Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Backdoor: Win32:Poison.E


  • This topic is locked This topic is locked
19 replies to this topic

#1 urs_rahul

urs_rahul

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 22 August 2012 - 02:12 AM

Hi,
I am totally new to this forum so there may be some errors in posting on my part.And thanks to all those who are helping people on this forum selflessly !!!
PROBLEM: Few days back when i inserted my usb drive into my laptop,i found some new folders like Hot Movies and Funny Videos which were not there earlier.I tried to delete them but they kept coming back.Even after i formatted my pendrive ,these files are not going.After that my Antivirus :Microsoft Security Essentials detected virus "Backdoor:Win32/Poison.E" and i removed it but it kept coming back on every restart of my laptop.I tried Malwarebytes,Super antispyware,Kaspersky Free Online scan but still it was detected by Security Essentials on every restart.Then i restored my pc to an earlier date and the error stopped.But now on every restart a notification is coming that"Your Browser Settings were changed by another program" and its giving two options of either keeping the earlier settings or change to new settings.I want to get rid of this.Please help ! And also give a solution to clean my pendrive.

DDS Text log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by samsung at 11:55:15 on 2012-08-22
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1956.1007 [GMT 5.5:30]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Samsung\Easy Software Manager\SWMAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\MBlaze UI\bin\App.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\samsung\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\samsung\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Users\samsung\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\samsung\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\samsung\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = about:blank
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Google Update] "c:\users\samsung\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BTMTrayAgent] rundll32.exe "c:\program files\intel\bluetooth\btmshell.dll",TrayApp
mRun: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [<NO NAME>]
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
TCP: Interfaces\{2AB55869-B944-45D5-AD6B-52429352489E} : NameServer = 10.228.65.114 116.202.225.32
TCP: Interfaces\{FA843823-A520-4BDA-B74D-D164FC603D9F} : DhcpNameServer = 192.168.43.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\samsung\application data\mozilla\firefox\profiles\g7sz0rym.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=115&q=
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=115
FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=115&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\samsung\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\samsung\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2012-8-21 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2011-4-21 923136]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\intel\bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\intel\bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2011-4-21 102672]
R2 SGDrv;SGDrv;c:\windows\system32\drivers\SGDrv.sys [2012-3-29 6144]
R2 UDisk Monitor;UDisk Monitor;c:\program files\mblaze ui\bin\MonServiceUDisk.exe [2012-8-15 512000]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-3-29 2656536]
R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\drivers\AmpPal.sys [2011-4-21 240640]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\intel\bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\drivers\btmaux.sys [2011-3-8 40960]
R3 btmhsf;btmhsf;c:\windows\system32\drivers\btmhsf.sys [2011-11-15 263680]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2012-3-29 159016]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\drivers\iBtFltCoex.sys [2011-12-9 47616]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-3-29 269824]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-3-29 41088]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-5-1 7513088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-3-29 381032]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2012-4-5 105472]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-14 116648]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\drivers\AmpPal.sys [2011-4-21 240640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-3-8 36864]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-6-14 80824]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-14 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-7 113120]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-7-28 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-7-28 10200]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-6-14 181432]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudobex.sys [2012-6-14 181432]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
.
=============== Created Last 30 ================
.
2012-08-21 15:35:11 7023536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{32011a53-7879-4329-85e2-1a3bd4bc2c82}\mpengine.dll
2012-08-21 15:28:42 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2012-08-21 15:28:35 -------- d-----w- c:\program files\Panda Security
2012-08-20 11:24:40 6891424 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-08-16 13:25:22 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-16 13:24:35 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-16 13:24:34 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-16 13:23:04 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 15:45:10 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 15:45:08 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 15:45:08 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 15:45:05 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-13 19:36:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-13 19:36:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-13 09:45:49 -------- d-----w- c:\programdata\Kaspersky Lab
2012-08-10 14:48:38 -------- d-----w- c:\programdata\Malwarebytes
2012-08-10 14:48:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-09 18:04:35 -------- d-----w- C:\Program Files
2012-07-28 13:41:46 2872512 ----a-w- c:\windows\system32\pwNative.exe
2012-07-28 13:41:45 15576 ------w- c:\windows\system32\pwdrvio.sys
2012-07-28 13:41:33 10200 ------w- c:\windows\system32\pwdspio.sys
2012-07-28 13:41:24 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 7.5
2012-07-25 04:44:24 -------- d-----w- c:\windows\pss
2012-07-24 07:02:19 -------- d-----w- c:\users\samsung\appdata\local\Proxure
2012-07-24 07:01:23 -------- d-----w- c:\programdata\ClubSanDisk
2012-07-23 07:01:25 -------- d-----w- c:\users\samsung\appdata\local\BlueStacksSetup
.
==================== Find3M ====================
.
2012-07-22 19:37:14 90824 ----a-w- c:\windows\system32\EasyHook32.dll
2012-07-22 19:37:14 109256 ----a-w- c:\windows\system32\EasyHook64.dll
2012-07-22 19:37:13 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2012-07-18 13:51:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-18 13:51:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 09:08:47 720896 ----a-w- c:\windows\iun6002.exe
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-26 07:02:38 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 09:49:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 09:42:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-29 07:38:50 330240 ----a-w- c:\windows\MASetupCaller.dll
.
============= FINISH: 11:56:11.01 ===============

BC AdBot (Login to Remove)

 


#2 urs_rahul

urs_rahul
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 26 August 2012 - 02:05 AM

Is anyone going to help me on my problem?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 26 August 2012 - 08:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#4 urs_rahul

urs_rahul
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 27 August 2012 - 10:21 AM

First of all,thanks for helping me out !Here are the log files you have asked for:

TDSKiller Log File:

