Jump to content

Trojan.Win32.Generic!BT - Spyware.Zbot


Recommended Posts

Hi, One of my malware removal tools detected and quarantined the following:

Trojan.Win32.Generic!BT - Malware

unknown - Registry

Win32.Malware!Drop. - Malware

I then ran Malwarebytes and it detected 2 Spyware.Zbot files.

So I am uncertain if I was successful in the removal of this.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2

Run by PC at 18:33:34 on 2012-12-01

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.2012.701 [GMT 8:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATIHBP.EXE

C:\Program Files (x86)\puush\puush.exe

C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Rybicki\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rybicki\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rybicki\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Users\Rybicki\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Mega Manager] C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe /Tray

uRun: [EPSON NX430 TX435 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHBP.EXE /FU "C:\Users\PC\AppData\Local\Temp\E_S7E2.tmp" /EF "HKCU"

uRun: [Google Update] "C:\Users\Rybicki\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [C:\Users\Rybicki\Downloads\LivestreamProcaster.exe] C:\Users\Rybicki\Downloads\LivestreamProcaster.exe /exenoupdates /exelang 0 /prereqs "0"

uRun: [puush] C:\Program Files (x86)\puush\puush.exe

uRun: [upyqpai] C:\Users\Rybicki\AppData\Roaming\Pueny\giam.exe

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"

mRun: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun

mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [Conime] C:\Windows\System32\conime.exe

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{B377F43F-775C-4B19-A889-693D75FE514A} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

x64-Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\h6zd0hbl.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.81\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Rybicki\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\Rybicki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-9-19 69376]

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2009-7-29 200720]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-7-12 219360]

R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2010-7-12 68136]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-14 27136]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-5-17 308592]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2152152]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-7 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-7 676936]

R2 tmpreflt;tmpreflt;C:\Windows\System32\drivers\tmpreflt.sys [2010-9-28 42576]

R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2009-7-29 339984]

R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2009-6-30 411136]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-9-19 17152]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-3 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-12 236544]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-10-14 35840]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-14 411136]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]

S3 TmPfw;Trend Micro Personal Firewall;C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2010-7-12 595960]

S3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-7-12 917768]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-28 1255736]

.

=============== Created Last 30 ================

.

2012-12-01 10:13:26 -------- d-----w- C:\Users\PC\AppData\Local\{AE98EDFD-BC2D-455D-8C5C-21DC3D811150}

2012-11-30 00:17:05 -------- d-----w- C:\Users\PC\AppData\Local\{8B4007C0-618A-433B-A20D-6E89F89DF53D}

2012-11-29 00:24:32 -------- d-----w- C:\Users\PC\AppData\Local\{1DC6CA24-B5F3-45C2-B1D1-D9A040FB5B6C}

2012-11-28 13:47:25 -------- d-----w- C:\Users\PC\AppData\Roaming\Pueny

2012-11-28 13:47:25 -------- d-----w- C:\Users\PC\AppData\Roaming\Ilebm

2012-11-28 13:47:25 -------- d-----w- C:\Users\PC\AppData\Roaming\Ifweug

2012-11-27 01:54:40 -------- d-----w- C:\Users\PC\AppData\Local\{BCE3CDCB-6000-4A4F-B888-3C2670C6B0D3}

2012-11-25 23:28:24 -------- d-----w- C:\Users\PC\AppData\Local\{7B977AAD-6363-4B96-9B7B-B7B450C6F185}

2012-11-25 02:50:31 -------- d-----w- C:\Users\PC\AppData\Local\{A7E9FF47-25E6-4210-8E87-F5B87CFA93E6}

2012-11-24 03:46:00 -------- d-----w- C:\Users\PC\AppData\Local\{64ACF544-4EBF-4B04-9863-727EC8FEFD28}

2012-11-23 11:16:59 -------- d-----w- C:\Users\PC\AppData\Roaming\puush

2012-11-23 11:16:28 -------- d-----w- C:\Program Files (x86)\puush

2012-11-23 01:56:23 -------- d-----w- C:\Users\PC\AppData\Local\{C6F03B08-55C0-4199-891B-CE70AACE3D81}

2012-11-21 23:13:49 -------- d-----w- C:\Users\PC\AppData\Local\{E71310D3-81A1-40D4-BC19-192B30684FBB}

2012-11-20 23:27:26 -------- d-----w- C:\Users\PC\AppData\Local\{0F7DE8F5-7A5B-4B21-B78B-3EA26A87EB43}

2012-11-20 04:18:49 -------- d-----w- C:\Users\PC\AppData\Local\{E2B18092-AB20-4127-949A-C33DDA4391E0}

2012-11-19 02:21:35 -------- d-----w- C:\Users\PC\AppData\Local\{1C699A29-7365-4DC6-A4A3-A68F3329850E}

2012-11-17 23:47:30 -------- d-----w- C:\Users\PC\AppData\Local\{4EC8C9CC-C4FC-45BE-BF64-595597D65A2F}

2012-11-16 19:33:25 -------- d-----w- C:\Users\PC\AppData\Local\{2C4C0DA2-83D4-467D-9440-2F05F758F6BB}

2012-11-16 19:09:38 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-16 19:09:37 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-16 19:09:37 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-16 19:09:37 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-16 02:41:52 3147264 ----a-w- C:\Windows\System32\win32k.sys

2012-11-16 02:41:21 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-11-16 02:41:21 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-11-16 02:22:36 -------- d-----w- C:\Users\PC\AppData\Local\{D698A225-B9C0-4A7F-88EB-4BE5E080BD3C}

2012-11-14 23:07:20 -------- d-----w- C:\Users\PC\AppData\Local\{6006EC8F-8EF8-4584-A0E8-91EFA3D825E4}

2012-11-14 00:06:53 -------- d-----w- C:\Users\PC\AppData\Local\{4BC21F8D-3048-42E7-8D03-4A3265D877F6}

2012-11-13 03:43:35 -------- d-----w- C:\Users\PC\AppData\Local\{D26F3825-1AB5-4ACC-B2FF-46F0803E804A}

2012-11-12 04:18:22 -------- d-----w- C:\Users\PC\AppData\Local\{2F4E2969-F0F8-49B1-9A78-8E4C235B9A18}

2012-11-11 12:47:42 -------- d-----w- C:\Users\PC\AppData\Local\{041267FB-8EB6-4982-86D5-4D263BE62AB7}

2012-11-10 23:56:24 -------- d-----w- C:\Users\PC\AppData\Local\{5191D5E2-3E8F-47D8-BC45-CA22DD669FCF}

2012-11-10 03:23:58 -------- d-----w- C:\Users\PC\AppData\Local\{3DB773DD-2037-48A1-AF5D-4F9556A7C67D}

2012-11-09 15:05:33 -------- d-----w- C:\Users\PC\AppData\Local\{3D2F9E7F-4E4C-4BBB-A787-7FCB41060185}

2012-11-09 14:42:22 -------- d-----w- C:\Users\PC\AppData\Local\{CB773740-4312-4D8E-BC53-C65E57820A79}

2012-11-08 14:48:53 -------- d-----w- C:\Users\PC\AppData\Local\{3CD6261F-2390-4D02-A737-D4E3678084BA}

2012-11-08 05:01:08 -------- d-----w- C:\Users\PC\AppData\Local\{FDAB9DAF-9B2A-44E2-8560-3DE02D4826A6}

2012-11-08 00:40:39 -------- d-----w- C:\Users\PC\AppData\Local\{36BC9308-6F0C-456E-8D47-62DF6D3C5B39}

2012-11-07 03:10:39 -------- d-----w- C:\Users\PC\AppData\Local\{16967F9F-78F5-4FBB-B046-701569E6CD58}

2012-11-06 14:32:55 -------- d-----w- C:\Users\PC\AppData\Local\{4690DFAA-599C-47EB-9A2A-2D55F47D0067}

2012-11-05 21:25:47 -------- d-----w- C:\Users\PC\AppData\Local\{E478FC88-C180-42AA-95FC-25665F3910DF}

2012-11-05 00:56:51 -------- d-----w- C:\Users\PC\AppData\Local\{80FFE92A-9069-46AF-AAC4-86636449A65F}

2012-11-03 23:38:01 -------- d-----w- C:\Users\PC\AppData\Local\{FFC9B78C-3713-4CC3-B349-24AF098BC593}

2012-11-02 22:02:43 -------- d-----w- C:\Users\PC\AppData\Local\{A808C4F3-6E01-487D-8301-4CDBB45B21C4}

2012-11-02 03:19:22 -------- d-----w- C:\Users\PC\AppData\Local\{319B480A-FCB4-437B-A4FB-EE2F6FFBEF90}

.

==================== Find3M ====================

.

2012-12-01 10:12:48 25640 ----a-w- C:\Windows\gdrv.sys

2012-10-16 21:20:49 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 21:20:46 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 20:34:37 559104 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-06 12:42:58 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-06 12:42:58 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-29 11:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-28 05:16:00 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-28 05:15:59 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-09-28 05:15:59 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

.

