Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

userinit.exe


  • Please log in to reply
3 replies to this topic

#1 voldy

voldy

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 10 August 2012 - 09:10 AM

hello guys, my userinit value in registry shows modified to

c:\windows\system32\userinit.exe,C:\Program Files\vAPTvfRR\yshjrrfo.exe,

actually it should only be c:\windows\system32\userinit.exe,

have tried TDSSkiller,spyware cease,pc tools security,Dr.web cureit... but nothing could change it..it creates folders with random names in my Program Files directory whenever i manually delete the extra path in registry value..pls suggest some solution

Edit: Moved topic from to the more appropriate forum.
Roger

Edited by rotor123, 10 August 2012 - 09:29 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:18 PM

Posted 10 August 2012 - 09:33 AM

Do not mess up userinit entries


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 voldy

voldy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 10 August 2012 - 11:41 AM

20:09:39.0015 1968 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:09:39.0718 1968 ============================================================
20:09:39.0718 1968 Current date / time: 2012/08/10 20:09:39.0718
20:09:39.0718 1968 SystemInfo:
20:09:39.0718 1968
20:09:39.0718 1968 OS Version: 5.1.2600 ServicePack: 2.0
20:09:39.0718 1968 Product type: Workstation
20:09:39.0718 1968 ComputerName: HOME-3AC61C1A98
20:09:39.0718 1968 UserName: Dilesh Solanki
20:09:39.0718 1968 Windows directory: C:\WINDOWS
20:09:39.0718 1968 System windows directory: C:\WINDOWS
20:09:39.0718 1968 Processor architecture: Intel x86
20:09:39.0718 1968 Number of processors: 2
20:09:39.0718 1968 Page size: 0x1000
20:09:39.0718 1968 Boot type: Normal boot
20:09:39.0718 1968 ============================================================
20:09:41.0656 1968 Drive \Device\Harddisk0\DR0 - Size: 0x12A3F92000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2605, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:09:41.0671 1968 ============================================================
20:09:41.0671 1968 \Device\Harddisk0\DR0:
20:09:41.0671 1968 MBR partitions:
20:09:41.0671 1968 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
20:09:41.0687 1968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x2711637
20:09:41.0703 1968 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E22D2B, BlocksNum 0x2711637
20:09:41.0718 1968 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x75343A1, BlocksNum 0x1FE5D63
20:09:41.0718 1968 ============================================================
20:09:41.0765 1968 C: <-> \Device\Harddisk0\DR0\Partition0
20:09:41.0828 1968 D: <-> \Device\Harddisk0\DR0\Partition1
20:09:41.0859 1968 E: <-> \Device\Harddisk0\DR0\Partition2
20:09:41.0906 1968 F: <-> \Device\Harddisk0\DR0\Partition3
20:09:41.0906 1968 ============================================================
20:09:41.0906 1968 Initialize success
20:09:41.0906 1968 ============================================================
20:09:52.0937 2252 ============================================================
20:09:52.0953 2252 Scan started
20:09:52.0953 2252 Mode: Manual; TDLFS;
20:09:52.0953 2252 ============================================================
20:09:53.0609 2252 Abiosdsk - ok
20:09:53.0625 2252 abp480n5 - ok
20:09:53.0656 2252 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\drivers\tsk2E.tmp
20:09:53.0671 2252 ACPI - ok
20:09:53.0687 2252 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:09:53.0687 2252 ACPIEC - ok
20:09:53.0703 2252 adpu160m - ok
20:09:53.0734 2252 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
20:09:53.0750 2252 aec - ok
20:09:53.0781 2252 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
20:09:53.0796 2252 AFD - ok
20:09:53.0796 2252 Aha154x - ok
20:09:53.0812 2252 aic78u2 - ok
20:09:53.0828 2252 aic78xx - ok
20:09:54.0062 2252 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:09:54.0156 2252 ALCXWDM - ok
20:09:54.0390 2252 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
20:09:54.0406 2252 Alerter - ok
20:09:54.0437 2252 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
20:09:54.0437 2252 ALG - ok
20:09:54.0453 2252 AliIde - ok
20:09:54.0453 2252 amsint - ok
20:09:54.0484 2252 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
20:09:54.0500 2252 AppMgmt - ok
20:09:54.0500 2252 asc - ok
20:09:54.0531 2252 asc3350p - ok
20:09:54.0531 2252 asc3550 - ok
20:09:54.0562 2252 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:09:54.0562 2252 AsyncMac - ok
20:09:54.0593 2252 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:09:54.0593 2252 atapi - ok