20:09:51.0949 2900 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:09:51.0964 2900 ============================================================
20:09:51.0964 2900 Current date / time: 2012/08/27 20:09:51.0964
20:09:51.0964 2900 SystemInfo:
20:09:51.0964 2900
20:09:51.0964 2900 OS Version: 6.1.7601 ServicePack: 1.0
20:09:51.0964 2900 Product type: Workstation
20:09:51.0964 2900 ComputerName: SAMSUNG-PC
20:09:51.0964 2900 UserName: samsung
20:09:51.0964 2900 Windows directory: C:\Windows
20:09:51.0964 2900 System windows directory: C:\Windows
20:09:51.0964 2900 Processor architecture: Intel x86
20:09:51.0964 2900 Number of processors: 2
20:09:51.0964 2900 Page size: 0x1000
20:09:51.0964 2900 Boot type: Normal boot
20:09:51.0964 2900 ============================================================
20:09:53.0072 2900 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:09:53.0088 2900 ============================================================
20:09:53.0088 2900 \Device\Harddisk0\DR0:
20:09:53.0088 2900 MBR partitions:
20:09:53.0088 2900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:09:53.0088 2900 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
20:09:53.0088 2900 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0xC350000
20:09:53.0088 2900 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x186A0800, BlocksNum 0xCD8D800
20:09:53.0088 2900 ============================================================
20:09:53.0119 2900 C: <-> \Device\Harddisk0\DR0\Partition2
20:09:53.0150 2900 D: <-> \Device\Harddisk0\DR0\Partition3
20:09:53.0228 2900 E: <-> \Device\Harddisk0\DR0\Partition4
20:09:53.0228 2900 ============================================================
20:09:53.0228 2900 Initialize success
20:09:53.0228 2900 ============================================================
20:10:02.0806 1196 ============================================================
20:10:02.0806 1196 Scan started
20:10:02.0806 1196 Mode: Manual;
20:10:02.0806 1196 ============================================================
20:10:03.0306 1196 ================ Scan system memory ========================
20:10:03.0306 1196 System memory - ok
20:10:03.0306 1196 ================ Scan services =============================
20:10:03.0352 1196 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:10:03.0368 1196 !SASCORE - ok
20:10:03.0633 1196 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:10:03.0633 1196 1394ohci - ok
20:10:03.0680 1196 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:10:03.0696 1196 ACPI - ok
20:10:03.0711 1196 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:10:03.0711 1196 AcpiPmi - ok
20:10:03.0742 1196 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:10:03.0774 1196 adp94xx - ok
20:10:03.0805 1196 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:10:03.0820 1196 adpahci - ok
20:10:03.0867 1196 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:10:03.0867 1196 adpu320 - ok
20:10:03.0898 1196 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:10:03.0914 1196 AeLookupSvc - ok
20:10:03.0961 1196 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
20:10:03.0976 1196 AFD - ok
20:10:04.0008 1196 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:10:04.0023 1196 agp440 - ok
20:10:04.0039 1196 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:10:04.0039 1196 aic78xx - ok
20:10:04.0086 1196 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:10:04.0101 1196 ALG - ok
20:10:04.0117 1196 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
20:10:04.0132 1196 aliide - ok
20:10:04.0148 1196 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:10:04.0148 1196 amdagp - ok
20:10:04.0148 1196 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
20:10:04.0164 1196 amdide - ok
20:10:04.0179 1196 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:10:04.0179 1196 AmdK8 - ok
20:10:04.0179 1196 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:10:04.0195 1196 AmdPPM - ok
20:10:04.0210 1196 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:10:04.0210 1196 amdsata - ok
20:10:04.0242 1196 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:10:04.0257 1196 amdsbs - ok
20:10:04.0273 1196 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:10:04.0288 1196 amdxata - ok
20:10:04.0320 1196 [ CB3344B1952130183841977198E9A296 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
20:10:04.0335 1196 AMPPAL - ok
20:10:04.0351 1196 [ CB3344B1952130183841977198E9A296 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
20:10:04.0351 1196 AMPPALP - ok
20:10:04.0460 1196 [ 0C3DB36FB2894BF371B60A3E3C660D60 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
20:10:04.0491 1196 AMPPALR3 - ok
20:10:04.0647 1196 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
20:10:04.0663 1196 AppID - ok
20:10:04.0710 1196 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:10:04.0710 1196 AppIDSvc - ok
20:10:04.0725 1196 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
20:10:04.0725 1196 Appinfo - ok
20:10:04.0756 1196 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
20:10:04.0756 1196 arc - ok
20:10:04.0788 1196 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:10:04.0788 1196 arcsas - ok
20:10:04.0803 1196 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:10:04.0803 1196 AsyncMac - ok
20:10:04.0834 1196 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
20:10:04.0834 1196 atapi - ok
20:10:04.0881 1196 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:10:04.0897 1196 AudioEndpointBuilder - ok
20:10:04.0928 1196 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:10:04.0944 1196 Audiosrv - ok
20:10:04.0990 1196 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:10:04.0990 1196 AxInstSV - ok
20:10:05.0037 1196 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
20:10:05.0068 1196 b06bdrv - ok
20:10:05.0115 1196 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:10:05.0115 1196 b57nd60x - ok
20:10:05.0178 1196 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:10:05.0178 1196 BDESVC - ok
20:10:05.0193 1196 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:10:05.0193 1196 Beep - ok
20:10:05.0240 1196 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
20:10:05.0256 1196 BFE - ok
20:10:05.0302 1196 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
20:10:05.0334 1196 BITS - ok
20:10:05.0365 1196 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:10:05.0365 1196 blbdrive - ok
20:10:05.0443 1196 [ FEE8EEE4B33E4CB560BD0F5EE26EA3E5 ] Bluetooth Device Monitor C:\Program Files\Intel\Bluetooth\devmonsrv.exe
20:10:05.0458 1196 Bluetooth Device Monitor - ok
20:10:05.0552 1196 [ 5AE7F6E810853AEBCB60C4ACDCD87103 ] Bluetooth Media Service C:\Program Files\Intel\Bluetooth\mediasrv.exe
20:10:05.0568 1196 Bluetooth Media Service - ok
20:10:05.0614 1196 [ 6030437C07D554090D63826E9F608DE1 ] Bluetooth OBEX Service C:\Program Files\Intel\Bluetooth\obexsrv.exe
20:10:05.0630 1196 Bluetooth OBEX Service - ok
20:10:05.0677 1196 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:10:05.0677 1196 bowser - ok
20:10:05.0708 1196 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:10:05.0708 1196 BrFiltLo - ok
20:10:05.0724 1196 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:10:05.0724 1196 BrFiltUp - ok
20:10:05.0770 1196 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
20:10:05.0770 1196 Browser - ok
20:10:05.0802 1196 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:10:05.0802 1196 Brserid - ok
20:10:05.0817 1196 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:10:05.0817 1196 BrSerWdm - ok
20:10:05.0833 1196 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:10:05.0833 1196 BrUsbMdm - ok
20:10:05.0848 1196 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:10:05.0848 1196 BrUsbSer - ok
20:10:05.0880 1196 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:10:05.0895 1196 BthEnum - ok
20:10:05.0911 1196 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:10:05.0911 1196 BTHMODEM - ok
20:10:05.0926 1196 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:10:05.0942 1196 BthPan - ok
20:10:05.0973 1196 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:10:06.0004 1196 BTHPORT - ok
20:10:06.0036 1196 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:10:06.0036 1196 bthserv - ok
20:10:06.0067 1196 [ 04F3C555369B85E53C858CE743F977DD ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
20:10:06.0082 1196 BTHSSecurityMgr - ok
20:10:06.0098 1196 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:10:06.0114 1196 BTHUSB - ok
20:10:06.0129 1196 [ 0654AF756EE2E50226908A97FF17034B ] btmaudio C:\Windows\system32\drivers\btmaud.sys
20:10:06.0145 1196 btmaudio - ok
20:10:06.0160 1196 [ ECF4C3BB58C701D73FCE05F25C8B323B ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
20:10:06.0176 1196 btmaux - ok
20:10:06.0207 1196 [ 58351A9ED9A5AD3C8A22EC5BEBF4DA2A ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
20:10:06.0223 1196 btmhsf - ok
20:10:06.0238 1196 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:10:06.0238 1196 cdfs - ok
20:10:06.0285 1196 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:10:06.0285 1196 cdrom - ok
20:10:06.0316 1196 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
20:10:06.0316 1196 CertPropSvc - ok
20:10:06.0332 1196 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
20:10:06.0332 1196 circlass - ok
20:10:06.0363 1196 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:10:06.0363 1196 CLFS - ok
20:10:06.0441 1196 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:10:06.0457 1196 clr_optimization_v2.0.50727_32 - ok
20:10:06.0488 1196 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:10:06.0488 1196 CmBatt - ok