============= FINISH: 18:34:57.88 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/07/2010 3:43:36 PM

System Uptime: 1/12/2012 6:12:29 PM (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | G41MT-ES2L

Processor: Pentium® Dual-Core CPU E6500 @ 2.93GHz | Socket 775 | 2133/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 371.639 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP212: 8/11/2012 9:41:11 AM - Windows Update

RP213: 16/11/2012 11:21:30 AM - Scheduled Checkpoint

RP214: 17/11/2012 3:00:41 AM - Windows Update

RP215: 23/11/2012 7:15:41 PM - Installed puush

RP216: 28/11/2012 11:38:07 PM - Windows Update

.

==== Installed Programs ======================

.

ABBYY FineReader 9.0 Sprint

Ad-Aware

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin (x64)

Adobe Reader X (10.1.4)

aiofw

aioprnt

aioscnnr

AoA DVD Copy

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Print Creations

ArcSoft Print Creations - Album Page

ArcSoft Print Creations - Funhouse

ArcSoft Print Creations - Greeting Card

ArcSoft Print Creations - Photo Book

ArcSoft Print Creations - Photo Calendar

ArcSoft Print Creations - Scrapbook

ArcSoft Print Creations - Slimline Card

AutoHotkey 1.0.48.05

Basic Operation Guide EPSON NX430 TX435 Series

Bonjour

Browser Configuration Utility

BurnAware Free 3.5

Camtasia Studio 7

CCScore

center

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Download Navigator

e-tax 2012

EasySaver B9.0610.1

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Event Manager

EPSON NX430 TX435 Series Printer Uninstall

EPSON Scan

EPSON TX110 Series Printer Uninstall

EpsonNet Print

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSTOOLS

essvatgt

Free M4a to MP3 Converter 7.0

Freemake Video Converter version 2.2.0

GameRanger

Google Chrome

Google Update Helper

HiJackThis

Intel® Graphics Media Accelerator Driver

iTunes

Java 7 Update 7

Java Auto Updater

JavaFX 2.1.1

KODAK AiO Home Center

Kodak EasyShare software

ksDIP

LG CyberLink LabelPrint

LG CyberLink Power2Go

LG CyberLink PowerBackup

LG CyberLink PowerDVD

LG CyberLink PowerProducer

LG CyberLink YouCam

LG ODD Auto Firmware Update

LG Power Tools

Livestream Procaster

Malwarebytes Anti-Malware version 1.65.1.1000

Maxthon 3

McAfee Security Scan Plus

Mega Manager

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 14.0.1 (x86 en-GB)

Mozilla Maintenance Service

MSVCRT

MSVCRT Redists

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

netbrdg

Network Guide EPSON NX430 TX435 Series

OfotoXMI

Opera 12.01

PCI SoftV92 Modem

PDFill FREE PDF Tools

PreReq

puush

QuickTime

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

SFR

SHASTA

skin0001

SKINXSDK

staticcr

TeamSpeak 3 Client

Trend Micro Internet Security

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

User's Guide EPSON NX430 TX435 Series

VLC media player 1.1.11

VPRINTOL

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.01 (64-bit)

WIRELESS

.

==== Event Viewer Messages From Past Week ========

.

30/11/2012 10:46:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

29/11/2012 10:51:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

26/11/2012 6:22:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

1/12/2012 7:53:36 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Technics and welcome to MalwareBytes forums.

Copy and paste the contents of the last MBAM scan log. It may be found from the Logs tab of MBAM.

Proceed with the following.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. :excl:

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Hi Maurice, thankyou for the reply.

MBAM

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.01.04

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Rybicki :: Rybicki-PC [administrator]

1/12/2012 5:54:01 PM

mbam-log-2012-12-01 (17-54-01).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 225447

Time elapsed: 7 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\Rybicki\AppData\Local\Temp\tmp883d96a0\usacagbau.exe (Spyware.Zbot) -> Quarantined and deleted successfully.

C:\Users\Rybicki\AppData\Local\Temp\tmpccc434fc\usacagbau.exe (Spyware.Zbot) -> Quarantined and deleted successfully.

(end)

ADwCleaner

# AdwCleaner v2.010 - Logfile created 12/01/2012 at 22:58:35

# Updated 29/11/2012 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : Rybicki - Rybicki-PC

# Boot Mode : Normal

# Running from : C:\Users\Rybicki\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\Ask

***** [Registry] *****

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKU\S-1-5-21-2800316101-1893281304-1120784185-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-GB)

Profile name : default

File : C:\Users\Rybicki\AppData\Roaming\Mozilla\Firefox\Profiles\h6zd0hbl.default\prefs.js

Found : user_pref("browser.search.order.1", "Ask.com");

Found : user_pref("browser.search.selectedEngine", "Ask.com");

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Rybicki\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.1.1532.0

File : C:\Users\Rybicki\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1704 octets] - [01/12/2012 22:58:35]

########## EOF - C:\AdwCleaner[R1].txt - [1764 octets] ##########

TDS

23:02:40.0333 2116 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

23:02:41.0472 2116 ============================================================

23:02:41.0472 2116 Current date / time: 2012/12/01 23:02:41.0472

23:02:41.0472 2116 SystemInfo:

23:02:41.0472 2116

23:02:41.0472 2116 OS Version: 6.1.7600 ServicePack: 0.0

23:02:41.0472 2116 Product type: Workstation

23:02:41.0472 2116 ComputerName: Rybicki-PC

23:02:41.0472 2116 UserName: Rybicki

23:02:41.0472 2116 Windows directory: C:\Windows

23:02:41.0472 2116 System windows directory: C:\Windows

23:02:41.0472 2116 Running under WOW64

23:02:41.0472 2116 Processor architecture: Intel x64

23:02:41.0472 2116 Number of processors: 2

23:02:41.0472 2116 Page size: 0x1000

23:02:41.0472 2116 Boot type: Normal boot

23:02:41.0472 2116 ============================================================

23:02:42.0579 2116 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

23:02:42.0595 2116 ============================================================

23:02:42.0595 2116 \Device\Harddisk0\DR0:

23:02:42.0595 2116 MBR partitions:

23:02:42.0595 2116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

23:02:42.0595 2116 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

23:02:42.0595 2116 ============================================================

23:02:42.0626 2116 C: <-> \Device\Harddisk0\DR0\Partition2

23:02:42.0626 2116 ============================================================

23:02:42.0626 2116 Initialize success

23:02:42.0626 2116 ============================================================

23:02:51.0737 3884 ============================================================

23:02:51.0737 3884 Scan started

23:02:51.0737 3884 Mode: Manual;

23:02:51.0737 3884 ============================================================

23:02:54.0342 3884 ================ Scan system memory ========================

23:02:54.0342 3884 System memory - ok

23:02:54.0342 3884 ================ Scan services =============================

23:02:54.0435 3884 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

23:02:54.0435 3884 1394ohci - ok

23:02:54.0513 3884 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

23:02:54.0513 3884 ABBYY.Licensing.FineReader.Sprint.9.0 - ok

23:02:54.0576 3884 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

23:02:54.0591 3884 ACDaemon - ok

23:02:54.0607 3884 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

23:02:54.0607 3884 ACPI - ok

23:02:54.0623 3884 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

23:02:54.0623 3884 AcpiPmi - ok

23:02:54.0716 3884 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

23:02:54.0716 3884 AdobeARMservice - ok

23:02:54.0747 3884 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

23:02:54.0747 3884 adp94xx - ok

23:02:54.0763 3884 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

23:02:54.0779 3884 adpahci - ok

23:02:54.0794 3884 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

23:02:54.0794 3884 adpu320 - ok

23:02:54.0810 3884 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

23:02:54.0825 3884 AeLookupSvc - ok

23:02:54.0872 3884 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys

23:02:54.0872 3884 AFD - ok

23:02:54.0888 3884 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

23:02:54.0888 3884 agp440 - ok

23:02:54.0903 3884 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

23:02:54.0903 3884 ALG - ok

23:02:54.0919 3884 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

23:02:54.0919 3884 aliide - ok

23:02:54.0935 3884 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys

23:02:54.0935 3884 amdide - ok

23:02:54.0950 3884 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

23:02:54.0950 3884 AmdK8 - ok

23:02:54.0966 3884 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

23:02:54.0966 3884 AmdPPM - ok

23:02:54.0997 3884 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys

23:02:54.0997 3884 amdsata - ok

23:02:55.0013 3884 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

23:02:55.0028 3884 amdsbs - ok

23:02:55.0044 3884 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys

23:02:55.0044 3884 amdxata - ok

23:02:55.0059 3884 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys

23:02:55.0059 3884 AppID - ok

23:02:55.0075 3884 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

23:02:55.0075 3884 AppIDSvc - ok

23:02:55.0091 3884 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll

23:02:55.0106 3884 Appinfo - ok

23:02:55.0169 3884 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:02:55.0169 3884 Apple Mobile Device - ok

