Malware problems.

Abbey · June 21, 2012

Hello.

I have alot of problems with my computer wich I believe are caused by malwares. Any help would be appreciated.

- I hear audio in the background that randomly turns on and off

- I keep on getting svchost.exe errors and chrome.exe errors when I use google Chrome.

- Audio often doesn't work at all and in order to fix it i need to reinstall my sound drivers (updating does not help)

- Whenever I turn my computer on I have to wait approximately 10mins for winows bar and desktop icons to show

(I can only see my desktop background and nothing but task manager works)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33

Run by Silvo at 2:24:59 on 2012-06-21

Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2160 [GMT -7:00]

.

AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: AVG Firewall *Disabled*

.

============== Running Processes ===============

.

C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\ICQ6Toolbar\ICQ Service.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\npkcmsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\tera fake\TERA-Launcher.exe

C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe

C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Bitdefender\Bitdefender 2012\seccenter.exe

c:\program files\real\realplayer\RealPlay.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: H - No File

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

uURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\prxtbSof1.dll

uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dll

mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll

mURLSearchHooks: H - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {2bbf0fe2-09c9-4467-843a-992bb82b44cc} - c:\windows\system32\nvwrsard.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dll

BHO: Windows Live - Pomoc pri vpisu: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\prxtbSof1.dll

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: MyPlayCity Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\prxtbSof1.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File

TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dll

TB: MyPlayCity Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear

uRun: [AdobeBridge]

mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions

mRun: [iso data fast cast] c:\documents and settings\all users\application data\save time iso data\trans save.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [MSOffice] c:\windows\system32\msoffice\update.exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [AFEC-CEAB] c:\documents and settings\silvo\application data\Seven.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OE1FSC1SNkJGRS1IV1VIRi1EUE5EQS1WRlVXWC0yRU1CUg"&"inst=NzYtODg4NDYwOTgwLVhPMzYrMS1OMUQrMS1QTCs5LUNJUCsyLUREVCsyMzM1OS1UVUcrMy1MU0QrMi1EMzgxTCs2LUkxMCsxLUREMTArMS1TVDEwQVBQKzEtRlVJKzItUDEwVEIrMg"&"prod=94"&"ver=10.0.1415

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [bDFFBC5DC7] c:\documents and settings\localservice\application data\Windows.exe

dRun: [Google Update] c:\documents and settings\localservice\local settings\application data\google\update\gupdate.exe /app 16DA36A7C6637CD4F26B9C1699938645

dRun: [Java] c:\documents and settings\networkservice\application data\Java.exe

dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32

dRunOnce: [RunNarrator] Narrator.exe

mExplorerRun: [AFEC-CEAB] c:\documents and settings\silvo\application data\Seven.exe

StartupFolder: c:\docume~1\silvo\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\averqu~1.lnk - c:\program files\common files\avermedia\averquick\AVerQuick.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217854800937

DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217854781968

DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60} : NameServer = 193.189.160.13,193.189.160.23

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: cryptnet32 - cryptnet32.dll

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {4J2W12JN-24YC-1KEY-3W83-4A0007DEHM43} - c:\windows\system32\msoffice\update.exe Restart

mASetup: {8BD6E6C0-F9FC-AFEC-CEAB-D5AFF0CDDEBD} - c:\documents and settings\silvo\application data\Seven.exe

mASetup: {B4F75571-4C73-7783-DA52-40731B332416} - c:\windows\system32\martin.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll

FF - component: c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - component: c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-3-20 611520]

R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-3-18 21992]

R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2010-11-24 20088]

R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-7-19 247096]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-8 654408]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-10 1262400]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-6-18 793048]

R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2012-3-13 53224]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-8-4 37376]

R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 240184]

R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-2-17 447208]

R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2008-8-4 1180672]

R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2010-9-14 109440]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-8 22344]

S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\shldrv51.sys --> c:\windows\system32\drivers\ShlDrv51.sys [?]

S2 17891;IpSectPro service new;c:\windows\system\178918.exe --> c:\windows\system\178918.exe [?]

S2 AMService;AMService;c:\windows\temp\poky\setup.exe run --> c:\windows\temp\poky\setup.exe run [?]

S2 CardBusService;CardBusService;c:\program files\common files\avermedia\service\CardBusService.exe [2008-8-4 188416]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]

S2 jakfcswx;jakfcswx;"c:\docume~1\silvo\locals~1\temp\dat9a2.tmp.exe" --service --> c:\docume~1\silvo\locals~1\temp\DAT9A2.tmp.exe [?]

S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\drivers\pavproc.sys --> c:\windows\system32\drivers\PavProc.sys [?]

S2 PavPrSrv;Panda Process Protection Service;"c:\program files\common files\panda software\pavshld\pavprsrv.exe" --> c:\program files\common files\panda software\pavshld\pavprsrv.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 257224]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]

S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?]

S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys --> c:\windows\system32\drivers\bdfndisf.sys [?]

S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-6-17 23456]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-2 36608]

S3 GEMC001;GEMC001;C:\GEMC001.sys [2012-3-18 72136]

S3 GEMC002;GEMC002;C:\GEMC002.sys [2012-3-19 72136]

S3 GEMC003;GEMC003;C:\GEMC003.sys [2012-3-18 72136]

S3 GEMC004;GEMC004;C:\GEMC004.sys [2012-3-19 72136]

S3 GEMC005;GEMC005;C:\GEMC005.sys [2012-3-18 72136]

S3 GEMC007;GEMC007;C:\GEMC007.sys [2012-3-18 72136]

S3 GEMC009;GEMC009;C:\GEMC009.sys [2012-3-18 72136]

S3 GEMC011;GEMC011;C:\GEMC011.sys [2012-3-29 72136]

S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-7-29 27064]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]

S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-8-7 81832]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-8-7 13864]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-8-7 107304]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-8-7 99112]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-8-7 21928]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-8-7 97320]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-8-7 97704]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-10-14 307544]

S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]

S3 XDva275;XDva275;\??\c:\windows\system32\xdva275.sys --> c:\windows\system32\XDva275.sys [?]

S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?]

S3 XDva288;XDva288;\??\c:\windows\system32\xdva288.sys --> c:\windows\system32\XDva288.sys [?]

S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?]

S3 XDva380;XDva380;\??\c:\windows\system32\xdva380.sys --> c:\windows\system32\XDva380.sys [?]

S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]

S3 XDva387;XDva387;\??\c:\windows\system32\xdva387.sys --> c:\windows\system32\XDva387.sys [?]

S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]

S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?]

S3 XDva392;XDva392;\??\c:\windows\system32\xdva392.sys --> c:\windows\system32\XDva392.sys [?]

S3 XDva393;XDva393;\??\c:\windows\system32\xdva393.sys --> c:\windows\system32\XDva393.sys [?]

S3 XDva394;XDva394;\??\c:\windows\system32\xdva394.sys --> c:\windows\system32\XDva394.sys [?]

S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]

S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-2 233472]

.

=============== Created Last 30 ================

.