20:10:06.0504 1196 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:10:06.0504 1196 cmdide - ok
20:10:06.0582 1196 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
20:10:06.0582 1196 CNG - ok
20:10:06.0675 1196 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:10:06.0675 1196 Compbatt - ok
20:10:06.0706 1196 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:10:06.0706 1196 CompositeBus - ok
20:10:06.0722 1196 COMSysApp - ok
20:10:06.0753 1196 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:10:06.0753 1196 crcdisk - ok
20:10:06.0800 1196 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:10:06.0816 1196 CryptSvc - ok
20:10:06.0862 1196 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:10:06.0878 1196 DcomLaunch - ok
20:10:06.0925 1196 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:10:06.0925 1196 defragsvc - ok
20:10:06.0972 1196 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:10:06.0972 1196 DfsC - ok
20:10:07.0003 1196 [ F9F31A9F2A8C0DD0CEB6E380BF0985D4 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
20:10:07.0018 1196 dg_ssudbus - ok
20:10:07.0050 1196 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:10:07.0065 1196 Dhcp - ok
20:10:07.0081 1196 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:10:07.0081 1196 discache - ok
20:10:07.0128 1196 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
20:10:07.0128 1196 Disk - ok
20:10:07.0159 1196 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:10:07.0174 1196 Dnscache - ok
20:10:07.0206 1196 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
20:10:07.0206 1196 dot3svc - ok
20:10:07.0237 1196 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
20:10:07.0237 1196 DPS - ok
20:10:07.0268 1196 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:10:07.0284 1196 drmkaud - ok
20:10:07.0330 1196 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:10:07.0362 1196 DXGKrnl - ok
20:10:07.0377 1196 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:10:07.0393 1196 EapHost - ok
20:10:07.0486 1196 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
20:10:07.0611 1196 ebdrv - ok
20:10:07.0627 1196 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
20:10:07.0642 1196 EFS - ok
20:10:07.0689 1196 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:10:07.0720 1196 elxstor - ok
20:10:07.0720 1196 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:10:07.0720 1196 ErrDev - ok
20:10:07.0783 1196 [ 45B01343F5F3ED9B6C99D7140AD01491 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
20:10:07.0783 1196 ETD - ok
20:10:07.0830 1196 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:10:07.0845 1196 EventSystem - ok
20:10:07.0876 1196 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:10:07.0876 1196 exfat - ok
20:10:07.0892 1196 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:10:07.0908 1196 fastfat - ok
20:10:07.0954 1196 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
20:10:07.0986 1196 Fax - ok
20:10:08.0001 1196 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
20:10:08.0017 1196 fdc - ok
20:10:08.0048 1196 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:10:08.0048 1196 fdPHost - ok
20:10:08.0064 1196 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:10:08.0079 1196 FDResPub - ok
20:10:08.0079 1196 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:10:08.0095 1196 FileInfo - ok
20:10:08.0095 1196 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:10:08.0110 1196 Filetrace - ok
20:10:08.0142 1196 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:10:08.0142 1196 flpydisk - ok
20:10:08.0173 1196 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:10:08.0173 1196 FltMgr - ok
20:10:08.0235 1196 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
20:10:08.0266 1196 FontCache - ok
20:10:08.0329 1196 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:10:08.0329 1196 FontCache3.0.0.0 - ok
20:10:08.0360 1196 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:10:08.0360 1196 FsDepends - ok
20:10:08.0407 1196 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:10:08.0422 1196 fssfltr - ok
20:10:08.0500 1196 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:10:08.0563 1196 fsssvc - ok
20:10:08.0641 1196 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:10:08.0656 1196 Fs_Rec - ok
20:10:08.0703 1196 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:10:08.0719 1196 fvevol - ok
20:10:08.0734 1196 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:10:08.0750 1196 gagp30kx - ok
20:10:08.0797 1196 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
20:10:08.0828 1196 gpsvc - ok
20:10:08.0906 1196 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:10:08.0906 1196 gupdate - ok
20:10:08.0922 1196 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:10:08.0922 1196 gupdatem - ok
20:10:08.0953 1196 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:10:08.0968 1196 gusvc - ok
20:10:09.0000 1196 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:10:09.0000 1196 hcw85cir - ok
20:10:09.0046 1196 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:10:09.0046 1196 HdAudAddService - ok
20:10:09.0078 1196 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:10:09.0093 1196 HDAudBus - ok
20:10:09.0109 1196 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:10:09.0109 1196 HidBatt - ok
20:10:09.0124 1196 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:10:09.0124 1196 HidBth - ok
20:10:09.0156 1196 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
20:10:09.0156 1196 HidIr - ok
20:10:09.0187 1196 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
20:10:09.0187 1196 hidserv - ok
20:10:09.0218 1196 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:10:09.0234 1196 HidUsb - ok
20:10:09.0249 1196 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:10:09.0265 1196 hkmsvc - ok
20:10:09.0280 1196 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:10:09.0296 1196 HomeGroupListener - ok
20:10:09.0327 1196 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:10:09.0327 1196 HomeGroupProvider - ok
20:10:09.0374 1196 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:10:09.0374 1196 HpSAMD - ok
20:10:09.0421 1196 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:10:09.0452 1196 HTTP - ok
20:10:09.0468 1196 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:10:09.0468 1196 hwpolicy - ok
20:10:09.0499 1196 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:10:09.0499 1196 i8042prt - ok
20:10:09.0561 1196 [ 5D5EDCB987C96E266A3DFCD6B67E48B8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:10:09.0561 1196 iaStor - ok
20:10:09.0592 1196 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:10:09.0608 1196 iaStorV - ok
20:10:09.0624 1196 [ AE2DC615F928AC6A18CF25A58630809E ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
20:10:09.0624 1196 iBtFltCoex - ok
20:10:09.0686 1196 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:10:09.0733 1196 idsvc - ok
20:10:09.0982 1196 [ 0DF8F6EAE9286D9D3FECAC8A46355F70 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
20:10:10.0279 1196 igfx - ok
20:10:10.0294 1196 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:10:10.0310 1196 iirsp - ok
20:10:10.0357 1196 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
20:10:10.0372 1196 IKEEXT - ok
20:10:10.0419 1196 [ 5576AD2F0039D2BCCCA3567FC0BF981C ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
20:10:10.0435 1196 IntcDAud - ok
20:10:10.0450 1196 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
20:10:10.0466 1196 intelide - ok
20:10:10.0482 1196 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:10:10.0482 1196 intelppm - ok
20:10:10.0513 1196 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:10:10.0528 1196 IPBusEnum - ok
20:10:10.0544 1196 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:10:10.0544 1196 IpFilterDriver - ok
20:10:10.0575 1196 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:10:10.0606 1196 iphlpsvc - ok
20:10:10.0638 1196 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:10:10.0638 1196 IPMIDRV - ok
20:10:10.0669 1196 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:10:10.0669 1196 IPNAT - ok
20:10:10.0700 1196 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:10:10.0700 1196 IRENUM - ok
20:10:10.0731 1196 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:10:10.0731 1196 isapnp - ok
20:10:10.0747 1196 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:10:10.0762 1196 iScsiPrt - ok
20:10:10.0794 1196 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:10:10.0794 1196 kbdclass - ok
20:10:10.0809 1196 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:10:10.0809 1196 kbdhid - ok
20:10:10.0856 1196 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
20:10:10.0856 1196 KeyIso - ok
20:10:10.0887 1196 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:10:10.0887 1196 KSecDD - ok
20:10:10.0903 1196 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:10:10.0918 1196 KSecPkg - ok
20:10:10.0950 1196 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:10:10.0950 1196 KtmRm - ok
20:10:10.0996 1196 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
20:10:11.0012 1196 LanmanServer - ok
20:10:11.0043 1196 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:10:11.0043 1196 LanmanWorkstation - ok
20:10:11.0106 1196 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:10:11.0121 1196 lltdio - ok
20:10:11.0152 1196 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:10:11.0152 1196 lltdsvc - ok
20:10:11.0168 1196 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:10:11.0184 1196 lmhosts - ok
20:10:11.0230 1196 [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:10:11.0246 1196 LMS - ok
20:10:11.0277 1196 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:10:11.0293 1196 LSI_FC - ok