23:02:55.0184 3884 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

23:02:55.0184 3884 arc - ok

23:02:55.0200 3884 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

23:02:55.0200 3884 arcsas - ok

23:02:55.0215 3884 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

23:02:55.0231 3884 AsyncMac - ok

23:02:55.0247 3884 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys

23:02:55.0247 3884 atapi - ok

23:02:55.0278 3884 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:02:55.0278 3884 AudioEndpointBuilder - ok

23:02:55.0293 3884 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll

23:02:55.0293 3884 AudioSrv - ok

23:02:55.0325 3884 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll

23:02:55.0325 3884 AxInstSV - ok

23:02:55.0356 3884 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

23:02:55.0371 3884 b06bdrv - ok

23:02:55.0403 3884 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

23:02:55.0418 3884 b57nd60a - ok

23:02:55.0465 3884 [ F29D375926E36E3A56AF4805C7749302 ] BCUService C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

23:02:55.0465 3884 BCUService - ok

23:02:55.0481 3884 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

23:02:55.0481 3884 BDESVC - ok

23:02:55.0496 3884 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

23:02:55.0496 3884 Beep - ok

23:02:55.0527 3884 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll

23:02:55.0543 3884 BFE - ok

23:02:55.0574 3884 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll

23:02:55.0621 3884 BITS - ok

23:02:55.0637 3884 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

23:02:55.0637 3884 blbdrive - ok

23:02:55.0715 3884 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe

23:02:55.0715 3884 Bonjour Service - ok

23:02:55.0746 3884 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

23:02:55.0746 3884 bowser - ok

23:02:55.0761 3884 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

23:02:55.0761 3884 BrFiltLo - ok

23:02:55.0777 3884 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

23:02:55.0777 3884 BrFiltUp - ok

23:02:55.0808 3884 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll

23:02:55.0808 3884 Browser - ok

23:02:55.0824 3884 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

23:02:55.0839 3884 Brserid - ok

23:02:55.0839 3884 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

23:02:55.0839 3884 BrSerWdm - ok

23:02:55.0855 3884 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

23:02:55.0855 3884 BrUsbMdm - ok

23:02:55.0871 3884 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

23:02:55.0871 3884 BrUsbSer - ok

23:02:55.0886 3884 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

23:02:55.0886 3884 BTHMODEM - ok

23:02:55.0917 3884 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

23:02:55.0917 3884 bthserv - ok

23:02:55.0964 3884 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS

23:02:55.0964 3884 BVRPMPR5a64 - ok

23:02:56.0027 3884 [ 0D004BD9D24DC5F34839B005E65A0FB4 ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys

23:02:56.0027 3884 CAXHWBS2 - ok

23:02:56.0042 3884 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

23:02:56.0058 3884 cdfs - ok

23:02:56.0089 3884 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

23:02:56.0089 3884 cdrom - ok

23:02:56.0105 3884 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll

23:02:56.0105 3884 CertPropSvc - ok

23:02:56.0120 3884 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

23:02:56.0120 3884 circlass - ok

23:02:56.0151 3884 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

23:02:56.0151 3884 CLFS - ok

23:02:56.0198 3884 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:02:56.0198 3884 clr_optimization_v2.0.50727_32 - ok

23:02:56.0229 3884 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:02:56.0229 3884 clr_optimization_v2.0.50727_64 - ok

23:02:56.0307 3884 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:02:56.0339 3884 clr_optimization_v4.0.30319_32 - ok

23:02:56.0370 3884 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:02:56.0370 3884 clr_optimization_v4.0.30319_64 - ok

23:02:56.0385 3884 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

23:02:56.0401 3884 CmBatt - ok

23:02:56.0401 3884 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

23:02:56.0401 3884 cmdide - ok

23:02:56.0448 3884 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys

23:02:56.0448 3884 CNG - ok

23:02:56.0463 3884 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

23:02:56.0463 3884 Compbatt - ok

23:02:56.0479 3884 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

23:02:56.0495 3884 CompositeBus - ok

23:02:56.0495 3884 COMSysApp - ok

23:02:56.0510 3884 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

23:02:56.0510 3884 crcdisk - ok

23:02:56.0557 3884 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll

23:02:56.0557 3884 CryptSvc - ok

23:02:56.0588 3884 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll

23:02:56.0588 3884 DcomLaunch - ok

23:02:56.0619 3884 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

23:02:56.0619 3884 defragsvc - ok

23:02:56.0651 3884 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

23:02:56.0651 3884 DfsC - ok

23:02:56.0682 3884 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll

23:02:56.0682 3884 Dhcp - ok

23:02:56.0713 3884 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

23:02:56.0713 3884 discache - ok

23:02:56.0729 3884 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

23:02:56.0729 3884 Disk - ok

23:02:56.0760 3884 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll

23:02:56.0760 3884 Dnscache - ok

23:02:56.0775 3884 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll

23:02:56.0791 3884 dot3svc - ok

23:02:56.0807 3884 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll

23:02:56.0807 3884 DPS - ok

23:02:56.0838 3884 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

23:02:56.0838 3884 drmkaud - ok

23:02:56.0885 3884 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

23:02:56.0900 3884 DXGKrnl - ok

23:02:56.0916 3884 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

23:02:56.0916 3884 EapHost - ok

23:02:56.0978 3884 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

23:02:57.0056 3884 ebdrv - ok

23:02:57.0087 3884 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe

23:02:57.0087 3884 EFS - ok

23:02:57.0165 3884 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe

23:02:57.0165 3884 ehRecvr - ok

23:02:57.0181 3884 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

23:02:57.0181 3884 ehSched - ok

23:02:57.0197 3884 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

23:02:57.0212 3884 elxstor - ok

23:02:57.0228 3884 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

23:02:57.0228 3884 ErrDev - ok

23:02:57.0275 3884 [ 2C31DCAA88D269E13A935910DBB4CC61 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE

23:02:57.0275 3884 ES lite Service - ok

23:02:57.0290 3884 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

23:02:57.0306 3884 EventSystem - ok

23:02:57.0321 3884 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

23:02:57.0321 3884 exfat - ok

23:02:57.0337 3884 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

23:02:57.0337 3884 fastfat - ok

23:02:57.0368 3884 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe

23:02:57.0384 3884 Fax - ok

23:02:57.0399 3884 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

23:02:57.0399 3884 fdc - ok

23:02:57.0399 3884 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

23:02:57.0415 3884 fdPHost - ok

23:02:57.0415 3884 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

23:02:57.0415 3884 FDResPub - ok

23:02:57.0431 3884 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

23:02:57.0431 3884 FileInfo - ok

23:02:57.0446 3884 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

23:02:57.0446 3884 Filetrace - ok

23:02:57.0462 3884 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

23:02:57.0462 3884 flpydisk - ok

23:02:57.0477 3884 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

23:02:57.0477 3884 FltMgr - ok

23:02:57.0524 3884 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll

23:02:57.0540 3884 FontCache - ok

23:02:57.0587 3884 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:02:57.0587 3884 FontCache3.0.0.0 - ok

23:02:57.0587 3884 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

23:02:57.0602 3884 FsDepends - ok

23:02:57.0633 3884 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

23:02:57.0633 3884 Fs_Rec - ok

23:02:57.0665 3884 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

23:02:57.0665 3884 fvevol - ok

23:02:57.0680 3884 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

23:02:57.0680 3884 gagp30kx - ok

23:02:57.0711 3884 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys

23:02:57.0711 3884 gdrv - ok

23:02:57.0758 3884 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:02:57.0758 3884 GEARAspiWDM - ok

23:02:57.0789 3884 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll

23:02:57.0789 3884 gpsvc - ok

23:02:57.0867 3884 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:02:57.0867 3884 gupdate - ok

23:02:57.0899 3884 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:02:57.0899 3884 gupdatem - ok

23:02:57.0914 3884 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

23:02:57.0914 3884 hcw85cir - ok

23:02:57.0945 3884 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

23:02:57.0945 3884 HdAudAddService - ok

23:02:57.0977 3884 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

23:02:57.0977 3884 HDAudBus - ok

23:02:57.0992 3884 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

23:02:58.0008 3884 HidBatt - ok

23:02:58.0008 3884 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

23:02:58.0023 3884 HidBth - ok

23:02:58.0039 3884 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

23:02:58.0039 3884 HidIr - ok

23:02:58.0055 3884 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

23:02:58.0055 3884 hidserv - ok

23:02:58.0086 3884 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

23:02:58.0086 3884 HidUsb - ok

23:02:58.0101 3884 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll

23:02:58.0101 3884 hkmsvc - ok

23:02:58.0117 3884 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

23:02:58.0117 3884 HomeGroupListener - ok

23:02:58.0148 3884 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll

23:02:58.0148 3884 HomeGroupProvider - ok

23:02:58.0164 3884 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

23:02:58.0164 3884 HpSAMD - ok

23:02:58.0226 3884 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll

23:02:58.0242 3884 HsfXAudioService - ok

23:02:58.0257 3884 [ F6AC1087A131FBB385400667BEA64FBE ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys

23:02:58.0289 3884 HSF_DPV - ok

23:02:58.0320 3884 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys

23:02:58.0335 3884 HTTP - ok

23:02:58.0351 3884 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

23:02:58.0351 3884 hwpolicy - ok

23:02:58.0382 3884 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

23:02:58.0382 3884 i8042prt - ok

23:02:58.0413 3884 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

23:02:58.0429 3884 iaStorV - ok

23:02:58.0460 3884 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:02:58.0476 3884 idsvc - ok

23:02:58.0663 3884 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

23:02:58.0819 3884 igfx - ok

23:02:58.0835 3884 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

23:02:58.0850 3884 iirsp - ok

23:02:58.0881 3884 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll

23:02:58.0881 3884 IKEEXT - ok

23:02:58.0944 3884 [ 135856AC71116CCFF05ED8481745241B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

23:02:58.0975 3884 IntcAzAudAddService - ok

23:02:59.0022 3884 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys

23:02:59.0022 3884 intelide - ok

23:02:59.0037 3884 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

23:02:59.0037 3884 intelppm - ok

23:02:59.0053 3884 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

23:02:59.0053 3884 IPBusEnum - ok

23:02:59.0069 3884 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:02:59.0069 3884 IpFilterDriver - ok

23:02:59.0084 3884 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

23:02:59.0100 3884 iphlpsvc - ok

23:02:59.0115 3884 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

23:02:59.0115 3884 IPMIDRV - ok

23:02:59.0115 3884 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

23:02:59.0131 3884 IPNAT - ok

23:02:59.0178 3884 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

23:02:59.0193 3884 iPod Service - ok

23:02:59.0209 3884 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

23:02:59.0209 3884 IRENUM - ok

23:02:59.0225 3884 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

23:02:59.0225 3884 isapnp - ok

23:02:59.0240 3884 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

23:02:59.0256 3884 iScsiPrt - ok

23:02:59.0271 3884 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

23:02:59.0271 3884 kbdclass - ok

23:02:59.0287 3884 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

23:02:59.0287 3884 kbdhid - ok

23:02:59.0303 3884 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe

23:02:59.0303 3884 KeyIso - ok

23:02:59.0427 3884 [ F8D454FBA97DC28F02931C588BAFE4CF ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe

23:02:59.0427 3884 Kodak AiO Network Discovery Service - ok

23:02:59.0474 3884 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

23:02:59.0474 3884 KSecDD - ok

23:02:59.0490 3884 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

23:02:59.0490 3884 KSecPkg - ok

23:02:59.0521 3884 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

23:02:59.0521 3884 ksthunk - ok

23:02:59.0552 3884 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

23:02:59.0552 3884 KtmRm - ok

23:02:59.0599 3884 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll

23:02:59.0599 3884 LanmanServer - ok

23:02:59.0615 3884 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

23:02:59.0630 3884 LanmanWorkstation - ok

23:02:59.0693 3884 [ 4D99FCA201B72E0F2CA996E357BAA170 ] Lavasoft Ad-Aware Service C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

23:02:59.0708 3884 Lavasoft Ad-Aware Service - ok

23:02:59.0755 3884 [ C8B3131857931AE76798A741CC52B021 ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys

23:02:59.0755 3884 Lbd - ok

23:02:59.0802 3884 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

23:02:59.0802 3884 lltdio - ok

23:02:59.0817 3884 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

23:02:59.0817 3884 lltdsvc - ok

23:02:59.0849 3884 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

23:02:59.0849 3884 lmhosts - ok

23:02:59.0864 3884 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

23:02:59.0864 3884 LSI_FC - ok

23:02:59.0880 3884 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

23:02:59.0880 3884 LSI_SAS - ok

23:02:59.0895 3884 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

23:02:59.0895 3884 LSI_SAS2 - ok

23:02:59.0911 3884 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

23:02:59.0927 3884 LSI_SCSI - ok

23:02:59.0942 3884 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

23:02:59.0942 3884 luafv - ok

23:03:00.0020 3884 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

23:03:00.0020 3884 MBAMProtector - ok

23:03:00.0083 3884 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

23:03:00.0083 3884 MBAMScheduler - ok

23:03:00.0129 3884 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

23:03:00.0129 3884 MBAMService - ok

23:03:00.0207 3884 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

23:03:00.0223 3884 McComponentHostService - ok

23:03:00.0239 3884 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

23:03:00.0239 3884 Mcx2Svc - ok

23:03:00.0254 3884 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

23:03:00.0254 3884 mdmxsdk - ok

23:03:00.0332 3884 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

23:03:00.0332 3884 megasas - ok

23:03:00.0363 3884 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

23:03:00.0379 3884 MegaSR - ok

23:03:00.0488 3884 Microsoft SharePoint Workspace Audit Service - ok

23:03:00.0519 3884 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

23:03:00.0519 3884 MMCSS - ok

23:03:00.0535 3884 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

23:03:00.0535 3884 Modem - ok

23:03:00.0566 3884 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

23:03:00.0566 3884 monitor - ok

23:03:00.0582 3884 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

23:03:00.0582 3884 mouclass - ok

23:03:00.0597 3884 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

23:03:00.0613 3884 mouhid - ok

23:03:00.0629 3884 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

23:03:00.0629 3884 mountmgr - ok

23:03:00.0660 3884 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

23:03:00.0660 3884 MozillaMaintenance - ok

23:03:00.0675 3884 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys

23:03:00.0675 3884 mpio - ok

23:03:00.0691 3884 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

23:03:00.0707 3884 mpsdrv - ok

23:03:00.0738 3884 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll

23:03:00.0753 3884 MpsSvc - ok

23:03:00.0769 3884 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

23:03:00.0769 3884 MRxDAV - ok

23:03:00.0800 3884 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

23:03:00.0800 3884 mrxsmb - ok

23:03:00.0831 3884 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:03:00.0847 3884 mrxsmb10 - ok

23:03:00.0863 3884 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:03:00.0863 3884 mrxsmb20 - ok

23:03:00.0909 3884 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys

23:03:00.0909 3884 msahci - ok

23:03:00.0925 3884 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

23:03:00.0925 3884 msdsm - ok

23:03:00.0941 3884 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

23:03:00.0941 3884 MSDTC - ok

23:03:00.0972 3884 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

23:03:00.0972 3884 Msfs - ok

23:03:00.0987 3884 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

23:03:00.0987 3884 mshidkmdf - ok

23:03:01.0003 3884 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

23:03:01.0003 3884 msisadrv - ok

23:03:01.0034 3884 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

23:03:01.0050 3884 MSiSCSI - ok

23:03:01.0050 3884 msiserver - ok

23:03:01.0065 3884 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

23:03:01.0065 3884 MSKSSRV - ok

23:03:01.0081 3884 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

23:03:01.0081 3884 MSPCLOCK - ok

23:03:01.0097 3884 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

23:03:01.0097 3884 MSPQM - ok

23:03:01.0112 3884 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

23:03:01.0112 3884 MsRPC - ok

23:03:01.0128 3884 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

23:03:01.0128 3884 mssmbios - ok

23:03:01.0143 3884 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

23:03:01.0143 3884 MSTEE - ok

23:03:01.0159 3884 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

23:03:01.0159 3884 MTConfig - ok

23:03:01.0175 3884 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

23:03:01.0175 3884 Mup - ok

23:03:01.0206 3884 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll

23:03:01.0206 3884 napagent - ok

23:03:01.0237 3884 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

23:03:01.0237 3884 NativeWifiP - ok

23:03:01.0268 3884 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys

23:03:01.0284 3884 NDIS - ok

23:03:01.0299 3884 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

23:03:01.0299 3884 NdisCap - ok

23:03:01.0315 3884 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

23:03:01.0315 3884 NdisTapi - ok

23:03:01.0331 3884 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

23:03:01.0331 3884 Ndisuio - ok

23:03:01.0346 3884 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

23:03:01.0346 3884 NdisWan - ok

23:03:01.0362 3884 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

23:03:01.0362 3884 NDProxy - ok

23:03:01.0377 3884 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

23:03:01.0377 3884 NetBIOS - ok

23:03:01.0393 3884 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

23:03:01.0393 3884 NetBT - ok

23:03:01.0409 3884 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe

23:03:01.0409 3884 Netlogon - ok

23:03:01.0440 3884 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

23:03:01.0440 3884 Netman - ok

23:03:01.0455 3884 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

23:03:01.0471 3884 netprofm - ok

23:03:01.0487 3884 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:03:01.0487 3884 NetTcpPortSharing - ok

23:03:01.0502 3884 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

23:03:01.0502 3884 nfrd960 - ok

23:03:01.0518 3884 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll

23:03:01.0533 3884 NlaSvc - ok

23:03:01.0533 3884 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

23:03:01.0549 3884 Npfs - ok

23:03:01.0549 3884 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

23:03:01.0549 3884 nsi - ok

23:03:01.0565 3884 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

23:03:01.0565 3884 nsiproxy - ok

23:03:01.0627 3884 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

23:03:01.0658 3884 Ntfs - ok

23:03:01.0674 3884 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

23:03:01.0674 3884 Null - ok

23:03:01.0705 3884 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys

23:03:01.0705 3884 nvraid - ok

23:03:01.0721 3884 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys

23:03:01.0721 3884 nvstor - ok

23:03:01.0736 3884 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

23:03:01.0752 3884 nv_agp - ok

23:03:01.0752 3884 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

23:03:01.0767 3884 ohci1394 - ok

23:03:01.0799 3884 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:03:01.0814 3884 ose - ok

