ok 19:22:54.0028 3748 Boot (0x1200) (f88c2e6e89f4aa7ade0d235419c829e5) \Device\Harddisk0\DR0\Partition0 19:22:54.0030 3748 \Device\Harddisk0\DR0\Partition0 - ok 19:22:54.0076 3748 Boot (0x1200) (cb124c6cc632f1468483dbed9b38774c) \Device\Harddisk0\DR0\Partition1 19:22:54.0077 3748 \Device\Harddisk0\DR0\Partition1 - ok 19:22:54.0083 3748 Boot (0x1200) (a6477baf026c0f6683cb4b5ba56c999d) \Device\Harddisk5\DR5\Partition0 19:22:54.0085 3748 \Device\Harddisk5\DR5\Partition0 - ok 19:22:54.0087 3748 ============================================================ 19:22:54.0087 3748 Scan finished 19:22:54.0087 3748 ============================================================ 19:22:54.0105 0216 Detected object count: 0 19:22:54.0105 0216 Actual detected object count: 0 aswMBR keeps finding the same thing every time i run the scan. What can I do to fix this? :wacko:

Here is the DDS log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30 Run by YoonJoo at 20:22:56 on 2011-12-17 Microsoft Windows 7 Home Premium 6.1.7601.1.949.82.1033.18.8151.5623 [GMT -8:00] . AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Program Files (x86)\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Desktop.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE c:\program files (x86)\teamviewer\version6\TeamViewer.exe C:\Windows\system32\taskhost.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\System32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\YoonJoo\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version6\tv_x64.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.att.net mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [PlayNC Launcher] uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [MouseTrayProfile] rundll32.exe "C:\ProgramData\MouseTrayProfile.dll",DllRegisterServer mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart mRun: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\YoonJoo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\YoonJoo\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UPDATE~1.LNK - C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL LSP: pcapwsp.dll LSP: mswsock.dll DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{90D72A89-52C7-4F14-A347-BA77261ED5FD} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{90D72A89-52C7-4F14-A347-BA77261ED5FD}\2375942554634353 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{90D72A89-52C7-4F14-A347-BA77261ED5FD}\95F4F4E4A4F4F4D20534F5E4564777F627B6F513 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{90D72A89-52C7-4F14-A347-BA77261ED5FD}\C696E6B6379737 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{90D72A89-52C7-4F14-A347-BA77261ED5FD}\C696E6B637973795 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C3CBD79A-B270-4A87-9E12-1796FBC5AFF7} : DhcpNameServer = 192.168.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\YoonJoo\AppData\Roaming\Mozilla\Firefox\Profiles\lk195t5c.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: XUL Cache: {ccc0c04b-eee2-421b-a7b2-008e79a69653} - %profile%\extensions\{ccc0c04b-eee2-421b-a7b2-008e79a69653} . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-12 13336] R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-9-14 517632] R2 pcapsvc;ProxyCap Service;C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe [2010-9-18 635904] R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-5-7 2280312] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?] R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?] R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?] S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?] S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?] S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] . =============== Created Last 30 ================ . 2011-12-17 21:15:46 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{E083783C-D21F-4B3D-9978-53CE0C6980C2} 2011-12-17 21:15:35 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{5B189555-EAA3-499B-BE6B-C3893A393D09} 2011-12-17 09:30:07 -------- d-----we C:\Windows\system64 2011-12-17 09:15:10 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{AF4025FF-9834-4B8C-9008-22491D215EDE} 2011-12-17 09:14:59 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{C3B5C83A-8272-4F3A-B067-9EBAFD01CF22} 2011-12-17 03:10:35 103936 ----a-w- C:\ProgramData\MouseTrayProfile.dll 2011-12-16 21:14:35 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{7776AA93-AC82-4585-A5C4-341AF0B2B2B8} 2011-12-16 09:14:12 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{A4D5CDF0-2B24-4FBF-AA17-1D78891E491D} 2011-12-15 21:13:49 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{6416BB0F-B486-4CD1-8546-DE299A829FE1} 2011-12-15 09:13:26 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{A0B2420D-CEC8-4131-BC7E-B87592389DF5} 2011-12-14 21:13:03 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{FE7F8A49-F595-404C-BEB1-6A88DFD00486} 2011-12-14 09:17:58 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{54CD4D1A-0C9E-49ED-89ED-92D4377EE74D}\mpengine.dll 2011-12-14 09:14:12 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2011-12-14 09:14:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-12-14 09:14:08 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-12-14 09:13:57 3145216 ----a-w- C:\Windows\System32\win32k.sys 2011-12-14 09:13:56 723456 ----a-w- C:\Windows\System32\EncDec.dll 2011-12-14 09:13:56 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2011-12-13 21:15:44 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{60507C14-DFF3-4BDE-B2BE-5739DC3472FB} 2011-12-13 09:15:21 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{82156114-B494-458A-B4BC-A70765635285} 2011-12-12 21:14:58 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{A4EB0620-846E-4F67-BA36-8C9829B4F13C} 2011-12-12 09:14:35 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{070E9DBC-70E6-4345-83BA-6EA1BB953AC3} 2011-12-11 21:14:13 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{81A8E0F9-1540-4163-A230-8AE335C2ACC9} 