20:09:54.0593 2252 Atdisk - ok
20:09:54.0625 2252 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:09:54.0640 2252 Atmarpc - ok
20:09:54.0656 2252 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
20:09:54.0671 2252 AudioSrv - ok
20:09:54.0687 2252 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:09:54.0687 2252 audstub - ok
20:09:54.0718 2252 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:09:54.0718 2252 Beep - ok
20:09:54.0765 2252 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
20:09:54.0765 2252 BITS - ok
20:09:54.0796 2252 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
20:09:54.0796 2252 Browser - ok
20:09:54.0968 2252 Browser Defender Update Service (7effccd7b6ea4d3428f5b3ace8de8f5a) D:\PC Tools Security\BDT\BDTUpdateService.exe
20:09:54.0968 2252 Browser Defender Update Service - ok
20:09:54.0984 2252 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:09:54.0984 2252 cbidf2k - ok
20:09:55.0000 2252 cd20xrnt - ok
20:09:55.0015 2252 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:09:55.0015 2252 Cdaudio - ok
20:09:55.0046 2252 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
20:09:55.0046 2252 Cdfs - ok
20:09:55.0078 2252 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:09:55.0078 2252 Cdrom - ok
20:09:55.0078 2252 Changer - ok
20:09:55.0109 2252 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
20:09:55.0109 2252 CiSvc - ok
20:09:55.0125 2252 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
20:09:55.0125 2252 ClipSrv - ok
20:09:55.0125 2252 CmdIde - ok
20:09:55.0140 2252 COMSysApp - ok
20:09:55.0156 2252 Cpqarray - ok
20:09:55.0187 2252 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
20:09:55.0187 2252 cpuz135 - ok
20:09:55.0203 2252 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
20:09:55.0203 2252 CryptSvc - ok
20:09:55.0234 2252 dac2w2k - ok
20:09:55.0250 2252 dac960nt - ok
20:09:55.0296 2252 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll
20:09:55.0296 2252 DcomLaunch - ok
20:09:55.0328 2252 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
20:09:55.0328 2252 Dhcp - ok
20:09:55.0359 2252 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
20:09:55.0359 2252 Disk - ok
20:09:55.0359 2252 dmadmin - ok
20:09:55.0453 2252 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
20:09:55.0484 2252 dmboot - ok
20:09:55.0500 2252 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
20:09:55.0500 2252 dmio - ok
20:09:55.0515 2252 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:09:55.0515 2252 dmload - ok
20:09:55.0546 2252 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
20:09:55.0546 2252 dmserver - ok
20:09:55.0562 2252 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
20:09:55.0578 2252 DMusic - ok
20:09:55.0593 2252 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
20:09:55.0593 2252 Dnscache - ok
20:09:55.0609 2252 dpti2o - ok
20:09:55.0625 2252 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
20:09:55.0625 2252 drmkaud - ok
20:09:55.0656 2252 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
20:09:55.0671 2252 dtsoftbus01 - ok
20:09:55.0703 2252 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
20:09:55.0703 2252 ERSvc - ok
20:09:55.0734 2252 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
20:09:55.0734 2252 Eventlog - ok
20:09:55.0765 2252 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS\system32\es.dll
20:09:55.0781 2252 EventSystem - ok
20:09:55.0812 2252 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
20:09:55.0843 2252 Fastfat - ok
20:09:55.0890 2252 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
20:09:55.0890 2252 FastUserSwitchingCompatibility - ok
20:09:55.0906 2252 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:09:55.0921 2252 Fdc - ok
20:09:55.0937 2252 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
20:09:55.0937 2252 Fips - ok
20:09:55.0953 2252 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:09:55.0953 2252 Flpydisk - ok
20:09:55.0984 2252 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:09:55.0984 2252 FltMgr - ok
20:09:56.0015 2252 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\WINDOWS\system32\FsUsbExDisk.SYS
20:09:56.0015 2252 FsUsbExDisk - ok
20:09:56.0046 2252 FsUsbExService (d83e21ae899747e54bce1815c58d120c) C:\WINDOWS\system32\FsUsbExService.Exe
20:09:56.0046 2252 FsUsbExService - ok
20:09:56.0078 2252 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:09:56.0078 2252 Fs_Rec - ok
20:09:56.0109 2252 FTDIBUS (aae37f0f2f613218dce17b42a18c38db) C:\WINDOWS\system32\drivers\ftdibus.sys
20:09:56.0109 2252 FTDIBUS - ok
20:09:56.0140 2252 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:09:56.0140 2252 Ftdisk - ok