2012-06-20 16:45:33 69632 ----a-w- c:\windows\Alcmtr.exe

2012-06-19 08:47:00 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-06-18 16:32:01 880640 ----a-w- c:\windows\system32\UniBox10.ocx

2012-06-18 16:32:01 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX

2012-06-18 16:32:01 37336 ----a-w- c:\windows\system32\CleanMFT32.exe

2012-06-18 16:32:01 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx

2012-06-18 16:32:01 1101824 ----a-w- c:\windows\system32\UniBox210.ocx

2012-06-18 16:31:58 -------- d-----w- c:\program files\PC Tools Registry Mechanic

2012-06-18 16:31:58 -------- d-----w- c:\program files\common files\PC Tools

2012-06-18 09:16:01 -------- d-----w- c:\documents and settings\silvo\local settings\application data\Opera

2012-06-17 22:45:24 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys

2012-06-17 22:45:24 -------- d-----w- c:\documents and settings\silvo\local settings\application data\eSupport.com

2012-06-17 21:44:55 -------- d-----w- C:\Rbackup

2012-06-17 21:41:22 -------- d-----w- c:\program files\Perfect Uninstaller

2012-06-15 10:36:04 340624 ----a-w- c:\windows\system32\drivers\trufos.sys

2012-06-15 10:36:03 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2012-06-15 10:04:47 200593 ----a-w- c:\documents and settings\all users\application data\1339754446.bdinstall.bin

2012-06-15 10:04:12 -------- d-----w- c:\documents and settings\all users\application data\BDLogging

2012-06-15 10:03:38 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll

2012-06-15 10:03:13 -------- d-----w- c:\documents and settings\silvo\application data\Bitdefender

2012-06-15 10:00:58 -------- d-----w- c:\documents and settings\silvo\application data\QuickScan

2012-06-15 09:20:02 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-15 09:20:02 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-23 19:45:13 -------- d-----w- c:\documents and settings\silvo\application data\Mumble

2012-05-23 19:33:50 -------- d-----w- c:\program files\Mumble

.

==================== Find3M ====================

.

2012-06-15 09:19:51 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-14 13:55:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-14 13:55:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-25 13:12:36 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-05-25 13:12:36 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-05-25 13:09:16 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin

2012-05-15 10:18:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll

2012-05-15 10:18:00 65536 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll

2012-05-15 10:18:00 2530624 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-15 10:18:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll

2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll

2012-05-15 10:18:00 17543168 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2012-05-15 10:18:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll

2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe

2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe

2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-29 08:53:35 72136 ----a-w- C:\GEMC011.sys

2012-03-24 15:51:51 72136 ----a-w- C:\GEMC009.sys

2012-03-24 15:47:39 72136 ----a-w- C:\GEMC005.sys

2012-03-24 15:45:49 72136 ----a-w- C:\GEMC003.sys

2012-03-24 15:45:20 72136 ----a-w- C:\GEMC001.sys

2011-11-21 22:19:43 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: SAMSUNG_HD502IJ rev.1AA01109 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-7

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AE9AEE4]<<

_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x89b83820; SUB DWORD [EBP-0x4], 0x89b8312e; PUSH EDI; CALL 0xffffffffffffe10c; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AF02AB8]

3 CLASSPNP[0xF74C7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000093[0x8AF37560]

5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8AF4E030]

[0x8AF04CE0] -> IRP_MJ_CREATE -> 0x8AE9AEE4

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Ide\IdeDeviceP2T0L0-7 -> \??\IDE#DiskSAMSUNG_HD502IJ_________________________1AA01109#31535433444a5157313331353237202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x8AE9ACE2

user & kernel MBR OK

sectors 976773166 (+255): user != kernel

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 2:26:32.35 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 04/08/2008 05:08:59

System Uptime: 20/06/2012 03:07:58 (23 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5K SE/EPU

Processor: Procesor Intel Pentium III Xeon | LGA775 | 2666/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 99.067 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

L: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}

Description: PS/2 Keyboard

Device ID: ACPI\PNP0303\4&1400782C&0

Manufacturer: Logitech

Name: PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&1400782C&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP9: 15/03/2012 15:27:01 - Installed Realtek High Definition Audio Driver

RP10: 18/03/2012 15:32:00 - Installed Realtek High Definition Audio Driver

RP18: 06/04/2012 10:48:06 - Installed TuneUp Utilities 2012

RP19: 06/04/2012 10:59:30 - Removed TuneUp Utilities 2012

RP20: 06/04/2012 10:59:58 - Removed TuneUp Utilities Language Pack (en-US)

RP21: 07/04/2012 17:39:03 - System Checkpoint

RP22: 08/04/2012 18:22:54 - System Checkpoint

RP23: 09/04/2012 18:33:12 - System Checkpoint

RP24: 10/04/2012 19:33:11 - System Checkpoint

RP25: 12/04/2012 01:53:54 - System Checkpoint

RP26: 13/04/2012 02:35:48 - System Checkpoint

RP27: 14/04/2012 03:17:56 - System Checkpoint

RP28: 15/04/2012 01:02:13 - Removed Java 6 Update 29

RP29: 16/04/2012 01:53:53 - System Checkpoint

RP30: 17/04/2012 02:58:38 - System Checkpoint

RP31: 18/04/2012 05:15:07 - System Checkpoint

RP32: 19/04/2012 06:35:20 - Installed Realtek High Definition Audio Driver

RP33: 20/04/2012 17:54:25 - System Checkpoint

RP34: 21/04/2012 18:45:01 - System Checkpoint

RP35: 22/04/2012 19:44:59 - System Checkpoint

RP36: 23/04/2012 20:45:01 - System Checkpoint

RP37: 24/04/2012 21:43:56 - System Checkpoint

RP38: 25/04/2012 22:41:46 - System Checkpoint

RP39: 26/04/2012 23:41:49 - System Checkpoint

RP40: 27/04/2012 23:42:01 - System Checkpoint

RP41: 28/04/2012 09:54:21 - Installed Realtek High Definition Audio Driver

RP42: 02/05/2012 05:23:13 - Installed Realtek High Definition Audio Driver

RP43: 02/05/2012 05:26:04 - Installed Realtek High Definition Audio Driver

RP44: 03/05/2012 04:04:05 - Installed Realtek High Definition Audio Driver

RP45: 03/05/2012 07:49:49 - Installed Realtek High Definition Audio Driver

RP46: 03/05/2012 12:34:30 - Installed Realtek High Definition Audio Driver

RP47: 03/05/2012 13:19:06 - Installed Realtek High Definition Audio Driver

RP48: 10/05/2012 02:24:12 - Installed Realtek High Definition Audio Driver

RP49: 10/05/2012 02:33:49 - Installed Realtek High Definition Audio Driver

RP50: 18/05/2012 18:25:03 - System Checkpoint

RP51: 19/05/2012 18:47:14 - System Checkpoint

RP52: 20/05/2012 18:50:59 - System Checkpoint

RP53: 21/05/2012 19:05:29 - System Checkpoint

RP54: 22/05/2012 19:09:24 - System Checkpoint

RP55: 23/05/2012 12:33:43 - Installed Mumble 1.2.3

RP56: 24/05/2012 19:35:01 - System Checkpoint

RP57: 25/05/2012 06:06:40 - Installed Realtek High Definition Audio Driver

RP58: 25/05/2012 07:21:33 - Installed Realtek High Definition Audio Driver

RP59: 29/05/2012 16:54:50 - System Checkpoint

RP60: 30/05/2012 18:35:02 - System Checkpoint

RP61: 31/05/2012 18:46:34 - System Checkpoint

RP62: 01/06/2012 19:47:59 - System Checkpoint

RP63: 02/06/2012 20:47:56 - System Checkpoint

RP64: 03/06/2012 21:47:56 - System Checkpoint

RP65: 04/06/2012 22:47:58 - System Checkpoint

RP66: 05/06/2012 23:47:55 - System Checkpoint

RP67: 07/06/2012 00:48:07 - System Checkpoint

RP68: 08/06/2012 01:52:48 - System Checkpoint

RP69: 09/06/2012 02:48:12 - System Checkpoint

RP70: 09/06/2012 09:54:54 - Installed Realtek High Definition Audio Driver

RP71: 14/06/2012 10:11:27 - Installed Realtek High Definition Audio Driver

RP72: 15/06/2012 02:19:17 - Removed Java 6 Update 31

RP73: 17/06/2012 00:21:33 - Installed Realtek High Definition Audio Driver

RP74: 20/06/2012 03:14:42 - Installed Realtek High Definition Audio Driver

.