2011-12-11 09:13:50 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{5DA40B57-F39E-45D3-887D-00FBE4681A45} 2011-12-10 21:13:27 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{52DB551A-9F5C-44F3-9340-96F17D10C955} 2011-12-10 09:13:04 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{4071473F-987B-49E1-92F0-3C815EE3B2D9} 2011-12-10 09:12:52 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{8C6FFCE4-FA88-40FF-82B5-689B2C2932F4} 2011-12-09 21:12:28 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{BDB21E54-D8C6-4124-AAFE-735EE3685083} 2011-12-09 21:12:17 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{E2E923C4-CF46-49C6-920D-F508830FFF5F} 2011-12-09 02:12:45 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{5598A5D5-26D7-4BE2-BD93-E62F67AD2189} 2011-12-09 02:12:34 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{84BF0A36-8AF2-4C9E-9B0D-7A8B2F536CB4} 2011-12-08 14:12:22 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{DA0674DE-C076-47BB-8CB4-642EE77F761E} 2011-12-08 14:12:11 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{69291A88-234A-4493-8062-DF81E259A190} 2011-12-08 02:11:59 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{131E471E-3530-449E-8C50-37BB43D0E9C2} 2011-12-08 02:11:47 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{CD44B5BD-B573-4ABF-B17A-2B3C2DC97691} 2011-12-07 07:58:13 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{F0BA512D-108F-4E42-AEA7-AB6D019F6359} 2011-12-07 07:58:02 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{09204A0E-9145-4472-ABE9-ED3F8A13F314} 2011-12-06 19:57:50 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{30BAD2CA-03C0-494F-9C99-EC421FE4CE01} 2011-12-06 19:57:39 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{76EB91B7-AF33-4BB9-83C7-C1826D330F3E} 2011-12-06 07:55:22 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{8FBE7515-A647-4926-B883-427EFC06895E} 2011-12-06 07:55:09 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{2A7C6C12-EE7C-4BB8-851F-FD6869D18FC6} 2011-11-28 08:39:43 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{48D77A92-5ED8-47B1-A8CF-1F7B5F5839DA} 2011-11-28 08:39:32 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{D7DB03BE-E0E3-43FA-BC81-B1683331EAB6} 2011-11-28 08:09:39 -------- d-----w- C:\Program Files\iTunes 2011-11-28 08:09:39 -------- d-----w- C:\Program Files\iPod 2011-11-28 08:09:39 -------- d-----w- C:\Program Files (x86)\iTunes 2011-11-28 07:59:52 -------- d-----w- C:\Program Files\Bonjour 2011-11-28 07:59:52 -------- d-----w- C:\Program Files (x86)\Bonjour 2011-11-27 20:39:19 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{7CEDDD13-3993-4404-9F5B-2ABC77A131BB} 2011-11-27 20:39:08 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{E0D15F08-B59F-467D-A2BE-99C8DA983178} 2011-11-27 08:38:56 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{EC1399BA-E7BC-4B93-9D3D-B4774DA91657} 2011-11-27 08:38:45 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{12803B84-1DF7-4A2C-B67F-A92A93ABE4C3} 2011-11-26 20:38:33 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{08F35ECD-472D-4CC8-8E3E-C1DDE83D2C5A} 2011-11-26 08:38:11 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{48F93127-547B-4924-885C-92B7B86718D9} 2011-11-26 08:37:59 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{E453C880-8436-41DA-91DD-5A2702788862} 2011-11-25 20:37:35 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{F9C7EDF2-CC15-4DC7-A9B4-D9C8A5E59C6D} 2011-11-25 20:37:24 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{FFA79264-9508-48B9-8FBF-3C44C928EC68} 2011-11-24 22:27:04 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{E277DD48-56B2-4862-BB2D-9262C2D0C679} 2011-11-24 22:26:53 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{D9122B74-0B01-43A2-9BEC-3FD665AAB899} 2011-11-22 17:49:35 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{C7E12FEA-39B9-4C14-B51C-662EBE92EAE6} 2011-11-22 17:49:24 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{48786BD5-DD48-433B-ACD9-E052E78B2864} 2011-11-22 16:47:09 -------- d-----w- C:\Users\YoonJoo\AppData\Local\ESET 2011-11-22 05:49:12 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{91DE0FD7-162E-44C4-91F3-4A4613364C41} 2011-11-21 10:09:55 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{EEF47172-0FD2-4EFA-A86E-0D8D994D71E0} 2011-11-21 10:09:44 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{BC502A51-FCC6-41F4-9B59-BF74CE413CD5} 2011-11-20 22:09:32 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{E811FC72-7B3B-4E6D-B4D2-A6E0A6D72616} 2011-11-20 22:09:21 -------- d-----w- C:\Users\YoonJoo\AppData\Local\{C396827D-60C2-429D-B4FC-9FD8C4F3BEF7} 2011-11-20 12:44:17 -------- d-----r- C:\Program Files (x86)\Skype 2011-11-18 23:09:14 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-11-18 23:08:59 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2011-11-18 23:08:59 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-11-18 23:08:58 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-11-18 23:08:58 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2011-11-18 23:08:53 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll 2011-11-18 23:08:53 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll 2011-11-18 23:08:51 861696 ----a-w- C:\Windows\System32\oleaut32.dll 2011-11-18 23:08:51 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-11-18 23:08:51 331776 ----a-w- C:\Windows\System32\oleacc.dll 2011-11-18 23:08:51 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll . ==================== Find3M ==================== . 2011-11-18 23:28:08 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-15 22:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-11-10 13:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll 2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts . ============= FINISH: 20:23:14.30 =============== My firefox keeps opening wierd pop up tabs on top of every other exasperating thing that is going on. Please help!