20:09:56.0171 2252 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\WINDOWS\system32\drivers\ftser2k.sys
20:09:56.0187 2252 FTSER2K - ok
20:09:56.0218 2252 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:09:56.0218 2252 Gpc - ok
20:09:56.0265 2252 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:09:56.0265 2252 helpsvc - ok
20:09:56.0281 2252 HidServ - ok
20:09:56.0296 2252 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:09:56.0296 2252 HidUsb - ok
20:09:56.0312 2252 hpn - ok
20:09:56.0328 2252 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
20:09:56.0328 2252 HTCAND32 - ok
20:09:56.0390 2252 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
20:09:56.0406 2252 HTTP - ok
20:09:56.0453 2252 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
20:09:56.0453 2252 HTTPFilter - ok
20:09:56.0453 2252 i2omgmt - ok
20:09:56.0468 2252 i2omp - ok
20:09:56.0500 2252 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:09:56.0500 2252 i8042prt - ok
20:09:56.0531 2252 ialm (50d909fdaf6df35b04c6b6a4bcb6d675) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:09:56.0531 2252 ialm - ok
20:09:56.0562 2252 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:09:56.0562 2252 Imapi - ok
20:09:56.0593 2252 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
20:09:56.0609 2252 ImapiService - ok
20:09:56.0640 2252 InCDfs (7bfc3eda22190c0fe8c2ca19e5379da5) C:\WINDOWS\system32\drivers\InCDFs.sys
20:09:56.0640 2252 InCDfs - ok
20:09:56.0656 2252 InCDPass (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\WINDOWS\system32\drivers\InCDPass.sys
20:09:56.0656 2252 InCDPass - ok
20:09:56.0671 2252 InCDrec (f8e7c551def07fdc12ca5cc7ae5d975b) C:\WINDOWS\system32\drivers\InCDrec.sys
20:09:56.0671 2252 InCDrec - ok
20:09:56.0687 2252 incdrm (31a5a3809249a326eb0ef58d563a9654) C:\WINDOWS\system32\drivers\InCDRm.sys
20:09:56.0687 2252 incdrm - ok
20:09:56.0921 2252 InCDsrv (c773d093d5c18765e71c7992aee051a2) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
20:09:56.0921 2252 InCDsrv - ok
20:09:56.0937 2252 ini910u - ok
20:09:56.0968 2252 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:09:56.0968 2252 IntelIde - ok
20:09:57.0000 2252 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:09:57.0000 2252 intelppm - ok
20:09:57.0015 2252 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:09:57.0031 2252 Ip6Fw - ok
20:09:57.0046 2252 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:09:57.0046 2252 IpFilterDriver - ok
20:09:57.0062 2252 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:09:57.0062 2252 IpInIp - ok
20:09:57.0093 2252 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:09:57.0093 2252 IpNat - ok
20:09:57.0125 2252 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:09:57.0125 2252 IPSec - ok
20:09:57.0156 2252 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:09:57.0156 2252 IRENUM - ok
20:09:57.0187 2252 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:09:57.0187 2252 isapnp - ok
20:09:57.0265 2252 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
20:09:57.0265 2252 JavaQuickStarterService - ok
20:09:57.0296 2252 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:09:57.0296 2252 Kbdclass - ok
20:09:57.0328 2252 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
20:09:57.0343 2252 kmixer - ok
20:09:57.0375 2252 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
20:09:57.0390 2252 KSecDD - ok
20:09:57.0437 2252 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
20:09:57.0437 2252 lanmanserver - ok
20:09:57.0468 2252 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll
20:09:57.0484 2252 lanmanworkstation - ok
20:09:57.0484 2252 lbrtfdc - ok
20:09:57.0515 2252 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
20:09:57.0515 2252 LmHosts - ok
20:09:57.0515 2252 Suspicious service (NoAccess): lvwiy
20:09:57.0593 2252 MagicTune (f650ead361bcad08d544db5bbe7e8f35) C:\WINDOWS\system32\drivers\MTiCtwl.sys
20:09:57.0593 2252 MagicTune - ok
20:09:57.0656 2252 MagicTuneEngine (86504fe0759d4dce38e997921062df6b) C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
20:09:57.0656 2252 MagicTuneEngine - ok
20:09:57.0671 2252 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
20:09:57.0687 2252 Messenger - ok
20:09:57.0734 2252 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:09:57.0750 2252 Microsoft Office Groove Audit Service - ok
20:09:57.0765 2252 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:09:57.0765 2252 mnmdd - ok
20:09:57.0796 2252 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
20:09:57.0796 2252 mnmsrvc - ok
20:09:57.0828 2252 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
20:09:57.0843 2252 Modem - ok