20:10:11.0308 1196 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:10:11.0308 1196 LSI_SAS - ok
20:10:11.0324 1196 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:10:11.0324 1196 LSI_SAS2 - ok
20:10:11.0355 1196 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:10:11.0355 1196 LSI_SCSI - ok
20:10:11.0386 1196 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:10:11.0386 1196 luafv - ok
20:10:11.0386 1196 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
20:10:11.0402 1196 megasas - ok
20:10:11.0418 1196 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:10:11.0433 1196 MegaSR - ok
20:10:11.0464 1196 [ D86AC00883B9C98B570E7643AAF8E554 ] MEI C:\Windows\system32\DRIVERS\HECI.sys
20:10:11.0464 1196 MEI - ok
20:10:11.0527 1196 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:10:11.0527 1196 Microsoft Office Groove Audit Service - ok
20:10:11.0558 1196 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:10:11.0558 1196 MMCSS - ok
20:10:11.0574 1196 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:10:11.0574 1196 Modem - ok
20:10:11.0620 1196 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:10:11.0620 1196 monitor - ok
20:10:11.0652 1196 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:10:11.0652 1196 mouclass - ok
20:10:11.0683 1196 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:10:11.0683 1196 mouhid - ok
20:10:11.0714 1196 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:10:11.0730 1196 mountmgr - ok
20:10:11.0792 1196 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:10:11.0792 1196 MozillaMaintenance - ok
20:10:11.0839 1196 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:10:11.0839 1196 MpFilter - ok
20:10:11.0870 1196 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
20:10:11.0870 1196 mpio - ok
20:10:12.0010 1196 [ A69630D039C38018689190234F866D77 ] MpKsl40eb0e6d C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{45023380-266F-4370-A9C6-E54871A99886}\MpKsl40eb0e6d.sys
20:10:12.0026 1196 MpKsl40eb0e6d - ok
20:10:12.0042 1196 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:10:12.0042 1196 mpsdrv - ok
20:10:12.0104 1196 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:10:12.0135 1196 MpsSvc - ok
20:10:12.0166 1196 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:10:12.0182 1196 MRxDAV - ok
20:10:12.0213 1196 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:10:12.0213 1196 mrxsmb - ok
20:10:12.0244 1196 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:10:12.0244 1196 mrxsmb10 - ok
20:10:12.0260 1196 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:10:12.0276 1196 mrxsmb20 - ok
20:10:12.0291 1196 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
20:10:12.0291 1196 msahci - ok
20:10:12.0307 1196 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:10:12.0322 1196 msdsm - ok
20:10:12.0354 1196 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:10:12.0354 1196 MSDTC - ok
20:10:12.0385 1196 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:10:12.0385 1196 Msfs - ok
20:10:12.0400 1196 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:10:12.0400 1196 mshidkmdf - ok
20:10:12.0416 1196 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:10:12.0416 1196 msisadrv - ok
20:10:12.0463 1196 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:10:12.0463 1196 MSiSCSI - ok
20:10:12.0478 1196 msiserver - ok
20:10:12.0494 1196 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:10:12.0494 1196 MSKSSRV - ok
20:10:12.0572 1196 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:10:12.0588 1196 MsMpSvc - ok
20:10:12.0603 1196 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:10:12.0603 1196 MSPCLOCK - ok
20:10:12.0619 1196 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:10:12.0619 1196 MSPQM - ok
20:10:12.0634 1196 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:10:12.0650 1196 MsRPC - ok
20:10:12.0666 1196 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:10:12.0666 1196 mssmbios - ok
20:10:12.0681 1196 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:10:12.0681 1196 MSTEE - ok
20:10:12.0697 1196 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:10:12.0697 1196 MTConfig - ok
20:10:12.0712 1196 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:10:12.0712 1196 Mup - ok
20:10:12.0759 1196 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
20:10:12.0759 1196 napagent - ok
20:10:12.0806 1196 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:10:12.0822 1196 NativeWifiP - ok
20:10:12.0931 1196 [ 0D01287D85B3715FA8270E8EC919B7F7 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
20:10:13.0087 1196 NBService - ok
20:10:13.0134 1196 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:10:13.0165 1196 NDIS - ok
20:10:13.0180 1196 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:10:13.0180 1196 NdisCap - ok
20:10:13.0212 1196 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:10:13.0212 1196 NdisTapi - ok
20:10:13.0227 1196 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:10:13.0227 1196 Ndisuio - ok
20:10:13.0258 1196 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:10:13.0258 1196 NdisWan - ok
20:10:13.0274 1196 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:10:13.0274 1196 NDProxy - ok
20:10:13.0290 1196 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:10:13.0305 1196 NetBIOS - ok
20:10:13.0321 1196 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:10:13.0321 1196 NetBT - ok
20:10:13.0336 1196 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
20:10:13.0336 1196 Netlogon - ok
20:10:13.0383 1196 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:10:13.0399 1196 Netman - ok
20:10:13.0414 1196 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:10:13.0430 1196 netprofm - ok
20:10:13.0461 1196 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:10:13.0461 1196 NetTcpPortSharing - ok
20:10:13.0680 1196 [ 9C23121705590D54DB8A8C6033C782D9 ] NETwNs32 C:\Windows\system32\DRIVERS\NETwNs32.sys
20:10:13.0882 1196 NETwNs32 - ok
20:10:13.0914 1196 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:10:13.0914 1196 nfrd960 - ok
20:10:13.0945 1196 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:10:13.0945 1196 NisDrv - ok
20:10:13.0976 1196 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
20:10:13.0992 1196 NisSrv - ok
20:10:14.0038 1196 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:10:14.0038 1196 NlaSvc - ok
20:10:14.0132 1196 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
20:10:14.0413 1196 NMIndexingService - ok
20:10:14.0428 1196 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:10:14.0428 1196 Npfs - ok
20:10:14.0444 1196 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:10:14.0444 1196 nsi - ok
20:10:14.0475 1196 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:10:14.0475 1196 nsiproxy - ok
20:10:14.0538 1196 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:10:14.0584 1196 Ntfs - ok
20:10:14.0600 1196 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:10:14.0600 1196 Null - ok
20:10:14.0616 1196 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:10:14.0631 1196 nvraid - ok
20:10:14.0647 1196 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:10:14.0647 1196 nvstor - ok
20:10:14.0662 1196 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:10:14.0662 1196 nv_agp - ok
20:10:14.0740 1196 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:10:14.0756 1196 odserv - ok
20:10:14.0787 1196 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:10:14.0787 1196 ohci1394 - ok
20:10:14.0834 1196 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:10:14.0850 1196 ose - ok
20:10:14.0896 1196 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:10:14.0896 1196 p2pimsvc - ok
20:10:14.0928 1196 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:10:14.0959 1196 p2psvc - ok
20:10:14.0990 1196 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
20:10:14.0990 1196 Parport - ok
20:10:15.0006 1196 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:10:15.0021 1196 partmgr - ok
20:10:15.0037 1196 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:10:15.0037 1196 Parvdm - ok
20:10:15.0068 1196 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:10:15.0084 1196 PcaSvc - ok
20:10:15.0115 1196 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:10:15.0115 1196 pci - ok
20:10:15.0146 1196 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:10:15.0146 1196 pciide - ok
20:10:15.0162 1196 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:10:15.0162 1196 pcmcia - ok
20:10:15.0177 1196 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:10:15.0177 1196 pcw - ok
20:10:15.0224 1196 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:10:15.0255 1196 PEAUTH - ok
20:10:15.0349 1196 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:10:15.0411 1196 pla - ok
20:10:15.0458 1196 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:10:15.0458 1196 PlugPlay - ok
20:10:15.0489 1196 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:10:15.0489 1196 PNRPAutoReg - ok
20:10:15.0505 1196 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:10:15.0505 1196 PNRPsvc - ok
20:10:15.0552 1196 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:10:15.0567 1196 PolicyAgent - ok
20:10:15.0614 1196 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:10:15.0630 1196 Power - ok
20:10:15.0708 1196 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:10:15.0708 1196 PptpMiniport - ok
20:10:15.0723 1196 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
20:10:15.0739 1196 Processor - ok
20:10:15.0786 1196 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
20:10:15.0786 1196 ProfSvc - ok