23:03:01.0939 3884 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

23:03:02.0048 3884 osppsvc - ok

23:03:02.0064 3884 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

23:03:02.0079 3884 p2pimsvc - ok

23:03:02.0095 3884 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

23:03:02.0095 3884 p2psvc - ok

23:03:02.0126 3884 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

23:03:02.0126 3884 Parport - ok

23:03:02.0157 3884 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys

23:03:02.0173 3884 partmgr - ok

23:03:02.0189 3884 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

23:03:02.0189 3884 PcaSvc - ok

23:03:02.0189 3884 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys

23:03:02.0204 3884 pci - ok

23:03:02.0220 3884 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys

23:03:02.0220 3884 pciide - ok

23:03:02.0235 3884 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

23:03:02.0235 3884 pcmcia - ok

23:03:02.0251 3884 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

23:03:02.0251 3884 pcw - ok

23:03:02.0267 3884 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

23:03:02.0282 3884 PEAUTH - ok

23:03:02.0298 3884 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

23:03:02.0298 3884 PerfHost - ok

23:03:02.0345 3884 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll

23:03:02.0360 3884 pla - ok

23:03:02.0407 3884 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

23:03:02.0407 3884 PlugPlay - ok

23:03:02.0423 3884 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

23:03:02.0423 3884 PNRPAutoReg - ok

23:03:02.0454 3884 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

23:03:02.0454 3884 PNRPsvc - ok

23:03:02.0485 3884 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

23:03:02.0485 3884 PolicyAgent - ok

23:03:02.0516 3884 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

23:03:02.0516 3884 Power - ok

23:03:02.0547 3884 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

23:03:02.0547 3884 PptpMiniport - ok

23:03:02.0563 3884 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

23:03:02.0563 3884 Processor - ok

23:03:02.0594 3884 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll

23:03:02.0594 3884 ProfSvc - ok

23:03:02.0610 3884 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe

23:03:02.0610 3884 ProtectedStorage - ok

23:03:02.0641 3884 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

23:03:02.0641 3884 Psched - ok

23:03:02.0672 3884 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

23:03:02.0703 3884 ql2300 - ok

23:03:02.0719 3884 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

23:03:02.0719 3884 ql40xx - ok

23:03:02.0750 3884 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

23:03:02.0750 3884 QWAVE - ok

23:03:02.0766 3884 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

23:03:02.0766 3884 QWAVEdrv - ok

23:03:02.0781 3884 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

23:03:02.0781 3884 RasAcd - ok

23:03:02.0813 3884 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

23:03:02.0813 3884 RasAgileVpn - ok

23:03:02.0828 3884 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

23:03:02.0828 3884 RasAuto - ok

23:03:02.0859 3884 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

23:03:02.0859 3884 Rasl2tp - ok

23:03:02.0875 3884 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll

23:03:02.0875 3884 RasMan - ok

23:03:02.0891 3884 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

23:03:02.0891 3884 RasPppoe - ok

23:03:02.0906 3884 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

23:03:02.0906 3884 RasSstp - ok

23:03:02.0922 3884 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

23:03:02.0922 3884 rdbss - ok

23:03:02.0937 3884 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

23:03:02.0937 3884 rdpbus - ok

23:03:02.0953 3884 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

23:03:02.0953 3884 RDPCDD - ok

23:03:02.0969 3884 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

23:03:02.0969 3884 RDPENCDD - ok

23:03:02.0984 3884 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

23:03:02.0984 3884 RDPREFMP - ok

23:03:03.0015 3884 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

23:03:03.0015 3884 RDPWD - ok

23:03:03.0031 3884 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

23:03:03.0047 3884 rdyboost - ok

23:03:03.0062 3884 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

23:03:03.0062 3884 RemoteAccess - ok

23:03:03.0078 3884 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

23:03:03.0093 3884 RemoteRegistry - ok

23:03:03.0171 3884 [ 8CFCA7E2FD4B57C2BEF929C1C1A4C56E ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

23:03:03.0171 3884 RichVideo - ok

23:03:03.0203 3884 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

23:03:03.0203 3884 RpcEptMapper - ok

23:03:03.0218 3884 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

23:03:03.0218 3884 RpcLocator - ok

23:03:03.0234 3884 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll

23:03:03.0249 3884 RpcSs - ok

23:03:03.0265 3884 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

23:03:03.0265 3884 rspndr - ok

23:03:03.0296 3884 [ F65F171165FBB613F7AA3CC78E8CAB42 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

23:03:03.0296 3884 RTL8167 - ok

23:03:03.0312 3884 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe

23:03:03.0312 3884 SamSs - ok

23:03:03.0327 3884 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

23:03:03.0327 3884 sbp2port - ok

23:03:03.0343 3884 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

23:03:03.0343 3884 SCardSvr - ok

23:03:03.0359 3884 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

23:03:03.0359 3884 scfilter - ok

23:03:03.0421 3884 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll

23:03:03.0437 3884 Schedule - ok

23:03:03.0468 3884 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll

23:03:03.0468 3884 SCPolicySvc - ok

23:03:03.0483 3884 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll

23:03:03.0483 3884 SDRSVC - ok

23:03:03.0515 3884 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

23:03:03.0515 3884 secdrv - ok

23:03:03.0515 3884 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll

23:03:03.0530 3884 seclogon - ok

23:03:03.0530 3884 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

23:03:03.0546 3884 SENS - ok

23:03:03.0546 3884 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

23:03:03.0546 3884 SensrSvc - ok

23:03:03.0561 3884 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

23:03:03.0561 3884 Serenum - ok

23:03:03.0593 3884 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

23:03:03.0593 3884 Serial - ok

23:03:03.0608 3884 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

23:03:03.0608 3884 sermouse - ok

23:03:03.0624 3884 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll

23:03:03.0624 3884 SessionEnv - ok

23:03:03.0671 3884 [ 52C525BF4D78125A5064D0D1705F04B6 ] SfCtlCom C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

23:03:03.0686 3884 SfCtlCom - ok

23:03:03.0686 3884 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

23:03:03.0702 3884 sffdisk - ok

23:03:03.0702 3884 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

23:03:03.0702 3884 sffp_mmc - ok

23:03:03.0717 3884 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

23:03:03.0717 3884 sffp_sd - ok

23:03:03.0733 3884 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

23:03:03.0733 3884 sfloppy - ok

23:03:03.0764 3884 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

23:03:03.0780 3884 SharedAccess - ok

23:03:03.0795 3884 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll

23:03:03.0795 3884 ShellHWDetection - ok

23:03:03.0827 3884 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

23:03:03.0827 3884 SiSRaid2 - ok

23:03:03.0842 3884 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

23:03:03.0842 3884 SiSRaid4 - ok

23:03:03.0858 3884 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

23:03:03.0858 3884 Smb - ok

23:03:03.0889 3884 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

23:03:03.0889 3884 SNMPTRAP - ok

23:03:03.0889 3884 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

23:03:03.0905 3884 spldr - ok

23:03:03.0936 3884 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe

23:03:03.0936 3884 Spooler - ok

23:03:04.0014 3884 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe

23:03:04.0076 3884 sppsvc - ok

23:03:04.0092 3884 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

23:03:04.0092 3884 sppuinotify - ok

23:03:04.0123 3884 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys

23:03:04.0123 3884 srv - ok

23:03:04.0154 3884 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

23:03:04.0154 3884 srv2 - ok

23:03:04.0201 3884 [ 93132C69394A99D992095D8CFE464801 ] SrvHsfPCI C:\Windows\system32\DRIVERS\VSTBS26.SYS

23:03:04.0217 3884 SrvHsfPCI - ok

23:03:04.0248 3884 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

23:03:04.0279 3884 SrvHsfV92 - ok

23:03:04.0310 3884 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

23:03:04.0326 3884 SrvHsfWinac - ok

23:03:04.0341 3884 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

23:03:04.0341 3884 srvnet - ok

23:03:04.0388 3884 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

23:03:04.0388 3884 SSDPSRV - ok

23:03:04.0404 3884 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

23:03:04.0404 3884 SstpSvc - ok

23:03:04.0435 3884 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

23:03:04.0435 3884 stexstor - ok

23:03:04.0466 3884 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll

23:03:04.0466 3884 stisvc - ok

23:03:04.0482 3884 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

23:03:04.0482 3884 swenum - ok

23:03:04.0497 3884 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

23:03:04.0497 3884 swprv - ok

23:03:04.0529 3884 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll

23:03:04.0560 3884 SysMain - ok

23:03:04.0575 3884 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll

23:03:04.0575 3884 TabletInputService - ok

23:03:04.0607 3884 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll

23:03:04.0607 3884 TapiSrv - ok

23:03:04.0622 3884 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

23:03:04.0622 3884 TBS - ok

23:03:04.0685 3884 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

23:03:04.0716 3884 Tcpip - ok

23:03:04.0763 3884 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

23:03:04.0763 3884 TCPIP6 - ok

23:03:04.0794 3884 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

23:03:04.0794 3884 tcpipreg - ok

23:03:04.0809 3884 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

23:03:04.0809 3884 TDPIPE - ok

23:03:04.0841 3884 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

23:03:04.0841 3884 TDTCP - ok

23:03:04.0856 3884 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys

23:03:04.0856 3884 tdx - ok

23:03:04.0872 3884 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

23:03:04.0872 3884 TermDD - ok

23:03:04.0903 3884 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll

23:03:04.0903 3884 TermService - ok

23:03:04.0919 3884 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

23:03:04.0919 3884 Themes - ok

23:03:04.0934 3884 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

23:03:04.0934 3884 THREADORDER - ok

23:03:04.0997 3884 [ 963C903E5176C5CDCAE321D48635B21F ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe

23:03:05.0012 3884 TMBMServer - ok

23:03:05.0059 3884 [ 35A6AEB61C7CF21B10CC05BDA47339B5 ] tmlwf C:\Windows\system32\DRIVERS\tmlwf.sys

23:03:05.0059 3884 tmlwf - ok

23:03:05.0090 3884 [ C52867F238EF1AAFCD35F8D134B8AB10 ] TmPfw C:\Program Files\Trend Micro\Internet Security\TmPfw.exe

23:03:05.0090 3884 TmPfw - ok

23:03:05.0153 3884 [ 803EE35DF92815EA5D41CEE7410C8CC1 ] tmpreflt C:\Windows\system32\DRIVERS\tmpreflt.sys

23:03:05.0153 3884 tmpreflt - ok

23:03:05.0168 3884 [ 3AE913B4FBF06EE49831FF9DB2330830 ] TmProxy C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

23:03:05.0184 3884 TmProxy - ok

23:03:05.0215 3884 [ 21CC12B7F8B44E91D03EAD5B17AAF0B2 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys

23:03:05.0215 3884 tmtdi - ok

23:03:05.0231 3884 [ A4670E50C15D7BCE7226E4B62700DF09 ] tmwfp C:\Windows\system32\DRIVERS\tmwfp.sys

23:03:05.0231 3884 tmwfp - ok

23:03:05.0262 3884 [ 9BD32132A3470CEFB3CBEA5FA492BD6F ] tmxpflt C:\Windows\system32\DRIVERS\tmxpflt.sys

23:03:05.0262 3884 tmxpflt - ok

23:03:05.0293 3884 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

23:03:05.0293 3884 TrkWks - ok

23:03:05.0324 3884 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

23:03:05.0324 3884 TrustedInstaller - ok

23:03:05.0340 3884 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

23:03:05.0340 3884 tssecsrv - ok

23:03:05.0371 3884 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

23:03:05.0371 3884 tunnel - ok

23:03:05.0387 3884 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

23:03:05.0402 3884 uagp35 - ok

23:03:05.0418 3884 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys

23:03:05.0418 3884 udfs - ok

23:03:05.0433 3884 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

23:03:05.0465 3884 UI0Detect - ok

23:03:05.0496 3884 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

23:03:05.0527 3884 uliagpkx - ok

23:03:05.0589 3884 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

23:03:05.0589 3884 umbus - ok

23:03:05.0605 3884 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

23:03:05.0605 3884 UmPass - ok

23:03:05.0636 3884 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

23:03:05.0636 3884 upnphost - ok

23:03:05.0667 3884 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

23:03:05.0667 3884 USBAAPL64 - ok

23:03:05.0699 3884 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

23:03:05.0699 3884 usbccgp - ok

23:03:05.0714 3884 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

23:03:05.0714 3884 usbcir - ok

23:03:05.0745 3884 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

23:03:05.0745 3884 usbehci - ok

23:03:05.0777 3884 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

23:03:05.0792 3884 usbhub - ok

23:03:05.0808 3884 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys

23:03:05.0823 3884 usbohci - ok

23:03:05.0823 3884 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

23:03:05.0823 3884 usbprint - ok

23:03:05.0855 3884 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

23:03:05.0855 3884 usbscan - ok

23:03:05.0886 3884 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:03:05.0886 3884 USBSTOR - ok

23:03:05.0901 3884 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

23:03:05.0901 3884 usbuhci - ok

23:03:05.0917 3884 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

23:03:05.0917 3884 UxSms - ok

23:03:05.0933 3884 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe

23:03:05.0933 3884 VaultSvc - ok

23:03:05.0948 3884 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

23:03:05.0948 3884 vdrvroot - ok

23:03:05.0964 3884 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe

23:03:05.0979 3884 vds - ok

23:03:05.0979 3884 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

23:03:05.0995 3884 vga - ok

23:03:05.0995 3884 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

23:03:05.0995 3884 VgaSave - ok

23:03:06.0026 3884 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

23:03:06.0026 3884 vhdmp - ok

23:03:06.0042 3884 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys

23:03:06.0042 3884 viaide - ok

23:03:06.0057 3884 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

23:03:06.0057 3884 volmgr - ok

23:03:06.0073 3884 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

23:03:06.0089 3884 volmgrx - ok

23:03:06.0089 3884 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys

23:03:06.0104 3884 volsnap - ok

23:03:06.0135 3884 [ B01CE1F5A44126892240D179A6DBD43F ] vsapint C:\Windows\system32\DRIVERS\vsapint.sys

23:03:06.0182 3884 vsapint - ok

23:03:06.0198 3884 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

23:03:06.0198 3884 vsmraid - ok

23:03:06.0245 3884 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe

23:03:06.0260 3884 VSS - ok

23:03:06.0276 3884 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

23:03:06.0276 3884 vwifibus - ok

23:03:06.0307 3884 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

23:03:06.0307 3884 W32Time - ok

23:03:06.0323 3884 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

23:03:06.0323 3884 WacomPen - ok

23:03:06.0354 3884 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

23:03:06.0354 3884 WANARP - ok

23:03:06.0354 3884 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

23:03:06.0354 3884 Wanarpv6 - ok

23:03:06.0401 3884 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

23:03:06.0432 3884 WatAdminSvc - ok

23:03:06.0479 3884 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe

23:03:06.0494 3884 wbengine - ok

23:03:06.0525 3884 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

23:03:06.0525 3884 WbioSrvc - ok

23:03:06.0541 3884 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll

23:03:06.0557 3884 wcncsvc - ok

23:03:06.0572 3884 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

23:03:06.0572 3884 WcsPlugInService - ok

23:03:06.0603 3884 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

23:03:06.0603 3884 Wd - ok

23:03:06.0650 3884 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

23:03:06.0650 3884 Wdf01000 - ok

23:03:06.0666 3884 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

23:03:06.0666 3884 WdiServiceHost - ok

23:03:06.0681 3884 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

23:03:06.0681 3884 WdiSystemHost - ok

23:03:06.0713 3884 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll

23:03:06.0713 3884 WebClient - ok

23:03:06.0728 3884 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

23:03:06.0728 3884 Wecsvc - ok

23:03:06.0744 3884 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

23:03:06.0744 3884 wercplsupport - ok

23:03:06.0759 3884 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

23:03:06.0775 3884 WerSvc - ok

23:03:06.0791 3884 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

23:03:06.0791 3884 WfpLwf - ok

23:03:06.0806 3884 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

23:03:06.0806 3884 WIMMount - ok

23:03:06.0837 3884 [ 1EDBBF412A382550AF6EB35F5E46928E ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys

23:03:06.0853 3884 winachsf - ok

23:03:06.0869 3884 WinDefend - ok

23:03:06.0869 3884 WinHttpAutoProxySvc - ok

23:03:06.0915 3884 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

23:03:06.0915 3884 Winmgmt - ok

23:03:06.0962 3884 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll

23:03:06.0993 3884 WinRM - ok

23:03:07.0056 3884 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

23:03:07.0056 3884 WinUsb - ok

23:03:07.0071 3884 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

23:03:07.0087 3884 Wlansvc - ok

23:03:07.0196 3884 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:03:07.0243 3884 wlidsvc - ok