Attached Files

Attach.txt 13.48KB 363 downloads

Advertisements

Register to Remove

#2 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 18 December 2011 - 09:49 AM

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.
----------

Please go to BleepingComputer and let them know that you are being helped here and to close that log out so that two helpers are not working on the same computer. Thanks you.

----------

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

It looks as if you have the ZeroAccess Rootkit on your system. It is an extremely nasty piece of malware that may take quite some time to remove depending on how it has infected your system. During the cleaning (if you choose to do so) you may even lose your internet access.

If you would like to format and reinstall your Operating System please let me know and I can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.

----------

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

-------------

If you have chosen to continue with the cleaning please post the log created by ComboFix. If you have chosen to reinstall your operating system I can guide you to the best place for help with that as well...just let me know.

#3 tofu1004

Authentic Member

Authentic Member
21 posts

Posted 18 December 2011 - 09:33 PM

Do I need to change all of the passwords to my e-mail accounts? I was being really dumb and I had accessed many of my financial institution web sites on the infected pc. I've changed the passwords now but that sent out an e-mail for confirmation and such. Also, I couldn't disable my antivirus: ESET NOD32 Antivirus 4.2.71.2 I followed the link you provided but it didn't list ESET on the page. I'm starting to feel like maybe it'd be best if I reformat everything... :wall:

I've never done this before and I don't know where any of the disks that came with the computer are now. What do I do now?

#4 tofu1004

Authentic Member

Authentic Member
21 posts

Posted 19 December 2011 - 01:25 AM

Okay, I ran the combo fix then I stepped away for a moment. When I came back to the PC it was at the Windows login screen. Upon logging back in, I saw an error message window.

"IASorIcon.exe - Application Error
Application has generated an exception that could not be handled. Process ID=0xb24 (2852), Thread ID=0xb38 (2872). Click OK to terminate the application. Click CANCEL to debug the application."