20:10:15.0817 1196 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:10:15.0817 1196 ProtectedStorage - ok
20:10:15.0832 1196 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:10:15.0848 1196 Psched - ok
20:10:15.0895 1196 [ 3DDD425DE6F3DAE507CA2129838B3D53 ] pwdrvio C:\Windows\system32\pwdrvio.sys
20:10:15.0926 1196 pwdrvio - ok
20:10:15.0988 1196 [ 0E634F8BE4D0E6A10317C6647AE31344 ] pwdspio C:\Windows\system32\pwdspio.sys
20:10:16.0035 1196 pwdspio - ok
20:10:16.0082 1196 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
20:10:16.0082 1196 PxHelp20 - ok
20:10:16.0144 1196 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:10:16.0191 1196 ql2300 - ok
20:10:16.0207 1196 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:10:16.0207 1196 ql40xx - ok
20:10:16.0238 1196 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:10:16.0238 1196 QWAVE - ok
20:10:16.0254 1196 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:10:16.0269 1196 QWAVEdrv - ok
20:10:16.0285 1196 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:10:16.0285 1196 RasAcd - ok
20:10:16.0300 1196 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:10:16.0316 1196 RasAgileVpn - ok
20:10:16.0332 1196 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:10:16.0332 1196 RasAuto - ok
20:10:16.0347 1196 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:10:16.0347 1196 Rasl2tp - ok
20:10:16.0378 1196 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:10:16.0394 1196 RasMan - ok
20:10:16.0410 1196 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:10:16.0410 1196 RasPppoe - ok
20:10:16.0425 1196 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:10:16.0425 1196 RasSstp - ok
20:10:16.0441 1196 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:10:16.0456 1196 rdbss - ok
20:10:16.0472 1196 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
20:10:16.0472 1196 rdpbus - ok
20:10:16.0488 1196 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:10:16.0488 1196 RDPCDD - ok
20:10:16.0519 1196 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:10:16.0519 1196 RDPENCDD - ok
20:10:16.0534 1196 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:10:16.0534 1196 RDPREFMP - ok
20:10:16.0566 1196 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:10:16.0581 1196 RDPWD - ok
20:10:16.0612 1196 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:10:16.0628 1196 rdyboost - ok
20:10:16.0659 1196 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:10:16.0659 1196 RemoteAccess - ok
20:10:16.0706 1196 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:10:16.0706 1196 RemoteRegistry - ok
20:10:16.0768 1196 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:10:16.0768 1196 RFCOMM - ok
20:10:16.0831 1196 [ FD7DADE7A745CDFE43CBE4AC6DD520A5 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
20:10:16.0831 1196 RichVideo - ok
20:10:16.0878 1196 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:10:16.0878 1196 RpcEptMapper - ok
20:10:16.0924 1196 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:10:16.0924 1196 RpcLocator - ok
20:10:16.0956 1196 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
20:10:16.0956 1196 RpcSs - ok
20:10:17.0002 1196 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:10:17.0002 1196 rspndr - ok
20:10:17.0049 1196 [ 3E7C3E75A40118E267DB10FE4CBCE0DA ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
20:10:17.0080 1196 RTL8167 - ok
20:10:17.0096 1196 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:10:17.0096 1196 SamSs - ok
20:10:17.0143 1196 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:10:17.0159 1196 SASDIFSV - ok
20:10:17.0174 1196 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:10:17.0174 1196 SASKUTIL - ok
20:10:17.0221 1196 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:10:17.0221 1196 sbp2port - ok
20:10:17.0252 1196 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:10:17.0268 1196 SCardSvr - ok
20:10:17.0283 1196 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:10:17.0299 1196 scfilter - ok
20:10:17.0330 1196 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:10:17.0361 1196 Schedule - ok
20:10:17.0377 1196 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:10:17.0393 1196 SCPolicySvc - ok
20:10:17.0408 1196 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:10:17.0408 1196 SDRSVC - ok
20:10:17.0439 1196 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:10:17.0439 1196 secdrv - ok
20:10:17.0455 1196 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:10:17.0471 1196 seclogon - ok
20:10:17.0471 1196 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
20:10:17.0486 1196 SENS - ok
20:10:17.0502 1196 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:10:17.0502 1196 Serenum - ok
20:10:17.0549 1196 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
20:10:17.0564 1196 Serial - ok
20:10:17.0564 1196 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:10:17.0564 1196 sermouse - ok
20:10:17.0627 1196 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:10:17.0642 1196 SessionEnv - ok
20:10:17.0642 1196 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:10:17.0658 1196 sffdisk - ok
20:10:17.0658 1196 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:10:17.0673 1196 sffp_mmc - ok
20:10:17.0673 1196 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:10:17.0673 1196 sffp_sd - ok
20:10:17.0689 1196 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:10:17.0689 1196 sfloppy - ok
20:10:17.0720 1196 [ 02C41EF0DA7C662C4301F86F2CAA1FCB ] SGDrv C:\Windows\system32\DRIVERS\SGdrv.sys
20:10:17.0736 1196 SGDrv - ok
20:10:17.0767 1196 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:10:17.0783 1196 SharedAccess - ok
20:10:17.0829 1196 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:10:17.0861 1196 ShellHWDetection - ok
20:10:17.0892 1196 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:10:17.0892 1196 sisagp - ok
20:10:17.0907 1196 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:10:17.0907 1196 SiSRaid2 - ok
20:10:17.0939 1196 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:10:17.0939 1196 SiSRaid4 - ok
20:10:18.0001 1196 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:10:18.0017 1196 SkypeUpdate - ok
20:10:18.0048 1196 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:10:18.0048 1196 Smb - ok
20:10:18.0095 1196 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:10:18.0095 1196 SNMPTRAP - ok
20:10:18.0126 1196 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:10:18.0126 1196 spldr - ok
20:10:18.0157 1196 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
20:10:18.0188 1196 Spooler - ok
20:10:18.0282 1196 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:10:18.0375 1196 sppsvc - ok
20:10:18.0391 1196 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:10:18.0391 1196 sppuinotify - ok
20:10:18.0438 1196 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:10:18.0438 1196 srv - ok
20:10:18.0469 1196 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:10:18.0485 1196 srv2 - ok
20:10:18.0516 1196 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:10:18.0531 1196 srvnet - ok
20:10:18.0563 1196 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:10:18.0578 1196 SSDPSRV - ok
20:10:18.0578 1196 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:10:18.0594 1196 SstpSvc - ok
20:10:18.0641 1196 [ 07318149E102FD9197AB444C27774372 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
20:10:18.0641 1196 ssudmdm - ok
20:10:18.0672 1196 [ AE73CE1FC0C6D8F3249F23B906AEF490 ] ssudobex C:\Windows\system32\DRIVERS\ssudobex.sys
20:10:18.0687 1196 ssudobex - ok
20:10:18.0719 1196 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:10:18.0719 1196 stexstor - ok
20:10:18.0765 1196 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:10:18.0797 1196 StiSvc - ok
20:10:18.0812 1196 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:10:18.0812 1196 swenum - ok
20:10:18.0843 1196 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:10:18.0859 1196 swprv - ok
20:10:18.0906 1196 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:10:18.0953 1196 SysMain - ok
20:10:18.0968 1196 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:10:18.0968 1196 TabletInputService - ok
20:10:18.0984 1196 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:10:18.0999 1196 TapiSrv - ok
20:10:19.0062 1196 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:10:19.0062 1196 TBS - ok
20:10:19.0140 1196 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:10:19.0187 1196 Tcpip - ok
20:10:19.0265 1196 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:10:19.0280 1196 TCPIP6 - ok
20:10:19.0311 1196 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:10:19.0327 1196 tcpipreg - ok
20:10:19.0343 1196 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:10:19.0343 1196 TDPIPE - ok
20:10:19.0389 1196 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:10:19.0389 1196 TDTCP - ok
20:10:19.0405 1196 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:10:19.0405 1196 tdx - ok
20:10:19.0436 1196 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:10:19.0436 1196 TermDD - ok
20:10:19.0467 1196 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:10:19.0483 1196 TermService - ok
20:10:19.0499 1196 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:10:19.0514 1196 Themes - ok
20:10:19.0530 1196 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:10:19.0530 1196 THREADORDER - ok
20:10:19.0561 1196 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:10:19.0561 1196 TrkWks - ok
20:10:19.0608 1196 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:10:19.0623 1196 TrustedInstaller - ok
20:10:19.0639 1196 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:10:19.0639 1196 tssecsrv - ok