23:03:07.0259 3884 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

23:03:07.0259 3884 WmiAcpi - ok

23:03:07.0290 3884 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

23:03:07.0290 3884 wmiApSrv - ok

23:03:07.0305 3884 WMPNetworkSvc - ok

23:03:07.0321 3884 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

23:03:07.0321 3884 WPCSvc - ok

23:03:07.0352 3884 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

23:03:07.0352 3884 WPDBusEnum - ok

23:03:07.0368 3884 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

23:03:07.0368 3884 ws2ifsl - ok

23:03:07.0399 3884 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll

23:03:07.0399 3884 wscsvc - ok

23:03:07.0399 3884 WSearch - ok

23:03:07.0477 3884 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

23:03:07.0524 3884 wuauserv - ok

23:03:07.0555 3884 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

23:03:07.0555 3884 WudfPf - ok

23:03:07.0571 3884 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

23:03:07.0571 3884 WUDFRd - ok

23:03:07.0602 3884 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

23:03:07.0617 3884 wudfsvc - ok

23:03:07.0633 3884 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

23:03:07.0633 3884 WwanSvc - ok

23:03:07.0680 3884 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys

23:03:07.0680 3884 XAudio - ok

23:03:07.0695 3884 ================ Scan global ===============================

23:03:07.0711 3884 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

23:03:07.0742 3884 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll

23:03:07.0758 3884 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll

23:03:07.0773 3884 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

23:03:07.0805 3884 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

23:03:07.0805 3884 [Global] - ok

23:03:07.0805 3884 ================ Scan MBR ==================================

23:03:07.0820 3884 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

23:03:07.0945 3884 \Device\Harddisk0\DR0 - ok

23:03:07.0945 3884 ================ Scan VBR ==================================

23:03:07.0945 3884 [ 782EA9D446A394A9486A1C0531C023FB ] \Device\Harddisk0\DR0\Partition1

23:03:07.0945 3884 \Device\Harddisk0\DR0\Partition1 - ok

23:03:07.0961 3884 [ 723B10C339665AC68C24561AF2CE7C75 ] \Device\Harddisk0\DR0\Partition2

23:03:07.0961 3884 \Device\Harddisk0\DR0\Partition2 - ok

23:03:07.0961 3884 ============================================================

23:03:07.0961 3884 Scan finished

23:03:07.0961 3884 ============================================================

23:03:07.0976 1880 Detected object count: 0

23:03:07.0976 1880 Actual detected object count: 0

RK

RogueKiller V8.3.1 [Nov 29 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Rybicki [Admin rights]

Mode : Scan -- Date : 12/01/2012 23:08:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : EPSON NX430 TX435 Series (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBP.EXE /FU "C:\Users\Rybicki\AppData\Local\Temp\E_S7E2.tmp" /EF "HKCU") -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : Upyqpai (C:\Users\Rybicki\AppData\Roaming\Pueny\giam.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2800316101-1893281304-1120784185-1000[...]\Run : EPSON NX430 TX435 Series (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBP.EXE /FU "C:\Users\Rybicki\AppData\Local\Temp\E_S7E2.tmp" /EF "HKCU") -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2800316101-1893281304-1120784185-1000[...]\Run : Upyqpai (C:\Users\Rybicki\AppData\Roaming\Pueny\giam.exe) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500418AS ATA Device +++++

--- User ---

[MBR] 7effd017c166444088654c548abfb39c

[bSP] 3d7eda69ce55cc718d167f25dfdb61ad : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12012012_02d2308.txt >>

RKreport[1]_S_12012012_02d2308.txt

Link to post
Share on other sites

Disable Lavasoft Ad-watch:

Right click on the Ad-Watch icon in the system tray.

At the bottom of the screen there will be two checkable items called "Active" and "Automatic".

Active: This will turn Ad-Watch On\Off without closing it.

Automatic: Suspicious activity will be blocked automatically.

Uncheck both of those boxes.

  • Disable the TrendMicro antivirus so that it does not interfere, but do leave the firewall on.
    See How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
    Put a check next to all of these and uncheck any others : (if found)
    [RUN][sUSP PATH] HKCU\[...]\Run : Upyqpai (C:\Users\Rybicki\AppData\Roaming\Pueny\giam.exe)
    [RUN][sUSP PATH] HKUS\S-1-5-21-2800316101-1893281304-1120784185-1000[...]\Run : Upyqpai (C:\Users\Rybicki\AppData\Roaming\Pueny\giam.exe)

  • Then click on Delete on the right hand column under Options.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into a new reply.

Step 2

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Technics only. If you are a casual viewer, do NOT try this on your system!

If you are not Technics and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

The system seems fine to me. The second registry entry that I checked to delete hasn't shown up on the report though.

RogueKiller V8.3.1 [Nov 29 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Rybicki [Admin rights]

Mode : Remove -- Date : 12/02/2012 11:30:29

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : EPSON NX430 TX435 Series (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBP.EXE /FU "C:\Users\Rybicki\AppData\Local\Temp\E_S7E2.tmp" /EF "HKCU") -> NOT SELECTED

[RUN][sUSP PATH] HKCU\[...]\Run : Upyqpai (C:\Users\Rybicki\AppData\Roaming\Pueny\giam.exe) -> DELETED

[RUN][sUSP PATH] HKUS\S-1-5-21-2800316101-1893281304-1120784185-1000[...]\Run : EPSON NX430 TX435 Series (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBP.EXE /FU "C:\Users\Rybicki\AppData\Local\Temp\E_S7E2.tmp" /EF "HKCU") -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500418AS ATA Device +++++

--- User ---

[MBR] 7effd017c166444088654c548abfb39c

[bSP] 3d7eda69ce55cc718d167f25dfdb61ad : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_12022012_02d1130.txt >>

RKreport[1]_S_12022012_02d1127.txt ; RKreport[2]_D_12022012_02d1130.txt

--------------------------------------------------------------------------------------------------------------------------

ComboFix 12-12-01.02 - Rybicki 02/12/2012 11:47:43.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.2012.990 [GMT 8:00]

Running from: c:\users\Rybicki\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))

.

.

2012-12-02 03:55 . 2012-12-02 03:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-01 14:47 . 2012-12-01 14:47 -------- d-----w- c:\program files (x86)\ERUNT

2012-11-28 13:47 . 2012-12-01 09:48 -------- d-----w- c:\users\Rybicki\AppData\Roaming\Pueny

2012-11-28 13:47 . 2012-11-29 00:47 -------- d-----w- c:\users\Rybicki\AppData\Roaming\Ifweug

2012-11-28 13:47 . 2012-11-28 13:47 -------- d-----w- c:\users\Rybicki\AppData\Roaming\Ilebm

2012-11-23 11:16 . 2012-11-23 11:16 -------- d-----w- c:\users\Rybicki\AppData\Roaming\puush

2012-11-23 11:16 . 2012-11-23 11:17 -------- d-----w- c:\program files (x86)\puush

2012-11-16 19:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-16 19:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 19:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 19:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 02:41 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-11-16 02:41 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-16 02:41 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-02 03:33 . 2010-07-12 09:00 25640 ----a-w- c:\windows\gdrv.sys

2012-10-16 21:20 . 2012-11-28 00:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 21:20 . 2012-11-28 00:50 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 20:34 . 2012-11-28 00:50 559104 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-06 12:42 . 2012-08-08 05:27 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-06 12:42 . 2012-08-08 05:27 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-29 11:54 . 2012-08-03 11:01 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-28 05:16 . 2012-09-28 05:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-28 05:15 . 2012-07-01 05:38 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-28 05:15 . 2010-07-29 07:32 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-14 19:23 . 2012-10-10 14:40 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:30 . 2012-10-10 14:40 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mega Manager"="c:\program files (x86)\Megaupload\Mega Manager\MegaManager.exe" [2011-07-29 2113536]

"c:\users\Rybicki\Downloads\LivestreamProcaster.exe"="c:\users\Rybicki\Downloads\LivestreamProcaster.exe" [2012-09-09 18199256]

"puush"="c:\program files (x86)\puush\puush.exe" [2012-11-23 565480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]

"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]

"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]

"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-27 2152152]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-01-06 35840]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-07-29 595960]

R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-07-29 917768]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-27 1255736]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 69376]

S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-07-29 200720]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]

S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-03-02 68136]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-05-17 308592]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 42576]

S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-07-29 339984]

S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [2009-06-29 411136]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 07:24]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 07:35]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 07:35]

.

2012-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2800316101-1893281304-1120784185-1000Core.job

- c:\users\Rybicki\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 03:10]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2800316101-1893281304-1120784185-1000UA.job

- c:\users\Rybicki\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 03:10]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-25 7883296]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-25 1833504]

"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1023416]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-05-07 2042368]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com.au/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Rybicki\AppData\Roaming\Mozilla\Firefox\Profiles\h6zd0hbl.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\07\05\1d\07\06\1b?"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-02 11:59:38

ComboFix-quarantined-files.txt 2012-12-02 03:59

.

Pre-Run: 402,050,228,224 bytes free

Post-Run: 405,986,254,848 bytes free

.

- - End Of File - - 50CD595166B0032EC000A113F95FA218

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for Safe offline reference!

These steps are for Technics only. If you are a casual viewer, do NOT try this on your system!

If you are not Technics and have a similar problem, do NOT post here; start your own topic

The procedures in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other one!

You will want to print out or copy these instructions to Notepad for offline reference!

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

For help reference, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

2. Open notepad and copy/paste the text in the quotebox below into it:

Dirlook::
c:\users\Rybicki\AppData\Roaming\Pueny
c:\users\Rybicki\AppData\Roaming\Ifweug
c:\users\Rybicki\AppData\Roaming\Ilebm
c:\users\Rybicki\AppData\Roaming\puush

Save this as CFScript.txt, in the same location as ComboFix.exe

3. Close any (all) open browsers.

4:

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require info a new reply.