==== Installed Programs ======================

.

"Nero SoundTrax Help

AAC Decoder

ABBYY FineReader 6.0 Sprint

AC3Filter (remove only)

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader 8.3.1

Adobe Shockwave Player 11.6

Advertising Center

Aion

Aion (Europe)

Aion (North America)

APB Reloaded

Apple Software Update

Ask Toolbar

Atheros Communications Inc.® L1 Gigabit Ethernet Driver

AVerMedia M135-Series PCI TV Tuner 3.5.0.65

AVerMedia MCE Encoder 3.2.1.62

AVerTV

Bitdefender Antivirus Plus 2012

BitTorrent

BitTorrentBar Toolbar

Born To Be Big

BS.Player FREE powered by AdVantage

CCleaner

CDDRV_Installer

Cheat Engine 5.6

CPUID CPU-Z 1.60

Critical Update for Windows Media Player 11 (KB959772)

Crystal Reports Basic for Visual Studio 2008

DAEMON Tools Toolbar

DirectVobSub 2.40.4209

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Setup

DivX Version Checker

DolbyFiles

DriverAgent by eSupport.com

EA Download Manager

Epson Easy Photo Print 2

EPSON Scan

Epson Stylus SX210_SX410_TX210_TX410 Priročnik

EPSON SX410 Series Printer Uninstall

EPSON Web-To-Page

FindXplorer 1.0 build 111

GamersFirst LIVE!

GameSpy Arcade

GameSpy Comrade

globaldk

Google Chrome

Google Update Helper

Google Updater

Google Zemlja

Granado Espada

H.264 Decoder

Halo 2 for Windows Vista

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)

Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976002-v5)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

hp print screen utility

HWiNFO32 Version 3.62

ICQ Toolbar

ICQ7.2

ImagXpress

Java Auto Updater

Java 6 Update 33

Junk Mail filter update

KhalInstallWrapper

LiveSearch Notification Tool

Logitech Registration

Logitech SetPoint

Macro Wizard 4.1

Magic ISO Maker v5.5 (build 0272)

Magic ISO Maker v5.5 (build 0281)

MagicDisc 2.7.105

MegaTrainer eXperience V1.0.9.0

Menu Templates - Starter Kit

Messenger Plus! Live

Microsoft .NET Compact Framework 2.0 SP2

Microsoft .NET Compact Framework 3.5

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Device Emulator version 3.0 - ENU

Microsoft Document Explorer 2008

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

Microsoft Office Visual Web Developer 2007

Microsoft Office Visual Web Developer MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Compact 3.5 Design Tools ENU

Microsoft SQL Server Compact 3.5 ENU

Microsoft SQL Server Compact 3.5 for Devices ENU

Microsoft SQL Server Database Publishing Wizard 1.2

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Visual Studio 2008 Professional Edition - ENU

Microsoft Visual Studio Web Authoring Component

Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools

Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense

Microsoft Windows SDK for Visual Studio 2008 Tools

Microsoft Windows SDK for Visual Studio 2008 Win32 Tools

Microsoft WSE 3.0 Runtime

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Minecraft Beta Cracked

MKV Splitter

Movie Templates - Starter Kit

Mozilla Firefox 10.0.2 (x86 sl)

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

Mumble 1.2.3

NCsoft Launcher

Neffy 1,2,0,22

Nero - Burning Rom

Nero 9

Nero BurningROM

Nero BurnRights

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DriveSpeed

Nero Express

Nero InfoTool

Nero Installer

Nero Live

Nero Live Help

Nero PhotoSnap

Nero PhotoSnap Help

Nero Recode

Nero Recode Help

Nero Rescue Agent

Nero RescueAgent Help

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero WaveEditor

Nero WaveEditor Help

NeroBurningROM

NeroExpress

neroxml

Nexus Mod Manager

nProtect KeyCrypt

NVIDIA Graphic driver 301.42

NVIDIA Install Application

NVIDIA control panel 301.42

NVIDIA nTune

NVIDIA nView Desktop Manager

NVIDIA PhysX

NVIDIA update 1.8.15

NVIDIA Programa nView 136.27

NVIDIA System software PhysX 9.12.0213

NVIDIA Update Components

Opera 12.00

Transfer service for Windows Live

Paint.NET v3.5.1

Pando Media Booster

PC Tools Registry Mechanic 11.0

PDF Settings CS5

PhotoScape

Pocket Theme Organizer

Pošta Windows Live

PunkBuster Services

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Revo Uninstaller Pro 2.5.3

Rockstar Games Social Club

SAMSUNG Mobile Composite Device Software

SAMSUNG Mobile Modem Driver Set

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung New PC Studio

Samsung New PC Studio USB Driver Installer

Sanctum © Coffee Stain Studios version 1

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2466156)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2464583)

Security Update for Microsoft Office Groove 2007 (KB2494047)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2464594)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Segoe UI

Ski Challenge 2009 (zurnal24.si)

Skype™ 4.0

Softonic_English Toolbar

Software Update for Web Folders

Sony Ericsson Device Data

Sony Ericsson Drivers

Sony Ericsson PC Suite

SoundTrax

Steam

SUPERAntiSpyware

swMSM

Sword 2

System Requirements Lab

System Requirements Lab CYRI

System Requirements Lab for Intel

TeamSpeak 2 RC2

TeamSpeak 3 Client

TeamViewer 6

TeamViewer 7

TERA

Tweak UI

Ubisoft Game Launcher

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2412171)

Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)

Update for Outlook 2007 Junk Email Filter (KB2522999)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2345886)

Update for Windows XP (KB942763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

USB Mass Storage Toolbox

VC80CRTRedist - 8.0.50727.6195

Visual Studio Tools for the Office system 3.0 Runtime

VLC media player 2.0.1

VMware Player

Wallery

WebFldrs XP

Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)

Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live - Pomocnik za vpis

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Mobile 5.0 SDK R2 for Pocket PC

Windows Mobile 5.0 SDK R2 for Smartphone

Windows Presentation Foundation

Windows XP Service Pack 3

WinFast® Display Driver

WinFox Setup

WinRAR archiver

Xfire (remove only)

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

18/06/2012 10:43:46, informacija: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Silvo.

18/06/2012 10:43:45, informacija: Windows File Protection [64021] - The System file c:\windows\system32\inetsrv\certmap.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

18/06/2012 10:43:41, informacija: Windows File Protection [64016] - Windows File Protection file scan was started.

18/06/2012 10:43:22, informacija: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Silvo.

18/06/2012 10:43:21, informacija: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\certmap.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.]. This file is necessary to maintain system stability.

.