20:09:57.0859 2252 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:09:57.0859 2252 Mouclass - ok
20:09:57.0875 2252 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:09:57.0875 2252 mouhid - ok
20:09:57.0890 2252 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
20:09:57.0890 2252 MountMgr - ok
20:09:57.0906 2252 mraid35x - ok
20:09:57.0921 2252 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:09:57.0921 2252 MRxDAV - ok
20:09:57.0984 2252 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:09:57.0984 2252 MRxSmb - ok
20:09:58.0015 2252 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
20:09:58.0015 2252 MSDTC - ok
20:09:58.0031 2252 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
20:09:58.0031 2252 Msfs - ok
20:09:58.0031 2252 MSIServer - ok
20:09:58.0062 2252 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:09:58.0062 2252 MSKSSRV - ok
20:09:58.0078 2252 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:09:58.0093 2252 MSPCLOCK - ok
20:09:58.0093 2252 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
20:09:58.0093 2252 MSPQM - ok
20:09:58.0125 2252 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:09:58.0125 2252 mssmbios - ok
20:09:58.0156 2252 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
20:09:58.0156 2252 Mup - ok
20:09:58.0265 2252 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
20:09:58.0296 2252 NBService - ok
20:09:58.0312 2252 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
20:09:58.0328 2252 NDIS - ok
20:09:58.0359 2252 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:09:58.0359 2252 NdisTapi - ok
20:09:58.0390 2252 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:09:58.0390 2252 Ndisuio - ok
20:09:58.0421 2252 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:09:58.0421 2252 NdisWan - ok
20:09:58.0453 2252 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
20:09:58.0453 2252 NDProxy - ok
20:09:58.0468 2252 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:09:58.0468 2252 NetBIOS - ok
20:09:58.0500 2252 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:09:58.0500 2252 NetBT - ok
20:09:58.0531 2252 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
20:09:58.0531 2252 NetDDE - ok
20:09:58.0546 2252 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
20:09:58.0546 2252 NetDDEdsdm - ok
20:09:58.0562 2252 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
20:09:58.0562 2252 Netlogon - ok
20:09:58.0609 2252 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
20:09:58.0609 2252 Netman - ok
20:09:58.0640 2252 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll
20:09:58.0640 2252 Nla - ok
20:09:58.0656 2252 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
20:09:58.0671 2252 nm - ok
20:09:58.0734 2252 NMIndexingService (e584d6668e6a3923ff32e026a5ed2a03) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
20:09:58.0750 2252 NMIndexingService - ok
20:09:58.0765 2252 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
20:09:58.0765 2252 NPF - ok
20:09:58.0765 2252 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
20:09:58.0765 2252 Npfs - ok
20:09:58.0812 2252 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
20:09:58.0843 2252 Ntfs - ok
20:09:58.0843 2252 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
20:09:58.0843 2252 NtLmSsp - ok
20:09:58.0890 2252 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
20:09:58.0890 2252 NtmsSvc - ok
20:09:58.0921 2252 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:09:58.0921 2252 Null - ok
20:09:58.0937 2252 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:09:58.0937 2252 NwlnkFlt - ok
20:09:58.0953 2252 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:09:58.0953 2252 NwlnkFwd - ok
20:09:59.0078 2252 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:09:59.0125 2252 odserv - ok
20:09:59.0156 2252 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:09:59.0156 2252 ose - ok
20:09:59.0203 2252 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
20:09:59.0203 2252 Parport - ok
20:09:59.0234 2252 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
20:09:59.0234 2252 PartMgr - ok
20:09:59.0234 2252 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:09:59.0234 2252 ParVdm - ok
20:09:59.0250 2252 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
20:09:59.0250 2252 PCI - ok
20:09:59.0265 2252 PCIDump - ok
20:09:59.0281 2252 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:09:59.0281 2252 PCIIde - ok
20:09:59.0312 2252 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:09:59.0312 2252 Pcmcia - ok
20:09:59.0343 2252 PCTAppEvent (00caa3faad97916b9299c20e30b336f2) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
20:09:59.0359 2252 PCTAppEvent - ok