20:10:19.0670 1196 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:10:19.0670 1196 TsUsbFlt - ok
20:10:19.0686 1196 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:10:19.0701 1196 TsUsbGD - ok
20:10:19.0717 1196 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:10:19.0733 1196 tunnel - ok
20:10:19.0748 1196 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:10:19.0748 1196 uagp35 - ok
20:10:19.0779 1196 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:10:19.0779 1196 udfs - ok
20:10:19.0873 1196 [ EA5618CA62A80DEDD75F56DF5405BC6C ] UDisk Monitor C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
20:10:19.0873 1196 UDisk Monitor - ok
20:10:19.0920 1196 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:10:19.0920 1196 UI0Detect - ok
20:10:19.0967 1196 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:10:19.0967 1196 uliagpkx - ok
20:10:19.0982 1196 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:10:19.0982 1196 umbus - ok
20:10:19.0998 1196 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
20:10:19.0998 1196 UmPass - ok
20:10:20.0123 1196 [ DB641944F7E4B14C13C3FEFC89843F69 ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:10:20.0232 1196 UNS - ok
20:10:20.0247 1196 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:10:20.0263 1196 upnphost - ok
20:10:20.0294 1196 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:10:20.0294 1196 usbccgp - ok
20:10:20.0310 1196 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:10:20.0310 1196 usbcir - ok
20:10:20.0341 1196 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:10:20.0341 1196 usbehci - ok
20:10:20.0372 1196 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:10:20.0372 1196 usbhub - ok
20:10:20.0388 1196 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:10:20.0388 1196 usbohci - ok
20:10:20.0403 1196 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:10:20.0403 1196 usbprint - ok
20:10:20.0435 1196 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:10:20.0435 1196 USBSTOR - ok
20:10:20.0450 1196 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:10:20.0450 1196 usbuhci - ok
20:10:20.0481 1196 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:10:20.0481 1196 usbvideo - ok
20:10:20.0513 1196 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
20:10:20.0528 1196 usb_rndisx - ok
20:10:20.0544 1196 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:10:20.0559 1196 UxSms - ok
20:10:20.0575 1196 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:10:20.0575 1196 VaultSvc - ok
20:10:20.0622 1196 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:10:20.0622 1196 vdrvroot - ok
20:10:20.0653 1196 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:10:20.0684 1196 vds - ok
20:10:20.0700 1196 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:10:20.0700 1196 vga - ok
20:10:20.0715 1196 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:10:20.0731 1196 VgaSave - ok
20:10:20.0747 1196 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:10:20.0762 1196 vhdmp - ok
20:10:20.0778 1196 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:10:20.0778 1196 viaagp - ok
20:10:20.0793 1196 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:10:20.0793 1196 ViaC7 - ok
20:10:20.0793 1196 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:10:20.0809 1196 viaide - ok
20:10:20.0825 1196 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:10:20.0825 1196 volmgr - ok
20:10:20.0856 1196 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:10:20.0856 1196 volmgrx - ok
20:10:20.0887 1196 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:10:20.0887 1196 volsnap - ok
20:10:20.0934 1196 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:10:20.0949 1196 vsmraid - ok
20:10:20.0996 1196 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:10:21.0043 1196 VSS - ok
20:10:21.0074 1196 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:10:21.0074 1196 vwifibus - ok
20:10:21.0105 1196 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:10:21.0105 1196 vwififlt - ok
20:10:21.0137 1196 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:10:21.0137 1196 vwifimp - ok
20:10:21.0183 1196 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:10:21.0199 1196 W32Time - ok
20:10:21.0215 1196 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:10:21.0230 1196 WacomPen - ok
20:10:21.0246 1196 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:10:21.0246 1196 WANARP - ok
20:10:21.0261 1196 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:10:21.0261 1196 Wanarpv6 - ok
20:10:21.0308 1196 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:10:21.0355 1196 wbengine - ok
20:10:21.0371 1196 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:10:21.0386 1196 WbioSrvc - ok
20:10:21.0402 1196 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:10:21.0417 1196 wcncsvc - ok
20:10:21.0433 1196 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:10:21.0449 1196 WcsPlugInService - ok
20:10:21.0464 1196 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
20:10:21.0464 1196 Wd - ok
20:10:21.0495 1196 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:10:21.0511 1196 Wdf01000 - ok
20:10:21.0542 1196 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:10:21.0542 1196 WdiServiceHost - ok
20:10:21.0542 1196 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:10:21.0558 1196 WdiSystemHost - ok
20:10:21.0589 1196 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:10:21.0605 1196 WebClient - ok
20:10:21.0636 1196 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:10:21.0636 1196 Wecsvc - ok
20:10:21.0667 1196 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:10:21.0667 1196 wercplsupport - ok
20:10:21.0698 1196 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:10:21.0714 1196 WerSvc - ok
20:10:21.0761 1196 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:10:21.0761 1196 WfpLwf - ok
20:10:21.0776 1196 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:10:21.0776 1196 WIMMount - ok
20:10:21.0854 1196 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:10:21.0870 1196 WinDefend - ok
20:10:21.0885 1196 WinHttpAutoProxySvc - ok
20:10:21.0948 1196 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:10:21.0963 1196 Winmgmt - ok
20:10:22.0026 1196 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:10:22.0073 1196 WinRM - ok
20:10:22.0135 1196 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
20:10:22.0135 1196 WinUSB - ok
20:10:22.0182 1196 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:10:22.0213 1196 Wlansvc - ok
20:10:22.0307 1196 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:10:22.0353 1196 wlidsvc - ok
20:10:22.0369 1196 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:10:22.0385 1196 WmiAcpi - ok
20:10:22.0416 1196 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:10:22.0431 1196 wmiApSrv - ok
20:10:22.0509 1196 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:10:22.0556 1196 WMPNetworkSvc - ok
20:10:22.0587 1196 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:10:22.0587 1196 WPCSvc - ok
20:10:22.0603 1196 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:10:22.0619 1196 WPDBusEnum - ok
20:10:22.0650 1196 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:10:22.0650 1196 ws2ifsl - ok
20:10:22.0665 1196 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
20:10:22.0681 1196 wscsvc - ok
20:10:22.0681 1196 WSearch - ok
20:10:22.0775 1196 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:10:22.0853 1196 wuauserv - ok
20:10:22.0884 1196 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:10:22.0884 1196 WudfPf - ok
20:10:22.0899 1196 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:10:22.0899 1196 WUDFRd - ok
20:10:22.0931 1196 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:10:22.0931 1196 wudfsvc - ok
20:10:22.0946 1196 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:10:22.0946 1196 WwanSvc - ok
20:10:22.0993 1196 [ 0032C7CD295FB084862785F219970329 ] ztemtusbser C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
20:10:23.0009 1196 ztemtusbser - ok
20:10:23.0040 1196 ================ Scan global ===============================
20:10:23.0071 1196 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:10:23.0102 1196 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
20:10:23.0118 1196 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
20:10:23.0149 1196 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:10:23.0165 1196 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:10:23.0180 1196 [Global] - ok
20:10:23.0180 1196 ================ Scan MBR ==================================
20:10:23.0196 1196 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:10:23.0461 1196 \Device\Harddisk0\DR0 - ok
20:10:23.0461 1196 ================ Scan VBR ==================================
20:10:23.0461 1196 [ B329693F064771F8E5C1C79C3AE83A38 ] \Device\Harddisk0\DR0\Partition1
20:10:23.0461 1196 \Device\Harddisk0\DR0\Partition1 - ok
20:10:23.0492 1196 [ 1C4C101D73EE2905E715793C83A8114D ] \Device\Harddisk0\DR0\Partition2
20:10:23.0492 1196 \Device\Harddisk0\DR0\Partition2 - ok
20:10:23.0523 1196 [ 8A4077E92D848C756DEF830975C210B5 ] \Device\Harddisk0\DR0\Partition3
20:10:23.0523 1196 \Device\Harddisk0\DR0\Partition3 - ok
20:10:23.0555 1196 [ 84825ED629A68114BB427D9798CF28D3 ] \Device\Harddisk0\DR0\Partition4
20:10:23.0555 1196 \Device\Harddisk0\DR0\Partition4 - ok
20:10:23.0555 1196 ============================================================
20:10:23.0555 1196 Scan finished
20:10:23.0555 1196 ============================================================
20:10:23.0586 4576 Detected object count: 0
20:10:23.0586 4576 Actual detected object count: 0