==== End Of File ===========================

Maniac · June 21, 2012

Hello Abbey! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

All of your problems are due to malware.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall the following applications:

Ask Toolbar

BitTorrent

BitTorrentBar Toolbar

DAEMON Tools Toolbar

ICQ Toolbar

Softonic_English Toolbar

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

TDSSKiller log
Malwarebytes' Anti-Malware log
a new fresh DDS log file

Abbey · June 21, 2012

03:55:37.0062 5440 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

03:55:37.0140 5440 ============================================================

03:55:37.0140 5440 Current date / time: 2012/06/21 03:55:37.0140

03:55:37.0140 5440 SystemInfo:

03:55:37.0140 5440

03:55:37.0140 5440 OS Version: 5.1.2600 ServicePack: 3.0

03:55:37.0140 5440 Product type: Workstation

03:55:37.0140 5440 ComputerName: SILVO1

03:55:37.0140 5440 UserName: Silvo

03:55:37.0140 5440 Windows directory: C:\WINDOWS

03:55:37.0140 5440 System windows directory: C:\WINDOWS

03:55:37.0140 5440 Processor architecture: Intel x86

03:55:37.0140 5440 Number of processors: 2

03:55:37.0140 5440 Page size: 0x1000

03:55:37.0140 5440 Boot type: Normal boot

03:55:37.0140 5440 ============================================================

03:55:39.0984 5440 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

03:55:40.0000 5440 ============================================================

03:55:40.0000 5440 \Device\Harddisk0\DR0:

03:55:40.0000 5440 MBR partitions:

03:55:40.0000 5440 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41

03:55:40.0000 5440 ============================================================

03:55:40.0015 5440 C: <-> \Device\Harddisk0\DR0\Partition0

03:55:40.0015 5440 ============================================================

03:55:40.0015 5440 Initialize success

03:55:40.0015 5440 ============================================================

03:56:15.0906 7628 ============================================================

03:56:15.0906 7628 Scan started

03:56:15.0906 7628 Mode: Manual; SigCheck; TDLFS;

03:56:15.0906 7628 ============================================================

03:56:16.0281 7628 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

03:56:16.0390 7628 !SASCORE - ok

03:56:16.0437 7628 17891 - ok

03:56:16.0500 7628 Abiosdsk - ok

03:56:16.0500 7628 abp480n5 - ok

03:56:16.0546 7628 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

03:56:23.0187 7628 ACPI - ok

03:56:23.0218 7628 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

03:56:23.0328 7628 ACPIEC - ok

03:56:23.0406 7628 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

03:56:23.0437 7628 AdobeFlashPlayerUpdateSvc - ok

03:56:23.0453 7628 adpu160m - ok

03:56:23.0484 7628 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

03:56:23.0609 7628 aec - ok

03:56:23.0640 7628 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

03:56:23.0671 7628 AegisP ( UnsignedFile.Multi.Generic ) - warning

03:56:23.0671 7628 AegisP - detected UnsignedFile.Multi.Generic (1)

03:56:23.0703 7628 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

03:56:23.0781 7628 AFD - ok

03:56:23.0781 7628 Aha154x - ok

03:56:23.0781 7628 aic78u2 - ok

03:56:23.0781 7628 aic78xx - ok

03:56:23.0828 7628 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

03:56:23.0921 7628 Alerter - ok

03:56:23.0937 7628 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

03:56:23.0984 7628 ALG - ok

03:56:23.0984 7628 AliIde - ok

03:56:24.0000 7628 AMService - ok

03:56:24.0000 7628 amsint - ok

03:56:24.0031 7628 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

03:56:24.0093 7628 AppMgmt - ok

03:56:24.0093 7628 asc - ok

03:56:24.0093 7628 asc3350p - ok

03:56:24.0093 7628 asc3550 - ok

03:56:24.0234 7628 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

03:56:24.0250 7628 aspnet_state - ok

03:56:24.0265 7628 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

03:56:24.0375 7628 AsyncMac - ok

03:56:24.0406 7628 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

03:56:24.0500 7628 atapi - ok

03:56:24.0531 7628 AtcL001 (f732284e3ca19b38239853e2711041d4) C:\WINDOWS\system32\DRIVERS\l151x86.sys

03:56:24.0578 7628 AtcL001 - ok

03:56:24.0578 7628 Atdisk - ok

03:56:24.0593 7628 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

03:56:24.0671 7628 Atmarpc - ok

03:56:24.0718 7628 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

03:56:24.0812 7628 AudioSrv - ok

03:56:24.0843 7628 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

03:56:24.0921 7628 audstub - ok

03:56:24.0968 7628 avc3 (f0c0e213d6d811384a49981adff0b6c0) C:\WINDOWS\system32\DRIVERS\avc3.sys

03:56:25.0046 7628 avc3 - ok

03:56:25.0062 7628 avchv (a64529781e5b9cc454666a33a24e3e1d) C:\WINDOWS\system32\DRIVERS\avchv.sys

03:56:25.0078 7628 avchv - ok

03:56:25.0109 7628 avckf (2bce314a25e71298add6794bfbd66266) C:\WINDOWS\system32\DRIVERS\avckf.sys

03:56:25.0109 7628 avckf - ok

03:56:25.0187 7628 AVerBDA3x (87a76ec8bf8ed0f67e548c4a8e1efb90) C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys

03:56:25.0343 7628 AVerBDA3x - ok

03:56:25.0375 7628 AVG Security Toolbar Service - ok

03:56:25.0375 7628 bdfm - ok

03:56:25.0375 7628 Bdfndisf - ok

03:56:25.0421 7628 bdfsfltr (5ef7ac38b4a7dc80860d7ffafac78c36) C:\WINDOWS\system32\drivers\bdfsfltr.sys

03:56:25.0421 7628 bdfsfltr - ok

03:56:25.0484 7628 bdftdif (f7d825f7e47d8a7865f5d2156b1b7a24) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys

03:56:25.0500 7628 bdftdif - ok

03:56:25.0546 7628 bdsandbox (e260c0079b5c1107b87e98f356292004) C:\WINDOWS\system32\drivers\bdsandbox.sys

03:56:25.0562 7628 bdsandbox - ok

03:56:25.0640 7628 bdselfpr (042941c8e50f38e34c3c345f45e16cf3) C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys

03:56:25.0656 7628 bdselfpr - ok

03:56:25.0671 7628 BDVEDISK (375cd0b9f433465ec6f50d4df44e9448) C:\WINDOWS\system32\DRIVERS\bdvedisk.sys

03:56:25.0687 7628 BDVEDISK - ok

03:56:25.0718 7628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

03:56:25.0812 7628 Beep - ok

03:56:25.0859 7628 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

03:56:25.0968 7628 BITS - ok

03:56:26.0000 7628 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

03:56:26.0078 7628 Browser - ok

03:56:26.0156 7628 CardBusService (c0acddc7e54cdd9c580e069bd1ea0056) C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe

03:56:26.0171 7628 CardBusService ( UnsignedFile.Multi.Generic ) - warning

03:56:26.0171 7628 CardBusService - detected UnsignedFile.Multi.Generic (1)

03:56:26.0187 7628 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

03:56:26.0281 7628 cbidf2k - ok

03:56:26.0328 7628 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

03:56:26.0437 7628 CCDECODE - ok

03:56:26.0437 7628 cd20xrnt - ok

03:56:26.0453 7628 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

03:56:26.0546 7628 Cdaudio - ok

03:56:26.0546 7628 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

03:56:26.0984 7628 Cdfs - ok

03:56:27.0000 7628 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

03:56:27.0109 7628 Cdrom - ok

03:56:27.0109 7628 Changer - ok

03:56:27.0125 7628 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

03:56:27.0218 7628 CiSvc - ok

03:56:27.0234 7628 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

03:56:27.0328 7628 ClipSrv - ok

03:56:27.0453 7628 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

03:56:27.0468 7628 clr_optimization_v2.0.50727_32 - ok

03:56:27.0500 7628 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

03:56:27.0531 7628 clr_optimization_v4.0.30319_32 - ok

03:56:27.0531 7628 CmdIde - ok

03:56:27.0531 7628 COMSysApp - ok

03:56:27.0531 7628 Cpqarray - ok

03:56:27.0593 7628 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys

03:56:27.0609 7628 cpudrv - ok

03:56:27.0625 7628 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\WINDOWS\system32\drivers\cpuz135_x32.sys