I have attached a screen shot of my desktop showing that error message.

Below is the combo fix log:

ComboFix 11-12-18.02 - YoonJoo 8/2011 Sun 22:51:48.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.949.82.1033.18.8151.6214 [GMT -8:00]
Running from: c:\users\YoonJoo\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ESET\MiNODLogin
c:\program files (x86)\ESET\MiNODLogin\MiNODLogin.jar
c:\program files (x86)\ESET\MiNODLogin\MiNODLoginLib.dll
c:\program files (x86)\ESET\MiNODLogin\servidores.xml
c:\programdata\MouseTrayProfile.dll
c:\users\YoonJoo\AppData\Local\assembly\tmp
c:\users\YoonJoo\AppData\Roaming\Mozilla\Firefox\Profiles\lk195t5c.default\extensions\{ccc0c04b-eee2-421b-a7b2-008e79a69653}
c:\users\YoonJoo\AppData\Roaming\Mozilla\Firefox\Profiles\lk195t5c.default\extensions\{ccc0c04b-eee2-421b-a7b2-008e79a69653}\chrome.manifest
c:\users\YoonJoo\AppData\Roaming\Mozilla\Firefox\Profiles\lk195t5c.default\extensions\{ccc0c04b-eee2-421b-a7b2-008e79a69653}\chrome\xulcache.jar
c:\users\YoonJoo\AppData\Roaming\Mozilla\Firefox\Profiles\lk195t5c.default\extensions\{ccc0c04b-eee2-421b-a7b2-008e79a69653}\defaults\preferences\xulcache.js
c:\users\YoonJoo\AppData\Roaming\Mozilla\Firefox\Profiles\lk195t5c.default\extensions\{ccc0c04b-eee2-421b-a7b2-008e79a69653}\install.rdf
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\CBUTTON.OCX
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-19 06:55 . 2011-12-19 06:55 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-12-19 06:55 . 2011-12-19 06:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-17 13:45 . 2011-12-17 13:45 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-14 09:17 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54CD4D1A-0C9E-49ED-89ED-92D4377EE74D}\mpengine.dll
2011-12-14 09:14 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 09:14 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 09:14 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 09:13 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 09:13 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 09:13 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-11-28 08:09 . 2011-11-28 08:10 -------- d-----w- c:\program files\iTunes
2011-11-28 08:09 . 2011-11-28 08:10 -------- d-----w- c:\program files (x86)\iTunes
2011-11-28 08:09 . 2011-11-28 08:09 -------- d-----w- c:\program files\iPod
2011-11-28 08:04 . 2011-11-28 08:04 -------- d-----w- c:\program files (x86)\Safari
2011-11-28 07:59 . 2011-11-28 07:59 -------- d-----w- c:\program files\Bonjour
2011-11-28 07:59 . 2011-11-28 07:59 -------- d-----w- c:\program files (x86)\Bonjour
2011-11-22 16:47 . 2011-11-22 16:47 -------- d-----w- c:\users\YoonJoo\AppData\Local\ESET
2011-11-20 12:44 . 2011-12-19 06:59 -------- d-----w- c:\users\YoonJoo\AppData\Roaming\Skype
2011-11-20 12:44 . 2011-11-20 12:44 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-11-20 12:44 . 2011-11-20 12:44 -------- d-----r- c:\program files (x86)\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 23:28 . 2011-06-17 05:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 22:29 . 2011-05-08 01:30 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-10 13:54 . 2011-05-08 04:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-09-29 16:29 . 2011-11-18 23:09 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-21 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19979400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-19 98304]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\YoonJoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Update ESET's license.lnk - c:\program files (x86)\ESET\MiNODLogin\MiNODLogin.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]
S2 pcapsvc;ProxyCap Service;c:\program files\Proxy Labs\ProxyCap\pcapsvc.exe [2010-09-19 635904]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
"ProxyCap"="c:\progra~1\PROXYL~1\ProxyCap\pcapui.exe" [2010-09-19 689664]
"combofix"="c:\combofix\CF8901.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.att.net
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: pcapwsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\YoonJoo\AppData\Roaming\Mozilla\Firefox\Profiles\lk195t5c.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-MouseTrayProfile - c:\programdata\MouseTrayProfile.dll
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version6\tv_w32.exe
c:\program files (x86)\Razer\Razer Lycosa\razertra.exe
.
**************************************************************************
.
Completion time: 2011-12-18 23:02:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-19 07:02
.
Pre-Run: 737,093,091,328 bytes free
Post-Run: 736,851,685,376 bytes free
.
- - End Of File - - E374BB30B2788C5DC784E3D06A2A1365

Attached Thumbnails

#5 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 19 December 2011 - 06:51 AM

Hi,

Upon logging back in, I saw an error message window.