Avast log file:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-27 20:14:16
-----------------------------
20:14:16.161 OS Version: Windows 6.1.7601 Service Pack 1
20:14:16.161 Number of processors: 2 586 0x2A07
20:14:16.161 ComputerName: SAMSUNG-PC UserName: samsung
20:14:17.050 Initialize success
20:22:42.825 AVAST engine defs: 12082700
20:22:57.614 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:22:57.614 Disk 0 Vendor: ST932032 0004 Size: 305245MB BusType: 3
20:22:57.630 Disk 0 MBR read successfully
20:22:57.630 Disk 0 MBR scan
20:22:57.645 Disk 0 Windows 7 default MBR code
20:22:57.661 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:22:57.739 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99900 MB offset 206848
20:22:57.801 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 100000 MB offset 204802048
20:22:57.864 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 105243 MB offset 409602048
20:22:57.942 Disk 0 scanning sectors +625139712
20:22:58.098 Disk 0 scanning C:\Windows\system32\drivers
20:23:17.551 Service scanning
20:23:37.628 Service MpKsl40eb0e6d C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{45023380-266F-4370-A9C6-E54871A99886}\MpKsl40eb0e6d.sys **LOCKED** 32
20:24:01.824 Modules scanning
20:24:13.992 Disk 0 trace - called modules:
20:24:14.023 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
20:24:14.039 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871e4030]
20:24:14.039 3 CLASSPNP.SYS[88fac59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x856d3028]
20:24:14.616 AVAST engine scan C:\Windows
20:24:20.123 AVAST engine scan C:\Windows\system32
20:28:34.565 AVAST engine scan C:\Windows\system32\drivers
20:28:57.279 AVAST engine scan C:\Users\samsung
20:41:18.529 AVAST engine scan C:\ProgramData
20:42:26.468 Scan finished successfully
20:42:45.032 Disk 0 MBR has been saved successfully to "C:\Users\samsung\Desktop\bleepingcomputer\MBR.dat"
20:42:45.110 The log file has been saved successfully to "C:\Users\samsung\Desktop\bleepingcomputer\aswMBR.txt"