03:56:27.0640 7628 cpuz135 - ok

03:56:27.0656 7628 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

03:56:27.0734 7628 CryptSvc - ok

03:56:27.0734 7628 dac2w2k - ok

03:56:27.0734 7628 dac960nt - ok

03:56:27.0781 7628 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

03:56:27.0843 7628 DcomLaunch - ok

03:56:27.0890 7628 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

03:56:27.0984 7628 Dhcp - ok

03:56:28.0000 7628 Disk (b0f0f54f12e1ffe1ec5c214e3abd56b5) C:\WINDOWS\system32\DRIVERS\disk.sys

03:56:28.0000 7628 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: b0f0f54f12e1ffe1ec5c214e3abd56b5, Fake md5: 044452051f3e02e7963599fc8f4f3e25

03:56:28.0000 7628 Disk ( Rootkit.Win32.TDSS.tdl3 ) - infected

03:56:28.0000 7628 Disk - detected Rootkit.Win32.TDSS.tdl3 (0)

03:56:28.0015 7628 dmadmin - ok

03:56:28.0062 7628 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

03:56:28.0156 7628 dmboot - ok

03:56:28.0187 7628 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

03:56:28.0296 7628 dmio - ok

03:56:28.0312 7628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

03:56:28.0406 7628 dmload - ok

03:56:28.0437 7628 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

03:56:28.0515 7628 dmserver - ok

03:56:28.0546 7628 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

03:56:28.0640 7628 DMusic - ok

03:56:28.0671 7628 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

03:56:28.0703 7628 Dnscache - ok

03:56:28.0734 7628 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

03:56:28.0828 7628 Dot3svc - ok

03:56:28.0828 7628 dpti2o - ok

03:56:28.0828 7628 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

03:56:28.0906 7628 drmkaud - ok

03:56:28.0921 7628 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys

03:56:28.0953 7628 DrvAgent32 ( UnsignedFile.Multi.Generic ) - warning

03:56:28.0953 7628 DrvAgent32 - detected UnsignedFile.Multi.Generic (1)

03:56:28.0953 7628 EagleNT - ok

03:56:28.0984 7628 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

03:56:29.0078 7628 EapHost - ok

03:56:29.0093 7628 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

03:56:29.0187 7628 ERSvc - ok

03:56:29.0218 7628 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

03:56:29.0234 7628 Eventlog - ok

03:56:29.0281 7628 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

03:56:29.0328 7628 EventSystem - ok

03:56:29.0359 7628 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

03:56:29.0453 7628 Fastfat - ok

03:56:29.0484 7628 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

03:56:29.0531 7628 FastUserSwitchingCompatibility - ok

03:56:29.0562 7628 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

03:56:29.0640 7628 Fdc - ok

03:56:29.0656 7628 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

03:56:29.0734 7628 Fips - ok

03:56:29.0734 7628 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

03:56:29.0828 7628 Flpydisk - ok

03:56:29.0875 7628 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

03:56:29.0953 7628 FltMgr - ok

03:56:30.0078 7628 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

03:56:30.0093 7628 FontCache3.0.0.0 - ok

03:56:30.0125 7628 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS

03:56:30.0140 7628 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning

03:56:30.0140 7628 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)

03:56:30.0171 7628 FsUsbExService (d3f9205cc4cb07553f2f9472c767ea87) C:\WINDOWS\system32\FsUsbExService.Exe

03:56:30.0218 7628 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning

03:56:30.0218 7628 FsUsbExService - detected UnsignedFile.Multi.Generic (1)

03:56:30.0250 7628 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

03:56:30.0343 7628 Fs_Rec - ok

03:56:30.0359 7628 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

03:56:30.0484 7628 Ftdisk - ok

03:56:30.0500 7628 GEMC001 (e13d7a6ce0fa36326c56532595a2ca73) C:\GEMC001.sys

03:56:30.0531 7628 GEMC001 ( UnsignedFile.Multi.Generic ) - warning

03:56:30.0531 7628 GEMC001 - detected UnsignedFile.Multi.Generic (1)

03:56:30.0578 7628 GEMC002 (b937bdd541da5a423ba8c887df59f1e0) C:\GEMC002.sys

03:56:30.0609 7628 GEMC002 ( UnsignedFile.Multi.Generic ) - warning

03:56:30.0609 7628 GEMC002 - detected UnsignedFile.Multi.Generic (1)

03:56:30.0625 7628 GEMC003 (de204595d48ae1714e21da4bd7bf1a7b) C:\GEMC003.sys

03:56:30.0656 7628 GEMC003 ( UnsignedFile.Multi.Generic ) - warning

03:56:30.0656 7628 GEMC003 - detected UnsignedFile.Multi.Generic (1)

03:56:30.0671 7628 GEMC004 (e91d4b3d552fb303d203fd69c744201f) C:\GEMC004.sys

03:56:30.0703 7628 GEMC004 ( UnsignedFile.Multi.Generic ) - warning

03:56:30.0703 7628 GEMC004 - detected UnsignedFile.Multi.Generic (1)

03:56:30.0718 7628 GEMC005 (f7e62c64b36fe6e3e28bbf695e845561) C:\GEMC005.sys

03:56:30.0750 7628 GEMC005 ( UnsignedFile.Multi.Generic ) - warning

03:56:30.0750 7628 GEMC005 - detected UnsignedFile.Multi.Generic (1)

03:56:30.0796 7628 GEMC007 (f57292cab90e63a28fd9af9f30bc1ac8) C:\GEMC007.sys

03:56:30.0843 7628 GEMC007 ( UnsignedFile.Multi.Generic ) - warning

03:56:30.0843 7628 GEMC007 - detected UnsignedFile.Multi.Generic (1)

03:56:30.0890 7628 GEMC009 (d555d20a58b376064cc5650c476ca95f) C:\GEMC009.sys

03:56:30.0921 7628 GEMC009 ( UnsignedFile.Multi.Generic ) - warning

03:56:30.0921 7628 GEMC009 - detected UnsignedFile.Multi.Generic (1)

03:56:30.0953 7628 GEMC011 (083bd2ddf3ed2fe5f9a93d5e2cd63517) C:\GEMC011.sys

03:56:30.0968 7628 GEMC011 ( UnsignedFile.Multi.Generic ) - warning

03:56:30.0968 7628 GEMC011 - detected UnsignedFile.Multi.Generic (1)

03:56:31.0000 7628 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

03:56:31.0093 7628 Gpc - ok

03:56:31.0296 7628 gupdate1ca19f0d79b2096 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

03:56:31.0296 7628 gupdate1ca19f0d79b2096 - ok

03:56:31.0312 7628 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

03:56:31.0312 7628 gupdatem - ok

03:56:31.0375 7628 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

03:56:31.0390 7628 gusvc - ok

03:56:31.0437 7628 hamachi (d30b31375c40309425c21efe75db90bb) C:\WINDOWS\system32\DRIVERS\hamachi.sys

03:56:31.0453 7628 hamachi - ok

03:56:31.0484 7628 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

03:56:31.0515 7628 HDAudBus ( UnsignedFile.Multi.Generic ) - warning

03:56:31.0515 7628 HDAudBus - detected UnsignedFile.Multi.Generic (1)