Step 2

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Link to post
Share on other sites

The system seems ok.

ComboFix 12-12-01.02 - Rybicki 03/12/2012 12:31:11.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.2012.1184 [GMT 8:00]

Running from: c:\users\Rybicki\Desktop\ComboFix.exe

Command switches used :: c:\users\Rybicki\Desktop\CFScript.txt

AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Rybicki\AppData\Local\{7B977AAD-6363-4B96-9B7B-B7B450C6F185}

.

.

((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))

.

.

2012-12-03 04:38 . 2012-12-03 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-02 04:46 . 2012-12-02 04:46 -------- d-----w- c:\users\Rybicki\AppData\Local\Trend Micro

2012-12-02 04:44 . 2012-12-02 05:07 -------- d-----w- c:\programdata\Ad-Aware Antivirus

2012-12-02 04:43 . 2012-12-02 04:43 -------- d-----w- c:\users\Rybicki\AppData\Roaming\LavasoftStatistics

2012-12-02 04:37 . 2012-12-02 14:35 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus

2012-12-02 04:36 . 2012-12-02 04:36 -------- d-----w- c:\users\Rybicki\AppData\Local\Downloaded Installations

2012-12-02 04:36 . 2012-12-02 04:36 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys

2012-12-02 04:36 . 2012-09-19 21:40 47496 ----a-w- c:\windows\system32\sbbd.exe

2012-12-02 04:35 . 2012-12-02 04:35 -------- d-----w- c:\programdata\blekko toolbars

2012-12-02 04:35 . 2012-12-02 04:35 -------- d-----w- c:\users\Rybicki\AppData\Local\adawarebp

2012-12-02 04:35 . 2012-12-02 04:35 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

2012-12-02 04:35 . 2012-12-02 04:35 -------- d-----w- c:\program files (x86)\adawaretb

2012-12-02 04:35 . 2012-12-02 04:35 -------- d-----w- c:\program files (x86)\Toolbar Cleaner

2012-12-02 04:34 . 2012-12-03 04:26 -------- d-----w- c:\users\Rybicki\AppData\Roaming\Ad-Aware Antivirus

2012-12-01 14:47 . 2012-12-01 14:47 -------- d-----w- c:\program files (x86)\ERUNT

2012-11-28 13:47 . 2012-12-01 09:48 -------- d-----w- c:\users\Rybicki\AppData\Roaming\Pueny

2012-11-28 13:47 . 2012-11-29 00:47 -------- d-----w- c:\users\Rybicki\AppData\Roaming\Ifweug

2012-11-28 13:47 . 2012-11-28 13:47 -------- d-----w- c:\users\Rybicki\AppData\Roaming\Ilebm

2012-11-23 11:16 . 2012-11-23 11:16 -------- d-----w- c:\users\Rybicki\AppData\Roaming\puush

2012-11-23 11:16 . 2012-11-23 11:17 -------- d-----w- c:\program files (x86)\puush

2012-11-16 19:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-16 19:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 19:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 19:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 02:41 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-11-16 02:41 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-16 02:41 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-03 04:15 . 2010-07-12 09:00 25640 ----a-w- c:\windows\gdrv.sys

2012-10-16 21:20 . 2012-11-28 00:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 21:20 . 2012-11-28 00:50 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 20:34 . 2012-11-28 00:50 559104 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-06 12:42 . 2012-08-08 05:27 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-06 12:42 . 2012-08-08 05:27 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-29 11:54 . 2012-08-03 11:01 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-28 05:16 . 2012-09-28 05:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-28 05:15 . 2012-07-01 05:38 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-28 05:15 . 2010-07-29 07:32 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-19 21:40 . 2012-09-19 21:40 47496 ----a-w- c:\windows\SysWow64\sbbd.exe

2012-09-14 19:23 . 2012-10-10 14:40 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:30 . 2012-10-10 14:40 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-12 12:19 . 2012-09-12 12:19 82872 ----a-w- c:\windows\system32\drivers\sbapifs.sys

.

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\users\Rybicki\AppData\Roaming\Ifweug ----

.

.

---- Directory of c:\users\Rybicki\AppData\Roaming\Ilebm ----

.

2010-10-20 19:08 . 2012-11-28 13:48 399066 ----a-w- c:\users\Rybicki\AppData\Roaming\Ilebm\olwet.vuu

.

---- Directory of c:\users\Rybicki\AppData\Roaming\Pueny ----

.

.

---- Directory of c:\users\Rybicki\AppData\Roaming\puush ----

.

2012-11-23 11:16 . 2012-12-03 04:16 646 ----a-w- c:\users\Rybicki\AppData\Roaming\puush\puush.ini

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mega Manager"="c:\program files (x86)\Megaupload\Mega Manager\MegaManager.exe" [2011-07-29 2113536]

"c:\users\Rybicki\Downloads\LivestreamProcaster.exe"="c:\users\Rybicki\Downloads\LivestreamProcaster.exe" [2012-09-09 18199256]

"puush"="c:\program files (x86)\puush\puush.exe" [2012-11-23 565480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]

"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]

"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]

"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-19 3677000]

R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-01-06 35840]

R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-27 1255736]

S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-02 14456]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-11-21 1236368]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]

S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-03-02 68136]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-05-17 308592]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-12 82872]

S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [2009-06-29 411136]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 07:35]

.

2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 07:35]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2800316101-1893281304-1120784185-1000Core.job

- c:\users\Rybicki\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 03:10]

.

2012-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2800316101-1893281304-1120784185-1000UA.job

- c:\users\Rybicki\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 03:10]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-25 7883296]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-25 1833504]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-05-07 2042368]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com.au/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Rybicki\AppData\Roaming\Mozilla\Firefox\Profiles\h6zd0hbl.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\07\05\1d\07\06\1b?"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-03 12:40:30

ComboFix-quarantined-files.txt 2012-12-03 04:40

ComboFix2.txt 2012-12-02 03:59

.

Pre-Run: 405,921,566,720 bytes free

Post-Run: 405,901,275,136 bytes free

.

- - End Of File - - 60E13FE01D4B1C4DA5F643F352C789A5

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.03.01

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Rybicki :: Rybicki-PC [administrator]

3/12/2012 12:47:06 PM

mbam-log-2012-12-03 (12-47-06).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 421485

Time elapsed: 51 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

We Need to Run a Batch Script

  1. Press the Windows-key on keyboard.
  2. In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.
  3. Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    rd /s /q c:\users\Rybicki\AppData\Roaming\Ifweug
    rd /s /q c:\users\Rybicki\AppData\Roaming\Pueny
    del /f /q c:\users\Rybicki\AppData\Roaming\Ilebm\olwet.vuu
    rd /s /q c:\users\Rybicki\AppData\Roaming\Ilebm
    del /f /q "%~f0"


  4. Select File -> Save AS.
  5. Press the Desktop button on the left side of the save dialog.
  6. In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  7. Press 10-16-2011%204-36-39%20PM.png.
  8. Close Notepad.
  9. Right click 10-16-2011%204-34-34%20PM.png on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  10. Press Yes if prompted by User Account Control.

Step 2

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click stinger-icon.gif and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

stinger2.png

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Step 3

Download, & save & then run the MS Safety scanner

http://www.microsoft.com/security/scanner/en-us/default.aspx

Let me know the result.

Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.

Note: Any data files that are infected may only be cleaned by deleting the file entirely, which means there is a potential for data loss.

When all done, Re-Enable your antivirus program.

Tell me, How is the system now ?

Link to post
Share on other sites

<p>Hi, the system seems to be running normal.</p>

<p> </p>

<p>Nothing was detected with the MS Safety scanner running a full scan.</p>

<p> </p>

<p> </p>

<p> </p>

<p> </p>

<div>McAfee® Labs Stinger Version 10.2.0.903 built on Dec  3 2012</div>

<div>Copyright © 2012 McAfee, Inc. All Rights Reserved.</div>

<div>Virus data file v1000.0000 created on Dec 3 2012.</div>

<div>Ready to scan for 5971 viruses, trojans and variants.</div>

<div> </div>

<div>Scan initiated on Tue Dec 04 10:09:18 2012</div>

<div>Rootkit scan result : Not Scanned </div>

<div> </div>

<div> </div>

<div>  Master Boot Record(s):....1</div>

<div>  Possibly Infected:.............0</div>

<div>  Boot Sector(s):.................1</div>

<div>  Possibly Infected: ............0</div>

<div> </div>

<div>  Number of clean files: 20235</div>

<div> </div>

Link to post
Share on other sites

ok. Those are good reports. Let's have you do an online scan.

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

When all done, Re-Enable your antivirus program.

Link to post
Share on other sites

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix icon_exclaim.gif),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\Rybicki\Desktop\ComboFix.exe /uninstall


  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

AdwCleaner.exe

RogueKiller.exe

TDSSKILLER.exe

Stinger.exe

MS Safety Scanner

You may use Control Panel >> Programs and Features and uninstall BitDefender Quickscan.

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.