20:09:59.0406 2252 PCTBD (6c9e2f69d99c025fd5cab2228e495fa1) C:\WINDOWS\system32\Drivers\PCTBD.sys
20:09:59.0406 2252 PCTBD - ok
20:09:59.0453 2252 PCTCore (f7da28f2ab6cd32b2f76ee96edad8f20) C:\WINDOWS\system32\drivers\PCTCore.sys
20:09:59.0468 2252 PCTCore - ok
20:09:59.0515 2252 pctDS (3c9fd593e95b98c642b4486cd122c2fb) C:\WINDOWS\system32\drivers\pctDS.sys
20:09:59.0531 2252 pctDS - ok
20:09:59.0890 2252 pctEFA (db6b6e47165b9647b215ceeb4db33b87) C:\WINDOWS\system32\drivers\pctEFA.sys
20:09:59.0921 2252 pctEFA - ok
20:09:59.0953 2252 PCTFW-PacketFilter (054526743b36d659c3e3d20710b99361) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
20:09:59.0953 2252 PCTFW-PacketFilter - ok
20:09:59.0984 2252 pctgntdi (bace5b30b4a624d356bf40a5b4be4ac1) C:\WINDOWS\system32\drivers\pctgntdi.sys
20:10:00.0000 2252 pctgntdi - ok
20:10:00.0031 2252 pctNdis (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
20:10:00.0031 2252 pctNdis - ok
20:10:00.0031 2252 pctNdisMP (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
20:10:00.0031 2252 pctNdisMP - ok
20:10:00.0046 2252 pctplfw (4ca29ec5acc05d76ac50b45561062b14) C:\WINDOWS\system32\drivers\pctplfw.sys
20:10:00.0046 2252 pctplfw - ok
20:10:00.0078 2252 pctplsg (f4f257837c836592e984e8cf6874e256) C:\WINDOWS\system32\drivers\pctplsg.sys
20:10:00.0078 2252 pctplsg - ok
20:10:00.0093 2252 PCTSD (5e11c0c1bee956de9eaac7ed086d8db9) C:\WINDOWS\system32\Drivers\PCTSD.sys
20:10:00.0109 2252 PCTSD - ok
20:10:00.0109 2252 PDCOMP - ok
20:10:00.0125 2252 PDFRAME - ok
20:10:00.0125 2252 PDRELI - ok
20:10:00.0140 2252 PDRFRAME - ok
20:10:00.0140 2252 perc2 - ok
20:10:00.0156 2252 perc2hib - ok
20:10:00.0203 2252 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
20:10:00.0203 2252 PlugPlay - ok
20:10:00.0218 2252 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
20:10:00.0218 2252 PolicyAgent - ok
20:10:00.0250 2252 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:10:00.0250 2252 PptpMiniport - ok
20:10:00.0265 2252 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
20:10:00.0265 2252 ProtectedStorage - ok
20:10:00.0265 2252 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
20:10:00.0281 2252 PSched - ok
20:10:00.0281 2252 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:10:00.0296 2252 Ptilink - ok
20:10:00.0296 2252 ql1080 - ok
20:10:00.0296 2252 Ql10wnt - ok
20:10:00.0312 2252 ql12160 - ok
20:10:00.0312 2252 ql1240 - ok
20:10:00.0328 2252 ql1280 - ok
20:10:00.0343 2252 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:10:00.0343 2252 RasAcd - ok
20:10:00.0390 2252 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
20:10:00.0390 2252 RasAuto - ok
20:10:00.0421 2252 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:10:00.0421 2252 Rasl2tp - ok
20:10:00.0437 2252 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
20:10:00.0453 2252 RasMan - ok
20:10:00.0453 2252 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:10:00.0453 2252 RasPppoe - ok
20:10:00.0468 2252 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:10:00.0468 2252 Raspti - ok
20:10:00.0515 2252 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:10:00.0515 2252 Rdbss - ok
20:10:00.0531 2252 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:10:00.0531 2252 RDPCDD - ok
20:10:00.0562 2252 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:10:00.0562 2252 rdpdr - ok
20:10:00.0593 2252 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
20:10:00.0609 2252 RDPWD - ok
20:10:00.0625 2252 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
20:10:00.0625 2252 RDSessMgr - ok
20:10:00.0656 2252 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:10:00.0656 2252 redbook - ok
20:10:00.0671 2252 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
20:10:00.0687 2252 RemoteAccess - ok
20:10:00.0703 2252 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
20:10:00.0703 2252 RemoteRegistry - ok
20:10:00.0734 2252 RkHit (330e42b31708ca5a7bad26ff96de2dae) C:\WINDOWS\system32\drivers\RKHit.sys
20:10:00.0750 2252 RkHit - ok
20:10:00.0796 2252 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe
20:10:00.0796 2252 rpcapd - ok
20:10:00.0828 2252 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
20:10:00.0828 2252 RpcLocator - ok
20:10:00.0875 2252 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll
20:10:00.0890 2252 RpcSs - ok
20:10:00.0921 2252 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:10:00.0921 2252 RSVP - ok
20:10:00.0937 2252 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:10:00.0937 2252 rtl8139 - ok
20:10:00.0968 2252 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
20:10:00.0968 2252 SamSs - ok
20:10:00.0984 2252 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