03:56:31.0562 7628 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

03:56:31.0656 7628 helpsvc - ok

03:56:31.0687 7628 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

03:56:31.0796 7628 HidServ - ok

03:56:31.0828 7628 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

03:56:31.0921 7628 HidUsb - ok

03:56:31.0937 7628 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

03:56:32.0031 7628 hkmsvc - ok

03:56:32.0156 7628 hpdj - ok

03:56:32.0156 7628 hpn - ok

03:56:32.0203 7628 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

03:56:32.0250 7628 HTTP - ok

03:56:32.0312 7628 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

03:56:32.0406 7628 HTTPFilter - ok

03:56:32.0484 7628 HWiNFO32 (ac1e9496ba0ac3b27b45f2228ed51b2c) C:\Program Files\HWiNFO32\HWiNFO32.SYS

03:56:32.0484 7628 HWiNFO32 - ok

03:56:32.0484 7628 i2omgmt - ok

03:56:32.0484 7628 i2omp - ok

03:56:32.0500 7628 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

03:56:32.0593 7628 i8042prt - ok

03:56:32.0671 7628 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

03:56:32.0703 7628 IDriverT ( UnsignedFile.Multi.Generic ) - warning

03:56:32.0703 7628 IDriverT - detected UnsignedFile.Multi.Generic (1)

03:56:32.0828 7628 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

03:56:32.0875 7628 idsvc - ok

03:56:32.0890 7628 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

03:56:32.0984 7628 Imapi - ok

03:56:33.0015 7628 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

03:56:33.0093 7628 ImapiService - ok

03:56:33.0093 7628 ini910u - ok

03:56:33.0453 7628 IntcAzAudAddService (6ed742d93bcf9af7718bbbe8f080dbbd) C:\WINDOWS\system32\drivers\RtkHDAud.sys

03:56:33.0718 7628 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning

03:56:33.0718 7628 IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1)

03:56:33.0796 7628 IntelIde - ok

03:56:33.0843 7628 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

03:56:33.0921 7628 intelppm - ok

03:56:33.0953 7628 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

03:56:34.0046 7628 Ip6Fw - ok

03:56:34.0078 7628 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

03:56:34.0171 7628 IpFilterDriver - ok

03:56:34.0187 7628 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

03:56:34.0265 7628 IpInIp - ok

03:56:34.0296 7628 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

03:56:34.0390 7628 IpNat - ok

03:56:34.0406 7628 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

03:56:34.0500 7628 IPSec - ok

03:56:34.0500 7628 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

03:56:34.0562 7628 IRENUM - ok

03:56:34.0578 7628 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

03:56:34.0656 7628 isapnp - ok

03:56:34.0796 7628 jakfcswx - ok

03:56:34.0906 7628 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe

03:56:34.0921 7628 JavaQuickStarterService - ok

03:56:34.0968 7628 kbdcap (d96ad2e7e91b994f81779144f56bed73) C:\WINDOWS\system32\drivers\kbdcap.sys

03:56:35.0000 7628 kbdcap ( UnsignedFile.Multi.Generic ) - warning

03:56:35.0000 7628 kbdcap - detected UnsignedFile.Multi.Generic (1)

03:56:35.0031 7628 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

03:56:35.0109 7628 Kbdclass - ok

03:56:35.0125 7628 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

03:56:35.0218 7628 kbdhid - ok

03:56:35.0250 7628 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

03:56:35.0343 7628 kmixer - ok

03:56:35.0375 7628 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

03:56:35.0437 7628 KSecDD - ok

03:56:35.0437 7628 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

03:56:35.0453 7628 L8042Kbd - ok

03:56:35.0484 7628 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

03:56:35.0515 7628 lanmanserver - ok

03:56:35.0546 7628 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

03:56:35.0578 7628 lanmanworkstation - ok

03:56:35.0593 7628 lbrtfdc - ok

03:56:35.0687 7628 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

03:56:35.0718 7628 LBTServ - ok

03:56:35.0750 7628 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

03:56:35.0765 7628 LHidFilt - ok

03:56:35.0812 7628 LIVESRV - ok

03:56:35.0859 7628 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

03:56:35.0937 7628 LmHosts - ok

03:56:35.0937 7628 lmimirr - ok

03:56:35.0937 7628 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

03:56:35.0953 7628 LMouFilt - ok

03:56:35.0953 7628 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys

03:56:35.0968 7628 LUsbFilt - ok

03:56:36.0000 7628 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

03:56:36.0000 7628 MBAMProtector - ok

03:56:36.0078 7628 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

03:56:36.0093 7628 MBAMService - ok

03:56:36.0140 7628 mcdbus (af61a1c34e2d3f7543f9ccfc323170b8) C:\WINDOWS\system32\DRIVERS\mcdbus.sys

03:56:36.0187 7628 mcdbus ( UnsignedFile.Multi.Generic ) - warning

03:56:36.0187 7628 mcdbus - detected UnsignedFile.Multi.Generic (1)

03:56:36.0203 7628 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

03:56:36.0281 7628 Messenger - ok

03:56:36.0390 7628 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

03:56:36.0406 7628 Microsoft Office Groove Audit Service - ok

03:56:36.0437 7628 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

03:56:36.0531 7628 mnmdd - ok

03:56:36.0593 7628 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

03:56:36.0687 7628 mnmsrvc - ok

03:56:36.0718 7628 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

03:56:36.0796 7628 Modem - ok

03:56:36.0812 7628 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

03:56:36.0906 7628 Mouclass - ok

03:56:36.0937 7628 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

03:56:37.0000 7628 mouhid - ok

03:56:37.0015 7628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

03:56:37.0109 7628 MountMgr - ok

03:56:37.0125 7628 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

03:56:37.0218 7628 MPE - ok

03:56:37.0218 7628 mraid35x - ok

03:56:37.0234 7628 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

03:56:37.0343 7628 MRxDAV - ok

03:56:37.0375 7628 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

03:56:37.0421 7628 MRxSmb - ok

03:56:37.0437 7628 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

03:56:37.0531 7628 MSDTC - ok

03:56:37.0531 7628 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

03:56:37.0609 7628 Msfs - ok

03:56:37.0609 7628 MSIServer - ok

03:56:37.0625 7628 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

03:56:37.0703 7628 MSKSSRV - ok

03:56:37.0718 7628 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

03:56:37.0812 7628 MSPCLOCK - ok

03:56:37.0812 7628 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

03:56:37.0890 7628 MSPQM - ok

03:56:37.0937 7628 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

03:56:38.0000 7628 mssmbios - ok

03:56:38.0093 7628 MSSQL$SQLEXPRESS - ok

03:56:38.0109 7628 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

03:56:38.0140 7628 MSSQLServerADHelper - ok

03:56:38.0156 7628 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

03:56:38.0234 7628 MSTEE - ok

03:56:38.0437 7628 msvsmon90 (e514d0493c272aecbac7c6c1dac635d1) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe

03:56:38.0562 7628 msvsmon90 - ok

03:56:38.0671 7628 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

03:56:38.0703 7628 MTsensor - ok

03:56:38.0750 7628 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

03:56:38.0828 7628 Mup - ok

03:56:38.0843 7628 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

03:56:38.0953 7628 NABTSFEC - ok

03:56:38.0984 7628 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

03:56:39.0078 7628 napagent - ok

03:56:39.0125 7628 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

03:56:39.0218 7628 NDIS - ok

03:56:39.0234 7628 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

03:56:39.0328 7628 NdisIP - ok

03:56:39.0375 7628 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

03:56:39.0453 7628 NdisTapi - ok

03:56:39.0453 7628 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

03:56:39.0531 7628 Ndisuio - ok

03:56:39.0531 7628 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

03:56:39.0609 7628 NdisWan - ok

03:56:39.0656 7628 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

03:56:39.0687 7628 NDProxy - ok

03:56:39.0875 7628 Nero BackItUp Scheduler 4.0 (c7f5c284b6f46fcaf6910ea4e644700b) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