Thanks for letting me know.

-------------

Do I need to change all of the passwords to my e-mail accounts?

Yes, I would change all passwords to anything you have to be on the safe side. Be sure to do it from a clean computer.
-------------

Please download SystemLook from the link below and save it to your Desktop.
Download Mirror

Right-click and Run as Administrator SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
```
:filefind
*consrv.dll
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
----------

I see that you have Malwarebytes on your system. Please open Malwarebytes, update it and then run a Quick Scan. Please save the log that is created for your next reply.
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.

Do not use this instance of your browser for anything besides doing this scan
When the scan is complete and the results saved, close that instance of your browser
Open a new one the usual way and post the results in this topic.

Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the Start button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the Back button.
Push Finish

http://www.eset.com/onlinescan/
----------

In your next reply please post the logs created by SystemLook, Malwarebytes and ESET online scanner.

#6 tofu1004

Authentic Member

Authentic Member
21 posts

Posted 19 December 2011 - 06:50 PM

I found the re-installation DVD's! I had to look all day but I found them! You were saying that reformat is the only way to be 100% sure?

#7 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 19 December 2011 - 07:00 PM

Hi,

You were saying that reformat is the only way to be 100% sure?

Yes that is true. So far I am feeling pretty good about how this is going though. We could continue with the cleaning or if you wish format and reinstall. Just let me know.

#8 tofu1004

Authentic Member

Authentic Member
21 posts

Posted 20 December 2011 - 01:17 AM

Here is the log from SystemLook: SystemLook 27.08.10 by jpshortstuff Log created at 21:34 on 19/12/2011 by YoonJoo Administrator - Elevation successful ========== filefind ========== Searching for "*consrv.dll" No files found. -= EOF =- Here is the log from MalwareBytes: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8400 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 12/19/2011 9:37:38 PM mbam-log-2011-12-19 (21-37-38).txt Scan type: Quick scan Objects scanned: 198513 Time elapsed: 1 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I have attached the scan log from the ESET online scan. Once we clean the pc through these methods, does it mean it'll be a 100% clean and I can trust it again? :huh:

Attached Files

ESETscan.txt 469bytes 284 downloads

#9 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 20 December 2011 - 07:00 AM

Hi tofu1004,

Once we clean the pc through these methods, does it mean it'll be a 100% clean and I can trust it again?

I wouldn't tell you your computer could be trusted 100% even if it were a simple virus but the way this seems to be working out and after passwords are changed on all of your accounts, I would feel very confident. If you are wanting 100% certain you should go ahead and format and re-install your operating system.

If you would like to continue please do the following...

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

File::
C:\Windows\assembly\temp\U\80000032.@

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

How is your system running now?

#10 tofu1004

Authentic Member

Authentic Member
21 posts

Posted 20 December 2011 - 08:17 PM

I disabled all the protection on ESET NOD32 but the combofix tells me that it's still active..what should I do? I've attached a screen shot to show the disabled ESET window and the combofix window. :scratch:

Attached Thumbnails

Advertisements

Register to Remove

#11 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 21 December 2011 - 05:49 AM

Hi tofu1004, You should be fine to go ahead and run ComboFix. If the warning pops up again just continue. :thumbup:

#12 tofu1004

Authentic Member

Authentic Member
21 posts

Posted 21 December 2011 - 11:04 AM

While running ComboFix, it asked me if I want to update to a newer version of ComboFix that is available. Should I update then run it?

#13 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 21 December 2011 - 12:29 PM

Yes that is fine.

#14 tofu1004

Authentic Member

Authentic Member
21 posts

Posted 21 December 2011 - 01:26 PM