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 27 August 2012 - 12:53 PM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============


Download USBNoRisk to your Desktop and run it by double-clicking the program's icon
- wait a couple of seconds for initial scan to be done
- connect all of the USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds
- if there are more USB storage devices to scan, please take a note about the order in which these were connected
- after all the devices are scanned, choose "Save log" option from right-click menu on Monitor tab. That will open the log in Notepad. Please copy/paste the log to forum.

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

Please post the logs and let me know what problem persists.

#6 urs_rahul

urs_rahul
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 28 August 2012 - 03:28 AM

Hello Sir ....Done all the steps as you have instructed and it seems that the problem is gone ....I am not getting the notification about another program trying to change your browser settings...As far as the USB device,i have not opened it yet ...just scanned it with USBNorisk...i am posting the log files for your review...Pls do reply what steps should i take further.I have started the windows firewall and MS Security essentials again after running combofix...

Combofix Log:


ComboFix 12-08-25.04 - samsung 28-Aug-12 12:36:22.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1956.1277 [GMT 5.5:30]
Running from: c:\users\samsung\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\samsung\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\windows\iun6002.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-28 )))))))))))))))))))))))))))))))
.
.
2012-08-28 06:37 . 2012-08-28 06:37 -------- d-----w- c:\program files\MTS TV
2012-08-27 15:39 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E216200-3AE6-4F89-939C-0FFB1C3EA5CE}\mpengine.dll
2012-08-26 06:55 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-23 05:26 . 2012-08-23 05:31 -------- d-----w- C:\Autoruns
2012-08-21 15:28 . 2012-08-23 05:11 -------- d-----w- c:\program files\Panda Security
2012-08-16 13:25 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-16 13:24 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-16 13:24 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-16 13:23 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 15:45 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 15:45 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 15:45 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 15:45 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-13 19:37 . 2012-08-13 19:37 -------- d-----w- c:\users\samsung\AppData\Roaming\SUPERAntiSpyware.com
2012-08-13 19:36 . 2012-08-17 03:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-13 19:36 . 2012-08-13 19:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-13 09:45 . 2012-08-13 09:45 -------- d-----w- c:\programdata\Kaspersky Lab
2012-08-10 14:48 . 2012-08-10 14:48 -------- d-----w- c:\users\samsung\AppData\Roaming\Malwarebytes
2012-08-10 14:48 . 2012-08-10 14:48 -------- d-----w- c:\programdata\Malwarebytes
2012-08-10 14:48 . 2012-08-14 15:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-09 18:04 . 2012-08-14 15:43 -------- d-----w- C:\Program Files
2012-08-07 04:51 . 2012-08-07 04:51 -------- d-----w- c:\users\Default\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 11:27 . 2012-03-30 12:49 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-26 11:27 . 2012-03-30 12:49 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-22 19:37 . 2012-07-22 19:39 90824 ----a-w- c:\windows\system32\EasyHook32.dll
2012-07-22 19:37 . 2012-07-22 19:39 109256 ----a-w- c:\windows\system32\EasyHook64.dll
2012-07-22 19:37 . 2012-07-22 19:37 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2012-06-26 07:02 . 2011-09-16 06:24 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-06-18 08:04 . 2012-07-28 13:41 2872512 ----a-w- c:\windows\system32\pwNative.exe
2012-06-18 08:04 . 2012-07-28 13:41 15576 ------w- c:\windows\system32\pwdrvio.sys
2012-06-18 08:04 . 2012-07-28 13:41 10200 ------w- c:\windows\system32\pwdspio.sys
2012-06-06 05:05 . 2012-07-11 06:19 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 06:19 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 06:19 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-21 14:30 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:30 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:30 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:30 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 14:30 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 14:30 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 14:30 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 09:49 . 2012-06-21 14:30 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 09:42 . 2012-06-21 14:30 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-11 06:19 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 06:19 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 06:19 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 06:19 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 06:19 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-13 19:55 . 2012-05-07 05:28 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 09:47 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 09:47 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 09:47 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 09:47 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-07-16 975800]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-18 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-18 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-18 178456]
"BTMTrayAgent"="c:\program files\Intel\Bluetooth\btmshell.dll" [2011-03-30 9902352]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2011-06-16 1943336]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-11 21:08 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-08-16 12:06 116648 ----atw- c:\users\samsung\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 10:10 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 09:40 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2004-12-20 18:41 33792 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv.sys [x]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
S2 UDisk Monitor;UDisk Monitor;c:\program files\MBlaze UI\bin\MonServiceUDisk.exe [x]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-14 06:34]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-14 06:34]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1420475939-3042938262-1307292233-1000Core.job
- c:\users\samsung\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-16 12:06]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1420475939-3042938262-1307292233-1000UA.job
- c:\users\samsung\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-16 12:06]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
TCP: Interfaces\{2AB55869-B944-45D5-AD6B-52429352489E}: NameServer = 10.228.65.114 116.202.225.32
FF - ProfilePath - c:\users\samsung\AppData\Roaming\Mozilla\Firefox\Profiles\g7sz0rym.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q=
FF - prefs.js: browser.search.selectedEngine - Speedbit
FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=115
FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Samsung\Easy Software Manager\SWMAgent.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-08-28 12:44:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-28 07:14
.
Pre-Run: 74,933,784,576 bytes free
Post-Run: 74,807,898,112 bytes free
.
- - End Of File - - 3F539A8BE11223E92F7A242FD7D67197

USBNorisk log:


USBNoRisk 2.7 (28 December 2010) by bobby

Started at 28-Aug-12 1:55:27 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {07efb66f-79ea-11e1-9b72-806e6f6e6963}
D: {07efb670-79ea-11e1-9b72-806e6f6e6963}
E: {07efb671-79ea-11e1-9b72-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 07efb66f-79ea-11e1-9b72-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 07efb670-79ea-11e1-9b72-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on E:
No Autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for 07efb671-79ea-11e1-9b72-806e6f6e6963
No Desktop.ini files found on E:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 28-Aug-12 1:55:36 PM

Scanning for connected USB mass storage...
----------------------------------------
G: {ec3bb965-c071-11e1-b03a-dca971c6083a}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for ec3bb965-c071-11e1-b03a-dca971c6083a
----------------------------------------

----------------------------------------
Desktop.ini found at G:\USB\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={21EC2020-3AEA-1069-A2DD-08002B30309D}
----------------------------------------
HKCR\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D},InfoTip = @%SystemRoot%\system32\shell32.dll,-31361
HKCR\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-32012
HKCR\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-27
HKCR\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D},InfoTip = @%SystemRoot%\system32\shell32.dll,-31361
HKLM\Software\Classes\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-32012
HKLM\Software\Classes\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-27
HKLM\Software\Classes\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
----------------------------------------

Mimics found on drive G:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive G:
========================================

========================================
Removed G:
========================================

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 28 August 2012 - 09:01 AM

Your flash driver is clean.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 29


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Using the Add/Remove programs list remove these old verions if still present.
Adobe Flash Player 10
Adobe Flash Player 11.1.102.55

===

Remove the AdWare, PUB found.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the log and let me know what problem persists.

#8 urs_rahul

urs_rahul
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 28 August 2012 - 10:09 AM

sir i have uninstalled and reinstalled java and flash player as instructed.as of adwcleaner,where should i download it from?i have searched cnet download for adwcleaner but couldnt find it .can u pls give the link?
also,when i started my pc today,the pop up notification reappeared that "a program is trying to change your browser settings" :(

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 28 August 2012 - 10:19 AM

Sorry I forgot to give you the link.
Run the search, then run the Delete option to clear all items found.

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


#10 urs_rahul

urs_rahul
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 28 August 2012 - 10:31 AM

hi here is the adw logfile:


# AdwCleaner v1.801 - Logfile created 08/28/2012 at 20:54:28
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : samsung - SAMSUNG-PC
# Boot Mode : Normal
# Running from : C:\Users\samsung\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Softonic

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default
File : C:\Users\samsung\Application Data\Mozilla\Firefox\Profiles\g7sz0rym.default\prefs.js

[OK] File is clean.

Profile name : default-1343338250270 [Profil par défaut]
File : C:\Users\samsung\Application Data\Mozilla\Firefox\Profiles\st8nik0e.default-1343338250270\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "path": "C:\\Users\\samsung\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll",

*************************

AdwCleaner[R1].txt - [1191 octets] - [28/08/2012 20:54:28]

########## EOF - C:\AdwCleaner[R1].txt - [1319 octets] ##########

ADWLog file after delete and Restart:


# AdwCleaner v1.801 - Logfile created 08/28/2012 at 20:54:47
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : samsung - SAMSUNG-PC
# Boot Mode : Normal
# Running from : C:\Users\samsung\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Softonic

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default
File : C:\Users\samsung\Application Data\Mozilla\Firefox\Profiles\g7sz0rym.default\prefs.js

[OK] File is clean.

Profile name : default-1343338250270 [Profil par défaut]
File : C:\Users\samsung\Application Data\Mozilla\Firefox\Profiles\st8nik0e.default-1343338250270\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "path": "C:\\Users\\samsung\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll",

*************************

AdwCleaner[R1].txt - [1320 octets] - [28/08/2012 20:54:28]
AdwCleaner[S1].txt - [1255 octets] - [28/08/2012 20:54:47]

########## EOF - C:\AdwCleaner[S1].txt - [1383 octets] ##########

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 28 August 2012 - 10:39 AM

started my pc today,the pop up notification reappeared that "a program is trying to change your browser settings"

Is this still an issue?

#12 urs_rahul

urs_rahul
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 28 August 2012 - 10:50 AM

Dear Sir,
Just inserted the usb drive once again to check and opened it.Immediately MS Security essentials detected virus and removed it.Then i scanned the pendrive with MS SecEssential and detected 3 viruses and removed it.I am posting the screenshots for your review.No ,the pop up notification is gone this time.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 28 August 2012 - 12:44 PM

Scan you flash drive again.

Is it showing as clean?

#14 urs_rahul

urs_rahul
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 28 August 2012 - 10:28 PM

sorry for the late reply as i am from india and there is time difference.......yes the pen drive is clean now.....showing no files....but the pop up notification is once again showing...it appears for few seconds and then disappears so it is difficult to take a screenshot....what to do next sir?

#15 urs_rahul

urs_rahul
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 29 August 2012 - 08:40 AM

this is the notification i am getting?should i ignore this and continue using my pc as usual?

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users