03:56:39.0937 7628 Nero BackItUp Scheduler 4.0 - ok

03:56:39.0953 7628 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

03:56:40.0046 7628 NetBIOS - ok

03:56:40.0078 7628 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

03:56:40.0171 7628 NetBT - ok

03:56:40.0203 7628 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

03:56:40.0281 7628 NetDDE - ok

03:56:40.0281 7628 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

03:56:40.0359 7628 NetDDEdsdm - ok

03:56:40.0390 7628 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

03:56:40.0484 7628 Netlogon - ok

03:56:40.0500 7628 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

03:56:40.0593 7628 Netman - ok

03:56:40.0718 7628 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

03:56:40.0718 7628 NetTcpPortSharing - ok

03:56:40.0765 7628 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

03:56:40.0781 7628 Nla - ok

03:56:40.0796 7628 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

03:56:40.0875 7628 Npfs - ok

03:56:40.0875 7628 npggsvc - ok

03:56:40.0906 7628 npkcmsvc (93b9a6b06c873a425ab18a834cd381d0) C:\WINDOWS\system32\npkcmsvc.exe

03:56:40.0921 7628 npkcmsvc - ok

03:56:40.0968 7628 npkcrypt (08cb29081d252a1f672eed9e18446f99) C:\WINDOWS\system32\npkcrypt.sys

03:56:40.0984 7628 npkcrypt - ok

03:56:41.0000 7628 npkcusb (c0d56b1f64c986ab7ca169a5e7a8ebd8) C:\WINDOWS\system32\npkcusb.sys

03:56:41.0015 7628 npkcusb - ok

03:56:41.0046 7628 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

03:56:41.0156 7628 Ntfs - ok

03:56:41.0187 7628 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

03:56:41.0265 7628 NtLmSsp - ok

03:56:41.0328 7628 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

03:56:41.0468 7628 NtmsSvc - ok

03:56:41.0578 7628 nTuneService - ok

03:56:41.0625 7628 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

03:56:41.0718 7628 Null - ok

03:56:42.0406 7628 nv (7b5a17bd54bb9142843dbe99a1caaed8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

03:56:43.0062 7628 nv - ok

03:56:43.0140 7628 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys

03:56:43.0156 7628 NVR0Dev ( UnsignedFile.Multi.Generic ) - warning

03:56:43.0156 7628 NVR0Dev - detected UnsignedFile.Multi.Generic (1)

03:56:43.0250 7628 NVSvc (5150b108ea88831e1c599603d8b89621) C:\WINDOWS\system32\nvsvc32.exe

03:56:43.0265 7628 NVSvc - ok

03:56:43.0468 7628 nvUpdatusService (83e8ab7bb3c8956c53fec071c94f0bbb) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

03:56:43.0531 7628 nvUpdatusService - ok

03:56:43.0609 7628 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

03:56:43.0703 7628 NwlnkFlt - ok

03:56:43.0718 7628 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

03:56:43.0812 7628 NwlnkFwd - ok

03:56:43.0906 7628 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

03:56:43.0968 7628 odserv - ok

03:56:44.0000 7628 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

03:56:44.0031 7628 ose - ok

03:56:44.0078 7628 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

03:56:44.0171 7628 Parport - ok

03:56:44.0187 7628 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

03:56:44.0265 7628 PartMgr - ok

03:56:44.0296 7628 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

03:56:44.0390 7628 ParVdm - ok

03:56:44.0390 7628 PavProc - ok

03:56:44.0390 7628 PavPrSrv - ok

03:56:44.0421 7628 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

03:56:44.0515 7628 PCI - ok

03:56:44.0515 7628 PCIDump - ok

03:56:44.0531 7628 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

03:56:44.0640 7628 PCIIde - ok

03:56:44.0656 7628 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

03:56:44.0734 7628 Pcmcia - ok

03:56:44.0828 7628 PCToolsSSDMonitorSvc (953615a27d3e873e71320e2fe464049c) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

03:56:44.0875 7628 PCToolsSSDMonitorSvc - ok

03:56:44.0875 7628 PDCOMP - ok

03:56:44.0875 7628 PDFRAME - ok

03:56:44.0875 7628 PDRELI - ok

03:56:44.0875 7628 PDRFRAME - ok

03:56:44.0875 7628 perc2 - ok

03:56:44.0875 7628 perc2hib - ok

03:56:44.0921 7628 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

03:56:44.0937 7628 PlugPlay - ok

03:56:44.0968 7628 PnkBstrA (3a2e85f7d90d15460c337ce80c2e3b29) C:\WINDOWS\system32\PnkBstrA.exe

03:56:44.0984 7628 PnkBstrA - ok

03:56:45.0015 7628 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

03:56:45.0093 7628 PolicyAgent - ok

03:56:45.0093 7628 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

03:56:45.0171 7628 PptpMiniport - ok

03:56:45.0234 7628 Profos - ok

03:56:45.0250 7628 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

03:56:45.0312 7628 ProtectedStorage - ok

03:56:45.0343 7628 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

03:56:45.0437 7628 PSched - ok

03:56:45.0453 7628 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

03:56:45.0546 7628 Ptilink - ok

03:56:45.0578 7628 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

03:56:45.0593 7628 PxHelp20 - ok

03:56:45.0609 7628 ql1080 - ok

03:56:45.0609 7628 Ql10wnt - ok

03:56:45.0609 7628 ql12160 - ok

03:56:45.0609 7628 ql1240 - ok

03:56:45.0609 7628 ql1280 - ok

03:56:45.0625 7628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

03:56:45.0703 7628 RasAcd - ok

03:56:45.0734 7628 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

03:56:45.0828 7628 RasAuto - ok

03:56:45.0843 7628 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

03:56:45.0921 7628 Rasl2tp - ok

03:56:45.0953 7628 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

03:56:46.0046 7628 RasMan - ok

03:56:46.0046 7628 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

03:56:46.0125 7628 RasPppoe - ok

03:56:46.0125 7628 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

03:56:46.0203 7628 Raspti - ok

03:56:46.0218 7628 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

03:56:46.0312 7628 Rdbss - ok

03:56:46.0312 7628 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

03:56:46.0390 7628 RDPCDD - ok

03:56:46.0421 7628 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

03:56:46.0500 7628 rdpdr - ok

03:56:46.0515 7628 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

03:56:46.0609 7628 RDPWD - ok

03:56:46.0625 7628 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

03:56:46.0703 7628 RDSessMgr - ok

03:56:46.0718 7628 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

03:56:46.0796 7628 redbook - ok

03:56:46.0812 7628 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

03:56:46.0890 7628 RemoteAccess - ok

03:56:46.0921 7628 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

03:56:47.0000 7628 RemoteRegistry - ok

03:56:47.0031 7628 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys

03:56:47.0046 7628 Revoflt - ok

03:56:47.0046 7628 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

03:56:47.0125 7628 RpcLocator - ok

03:56:47.0187 7628 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

03:56:47.0203 7628 RpcSs - ok

03:56:47.0234 7628 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys

03:56:47.0265 7628 rspndr ( UnsignedFile.Multi.Generic ) - warning

03:56:47.0265 7628 rspndr - detected UnsignedFile.Multi.Generic (1)