Here is the new ComboFix log: ComboFix 11-12-21.02 - YoonJoo 1/2011 Wed 11:19:32.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.949.82.1033.18.8151.6366 [GMT -8:00] Running from: c:\users\YoonJoo\Desktop\ComboFix.exe Command switches used :: c:\users\YoonJoo\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\windows\assembly\temp\U\80000032.@" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\assembly\temp\U\80000032.@ c:\windows\system32\java.exe . . ((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 ))))))))))))))))))))))))))))))) . . 2011-12-21 19:23 . 2011-12-21 19:23 -------- d-----w- c:\users\Guest\AppData\Local\temp 2011-12-21 19:23 . 2011-12-21 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-17 13:45 . 2011-12-17 13:45 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-12-14 09:17 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54CD4D1A-0C9E-49ED-89ED-92D4377EE74D}\mpengine.dll 2011-12-14 09:14 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-14 09:14 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll 2011-12-14 09:14 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-12-14 09:13 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-12-14 09:13 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll 2011-12-14 09:13 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-11-28 08:09 . 2011-11-28 08:10 -------- d-----w- c:\program files\iTunes 2011-11-28 08:09 . 2011-11-28 08:10 -------- d-----w- c:\program files (x86)\iTunes 2011-11-28 08:09 . 2011-11-28 08:09 -------- d-----w- c:\program files\iPod 2011-11-28 08:04 . 2011-11-28 08:04 -------- d-----w- c:\program files (x86)\Safari 2011-11-28 07:59 . 2011-11-28 07:59 -------- d-----w- c:\program files\Bonjour 2011-11-28 07:59 . 2011-11-28 07:59 -------- d-----w- c:\program files (x86)\Bonjour 2011-11-22 16:47 . 2011-11-22 16:47 -------- d-----w- c:\users\YoonJoo\AppData\Local\ESET . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-21 17:01 . 2011-06-17 05:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-15 22:29 . 2011-05-08 01:30 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-11-10 13:54 . 2011-05-08 04:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2011-09-29 16:29 . 2011-11-18 23:09 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-12-19_06.58.49 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 05:10 . 2011-12-19 03:22 26960 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-12-21 17:02 26960 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-02-13 11:21 . 2011-12-21 17:02 11246 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1914506856-918884556-3978298607-1000_UserData.bin - 2011-12-19 06:56 . 2011-12-19 06:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-12-21 16:53 . 2011-12-21 16:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-12-21 16:53 . 2011-12-21 16:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-12-19 06:56 . 2011-12-19 06:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-12-21 17:01 . 2011-12-21 17:01 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe + 2011-12-21 17:01 . 2011-12-21 17:01 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll + 2010-02-12 18:26 . 2011-12-21 03:31 349682 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin + 2009-07-14 02:36 . 2011-12-21 16:57 606992 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-12-19 03:27 606992 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-12-21 16:57 103370 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2011-12-19 03:27 103370 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2011-12-19 06:56 429096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-12-21 07:52 429096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-04-27 11:50 . 2011-12-19 06:56 17164748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1914506856-918884556-3978298607-1000-12288.dat + 2011-04-27 11:50 . 2011-12-21 07:52 17164748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1914506856-918884556-3978298607-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-21 1242448] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19979400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696] "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-19 98304] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\users\YoonJoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Update ESET's license.lnk - c:\program files (x86)\ESET\MiNODLogin\MiNODLogin.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux7"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336] S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632] S2 pcapsvc;ProxyCap Service;c:\program files\Proxy Labs\ProxyCap\pcapsvc.exe [2010-09-19 635904] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x] S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\YoonJoo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656] "ProxyCap"="c:\progra~1\PROXYL~1\ProxyCap\pcapui.exe" [2010-09-19 689664] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.att.net mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 LSP: pcapwsp.dll TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\YoonJoo\AppData\Roaming\Mozilla\Firefox\Profiles\lk195t5c.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . Completion time: 2011-12-21 11:24:21 ComboFix-quarantined-files.txt 2011-12-21 19:24 ComboFix2.txt 2011-12-19 07:02 . Pre-Run: 739,141,799,936 bytes free Post-Run: 739,087,720,448 bytes free . - - End Of File - - 16350B8F1B53FCF325C8AD3BBE66FEC3

#15 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 21 December 2011 - 01:39 PM

How is your system running now?

Body Background

skin color theme