20:10:00.0984 2252 SCardSvr - ok
20:10:01.0015 2252 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
20:10:01.0031 2252 Schedule - ok
20:10:01.0078 2252 sdAuxService (cfeb26a26452d5337c2f3aadd8218fc3) D:\PC Tools Security\pctsAuxs.exe
20:10:01.0093 2252 sdAuxService - ok
20:10:01.0156 2252 sdCoreService (b906c04f469060f2dd7fcb84706b4493) D:\PC Tools Security\pctsSvc.exe
20:10:01.0187 2252 sdCoreService - ok
20:10:01.0234 2252 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:10:01.0250 2252 Secdrv - ok
20:10:01.0265 2252 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
20:10:01.0281 2252 seclogon - ok
20:10:01.0296 2252 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
20:10:01.0296 2252 SENS - ok
20:10:01.0328 2252 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:10:01.0328 2252 serenum - ok
20:10:01.0343 2252 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
20:10:01.0343 2252 Serial - ok
20:10:01.0375 2252 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
20:10:01.0375 2252 sermouse - ok
20:10:01.0390 2252 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:10:01.0390 2252 Sfloppy - ok
20:10:01.0437 2252 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
20:10:01.0437 2252 SharedAccess - ok
20:10:01.0468 2252 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
20:10:01.0468 2252 ShellHWDetection - ok
20:10:01.0468 2252 Simbad - ok
20:10:01.0484 2252 Sparrow - ok
20:10:01.0515 2252 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
20:10:01.0515 2252 splitter - ok
20:10:01.0531 2252 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
20:10:01.0546 2252 Spooler - ok
20:10:01.0562 2252 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
20:10:01.0562 2252 sr - ok
20:10:01.0593 2252 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
20:10:01.0593 2252 srservice - ok
20:10:01.0625 2252 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
20:10:01.0640 2252 Srv - ok
20:10:01.0671 2252 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
20:10:01.0703 2252 sscdbus - ok
20:10:01.0734 2252 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
20:10:01.0734 2252 sscdmdfl - ok
20:10:01.0765 2252 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
20:10:01.0781 2252 sscdmdm - ok
20:10:01.0812 2252 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
20:10:01.0812 2252 sscdserd - ok
20:10:01.0843 2252 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
20:10:01.0843 2252 SSDPSRV - ok
20:10:01.0937 2252 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
20:10:01.0937 2252 stisvc - ok
20:10:01.0968 2252 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:10:01.0968 2252 swenum - ok
20:10:02.0000 2252 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
20:10:02.0015 2252 swmidi - ok
20:10:02.0015 2252 SwPrv - ok
20:10:02.0015 2252 symc810 - ok
20:10:02.0031 2252 symc8xx - ok
20:10:02.0031 2252 sym_hi - ok
20:10:02.0046 2252 sym_u3 - ok
20:10:02.0062 2252 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
20:10:02.0062 2252 sysaudio - ok
20:10:02.0093 2252 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
20:10:02.0109 2252 SysmonLog - ok
20:10:02.0125 2252 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
20:10:02.0140 2252 TapiSrv - ok
20:10:02.0171 2252 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:10:02.0203 2252 Tcpip - ok
20:10:02.0218 2252 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:10:02.0218 2252 TDPIPE - ok
20:10:02.0234 2252 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
20:10:02.0234 2252 TDTCP - ok
20:10:02.0250 2252 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:10:02.0250 2252 TermDD - ok
20:10:02.0296 2252 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
20:10:02.0296 2252 TermService - ok
20:10:02.0406 2252 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\WINDOWS\system32\drivers\TfFsMon.sys
20:10:02.0406 2252 TfFsMon - ok
20:10:02.0437 2252 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\WINDOWS\system32\drivers\TfNetMon.sys
20:10:02.0437 2252 TfNetMon - ok
20:10:02.0484 2252 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\WINDOWS\system32\drivers\TfSysMon.sys
20:10:02.0500 2252 TFSysMon - ok
20:10:02.0531 2252 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
20:10:02.0531 2252 Themes - ok
20:10:02.0578 2252 ThreatFire - ok
20:10:02.0609 2252 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
20:10:02.0609 2252 TlntSvr - ok
20:10:02.0609 2252 TosIde - ok
20:10:02.0640 2252 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
20:10:02.0640 2252 TrkWks - ok
20:10:02.0656 2252 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
20:10:02.0671 2252 Udfs - ok
20:10:02.0671 2252 ultra - ok
20:10:02.0703 2252 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
20:10:02.0703 2252 UMWdf - ok
20:10:02.0750 2252 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
20:10:02.0750 2252 UnlockerDriver5 - ok
20:10:02.0796 2252 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
20:10:02.0796 2252 Update - ok
20:10:02.0843 2252 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
20:10:02.0843 2252 upnphost - ok
20:10:02.0859 2252 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
20:10:02.0859 2252 UPS - ok
20:10:02.0906 2252 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:10:02.0906 2252 usbccgp - ok
20:10:02.0937 2252 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:10:02.0937 2252 usbehci - ok
20:10:02.0953 2252 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:10:02.0953 2252 usbhub - ok
20:10:02.0984 2252 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:10:03.0000 2252 USBSTOR - ok
20:10:03.0015 2252 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:10:03.0015 2252 usbuhci - ok
20:10:03.0046 2252 usb_rndisx (ee37e5c79d6c788711296075b2bc95f4) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
20:10:03.0046 2252 usb_rndisx - ok
20:10:03.0078 2252 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
20:10:03.0078 2252 VgaSave - ok
20:10:03.0078 2252 ViaIde - ok
20:10:03.0078 2252 VMnetAdapter - ok
20:10:03.0109 2252 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
20:10:03.0125 2252 VolSnap - ok
20:10:03.0156 2252 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
20:10:03.0171 2252 VSS - ok
20:10:03.0203 2252 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
20:10:03.0203 2252 W32Time - ok
20:10:03.0234 2252 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:10:03.0234 2252 Wanarp - ok
20:10:03.0281 2252 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:10:03.0296 2252 Wdf01000 - ok
20:10:03.0296 2252 WDICA - ok
20:10:03.0343 2252 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
20:10:03.0343 2252 wdmaud - ok
20:10:03.0375 2252 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
20:10:03.0390 2252 WebClient - ok
20:10:03.0421 2252 WinDriver6 (097a8291df541f9b9af2c500797cdcaa) C:\WINDOWS\system32\drivers\windrvr6.sys
20:10:03.0437 2252 WinDriver6 - ok
20:10:03.0546 2252 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:10:03.0546 2252 winmgmt - ok
20:10:03.0578 2252 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
20:10:03.0593 2252 WmdmPmSN - ok
20:10:03.0656 2252 Wmi (1aff244ca134956c54474f4e2433e4ce) C:\WINDOWS\System32\advapi32.dll
20:10:03.0656 2252 Wmi - ok
20:10:03.0687 2252 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:10:03.0687 2252 WmiApSrv - ok
20:10:03.0703 2252 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:10:03.0718 2252 WS2IFSL - ok
20:10:03.0750 2252 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
20:10:03.0750 2252 wscsvc - ok
20:10:03.0765 2252 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
20:10:03.0765 2252 wuauserv - ok
20:10:03.0812 2252 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
20:10:03.0812 2252 WZCSVC - ok
20:10:03.0843 2252 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
20:10:03.0843 2252 xmlprov - ok
20:10:03.0890 2252 {6080A529-897E-4629-A488-ABA0C29B635E} (1a301c3c65a3d119803fbac5ab65897f) C:\WINDOWS\system32\drivers\ialmsbw.sys
20:10:03.0890 2252 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
20:10:03.0906 2252 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (4afee4b1625d5146b16526e48953d7a6) C:\WINDOWS\system32\drivers\ialmkchw.sys
20:10:03.0921 2252 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
20:10:03.0921 2252 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:10:04.0437 2252 \Device\Harddisk0\DR0 - ok
20:10:04.0468 2252 Boot (0x1200) (aa32e1777bc3e0718b70075cb562b01b) \Device\Harddisk0\DR0\Partition0
20:10:04.0468 2252 \Device\Harddisk0\DR0\Partition0 - ok
20:10:04.0484 2252 Boot (0x1200) (792d5e6c15f969202e865f2cb4a6219d) \Device\Harddisk0\DR0\Partition1
20:10:04.0484 2252 \Device\Harddisk0\DR0\Partition1 - ok
20:10:04.0500 2252 Boot (0x1200) (7d5d35d1c0201d4ab2f0907b4b762f11) \Device\Harddisk0\DR0\Partition2
20:10:04.0500 2252 \Device\Harddisk0\DR0\Partition2 - ok
20:10:04.0515 2252 Boot (0x1200) (3c915f2365e3bdb94f21adaa1947096e) \Device\Harddisk0\DR0\Partition3
20:10:04.0515 2252 \Device\Harddisk0\DR0\Partition3 - ok
20:10:04.0515 2252 ============================================================
20:10:04.0515 2252 Scan finished
20:10:04.0515 2252 ============================================================
20:10:04.0546 1020 Detected object count: 0
20:10:04.0546 1020 Actual detected object count: 0
20:11:38.0140 3116 Deinitialize success






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 20:13:20
-----------------------------
20:13:20.546 OS Version: Windows 5.1.2600 Service Pack 2
20:13:20.546 Number of processors: 2 586 0x409
20:13:20.546 ComputerName: HOME-3AC61C1A98 UserName: Dilesh Solanki
20:13:21.171 Initialize success
20:18:09.265 AVAST engine defs: 12081000
20:18:28.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:18:28.421 Disk 0 Vendor: SAMSUNG_SP0802N TK300-06 Size: 76351MB BusType: 3
20:18:28.437 Disk 0 MBR read successfully
20:18:28.437 Disk 0 MBR scan
20:18:28.453 Disk 0 Windows XP default MBR code
20:18:28.468 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20002 MB offset 63
20:18:28.468 Disk 0 Partition - 00 0F Extended LBA 56337 MB offset 40965750
20:18:28.484 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 20002 MB offset 40965813
20:18:28.484 Disk 0 Partition - 00 05 Extended 20002 MB offset 81931500
20:18:28.500 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20002 MB offset 81931563
20:18:28.500 Disk 0 Partition - 00 05 Extended 16331 MB offset 163863000
20:18:28.515 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 16331 MB offset 122897313
20:18:28.515 Disk 0 scanning sectors +156344580
20:18:28.593 Disk 0 scanning C:\WINDOWS\system32\drivers
20:18:37.437 Service scanning
20:18:50.828 Modules scanning
20:19:00.140 Disk 0 trace - called modules:
20:19:00.156 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys tsk2E.tmp hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:19:00.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89881ab8]
20:19:00.156 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> [0x898fb3f0]
20:19:00.156 5 PCTCore.sys[f742082d] -> nt!IofCallDriver -> \Device\00000076[0x898f8f18]
20:19:00.156 7 tsk2E.tmp[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8985d940]
20:19:00.781 AVAST engine scan C:\WINDOWS
20:19:05.843 AVAST engine scan C:\WINDOWS\system32
20:20:50.890 AVAST engine scan C:\WINDOWS\system32\drivers
20:21:02.281 AVAST engine scan C:\Documents and Settings\Dilesh Solanki
20:24:49.171 AVAST engine scan C:\Documents and Settings\All Users
20:25:00.078 Scan finished successfully
20:25:52.984 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
20:25:52.984 The log file has been saved successfully to "E:\aswMBR.txt"





Esset Scanner :

C:\Documents and Settings\Dilesh Solanki\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk Win32/Adware.ADON application cleaned by deleting - quarantined
C:\Documents and Settings\Dilesh Solanki\Local Settings\Application Data\setup.exe multiple threats cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\RKHit.sys Win32/Adware.SpywareCease application cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:18 PM

Posted 10 August 2012 - 01:57 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users