03:56:47.0312 7628 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

03:56:47.0375 7628 RSVP - ok

03:56:47.0390 7628 RTLWUSB - ok

03:56:47.0437 7628 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys

03:56:47.0453 7628 s116bus - ok

03:56:47.0484 7628 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys

03:56:47.0500 7628 s116mdfl - ok

03:56:47.0531 7628 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys

03:56:47.0546 7628 s116mdm - ok

03:56:47.0593 7628 s816bus (8c156e6b568aa927eb5deadeb870bdd2) C:\WINDOWS\system32\DRIVERS\s816bus.sys

03:56:47.0609 7628 s816bus - ok

03:56:47.0640 7628 s816mdfl (d4ed429953a2b8b09c702805813a26c8) C:\WINDOWS\system32\DRIVERS\s816mdfl.sys

03:56:47.0656 7628 s816mdfl - ok

03:56:47.0671 7628 s816mdm (94306f371a6ff8b690bea81157111b3b) C:\WINDOWS\system32\DRIVERS\s816mdm.sys

03:56:47.0687 7628 s816mdm - ok

03:56:47.0703 7628 s816mgmt (fafdd00abad1b6029bf7f4067764ab41) C:\WINDOWS\system32\DRIVERS\s816mgmt.sys

03:56:47.0718 7628 s816mgmt - ok

03:56:47.0750 7628 s816nd5 (fd0d1e39cb22558d79bff59b66a5874a) C:\WINDOWS\system32\DRIVERS\s816nd5.sys

03:56:47.0765 7628 s816nd5 - ok

03:56:47.0781 7628 s816obex (8eacd5e46764463e75f171d9bf305348) C:\WINDOWS\system32\DRIVERS\s816obex.sys

03:56:47.0796 7628 s816obex - ok

03:56:47.0812 7628 s816unic (e2090b041b935430abc8e184b7d6cd75) C:\WINDOWS\system32\DRIVERS\s816unic.sys

03:56:47.0828 7628 s816unic - ok

03:56:47.0875 7628 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

03:56:47.0937 7628 SamSs - ok

03:56:48.0031 7628 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

03:56:48.0046 7628 SASDIFSV - ok

03:56:48.0062 7628 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

03:56:48.0078 7628 SASKUTIL - ok

03:56:48.0203 7628 scan (33695c0f02be88a07a75bc793d616ed0) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll

03:56:48.0234 7628 scan - ok

03:56:48.0296 7628 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

03:56:48.0375 7628 SCardSvr - ok

03:56:48.0406 7628 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

03:56:48.0500 7628 Schedule - ok

03:56:48.0546 7628 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

03:56:48.0609 7628 Secdrv - ok

03:56:48.0625 7628 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

03:56:48.0703 7628 seclogon - ok

03:56:48.0734 7628 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

03:56:48.0812 7628 SENS - ok

03:56:48.0828 7628 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

03:56:48.0906 7628 serenum - ok

03:56:48.0921 7628 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

03:56:49.0000 7628 Serial - ok

03:56:49.0015 7628 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

03:56:49.0109 7628 Sfloppy - ok

03:56:49.0156 7628 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

03:56:49.0265 7628 SharedAccess - ok

03:56:49.0312 7628 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

03:56:49.0312 7628 ShellHWDetection - ok

03:56:49.0312 7628 ShldDrv - ok

03:56:49.0328 7628 Simbad - ok

03:56:49.0359 7628 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

03:56:49.0437 7628 SLIP - ok

03:56:49.0437 7628 Sparrow - ok

03:56:49.0468 7628 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

03:56:49.0531 7628 splitter - ok

03:56:49.0578 7628 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

03:56:49.0593 7628 Spooler - ok

03:56:49.0593 7628 sptd - ok

03:56:49.0781 7628 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

03:56:49.0796 7628 SQLBrowser - ok

03:56:49.0812 7628 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

03:56:49.0828 7628 SQLWriter - ok

03:56:49.0843 7628 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

03:56:49.0921 7628 sr - ok

03:56:49.0937 7628 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

03:56:49.0984 7628 srservice - ok

03:56:50.0015 7628 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

03:56:50.0062 7628 Srv - ok

03:56:50.0093 7628 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

03:56:50.0109 7628 sscdbus - ok

03:56:50.0140 7628 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

03:56:50.0140 7628 sscdmdfl - ok

03:56:50.0171 7628 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

03:56:50.0203 7628 sscdmdm - ok

03:56:50.0218 7628 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

03:56:50.0265 7628 SSDPSRV - ok

03:56:50.0296 7628 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

03:56:50.0390 7628 stisvc - ok

03:56:50.0468 7628 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

03:56:50.0562 7628 streamip - ok

03:56:50.0578 7628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

03:56:50.0671 7628 swenum - ok

03:56:50.0812 7628 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

03:56:50.0843 7628 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

03:56:50.0843 7628 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

03:56:50.0890 7628 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

03:56:50.0968 7628 swmidi - ok

03:56:50.0968 7628 SwPrv - ok

03:56:50.0968 7628 symc810 - ok

03:56:50.0968 7628 symc8xx - ok

03:56:50.0968 7628 sym_hi - ok

03:56:50.0968 7628 sym_u3 - ok

03:56:50.0984 7628 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

03:56:51.0078 7628 sysaudio - ok

03:56:51.0078 7628 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

03:56:51.0156 7628 SysmonLog - ok

03:56:51.0187 7628 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

03:56:51.0265 7628 TapiSrv - ok

03:56:51.0312 7628 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

03:56:51.0328 7628 Tcpip - ok

03:56:51.0343 7628 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

03:56:51.0453 7628 TDPIPE - ok

03:56:51.0468 7628 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

03:56:51.0562 7628 TDTCP - ok

03:56:51.0578 7628 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

03:56:51.0656 7628 TermDD - ok

03:56:51.0687 7628 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

03:56:51.0765 7628 TermService - ok

03:56:51.0796 7628 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

03:56:51.0812 7628 Themes - ok

03:56:51.0859 7628 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

03:56:51.0921 7628 TlntSvr - ok

03:56:51.0921 7628 TosIde - ok

03:56:51.0937 7628 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

03:56:52.0031 7628 TrkWks - ok

03:56:52.0062 7628 TrueSight (b3c9c35dc93563b8d19ad414edf2fc82) c:\windows\system32\drivers\TrueSight.sys

03:56:52.0062 7628 TrueSight ( UnsignedFile.Multi.Generic ) - warning

03:56:52.0062 7628 TrueSight - detected UnsignedFile.Multi.Generic (1)

03:56:52.0187 7628 Trufos - ok

03:56:52.0203 7628 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

03:56:52.0281 7628 Udfs - ok

03:56:52.0281 7628 ultra - ok

03:56:52.0328 7628 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

03:56:52.0406 7628 Update - ok

03:56:52.0453 7628 Update Server (3cc00597a30b23757aa23cb677918bef) C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe

03:56:52.0484 7628 Update Server - ok

03:56:52.0546 7628 UPDATESRV (6a4b184261a29968b288a93d648dc5a1) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe

03:56:52.0546 7628 UPDATESRV - ok

03:56:52.0609 7628 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

03:56:52.0671 7628 upnphost - ok

03:56:52.0687 7628 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

03:56:52.0765 7628 UPS - ok

03:56:52.0796 7628 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

03:56:52.0890 7628 usbccgp - ok

03:56:52.0921 7628 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

03:56:53.0000 7628 usbehci - ok

03:56:53.0031 7628 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

03:56:53.0125 7628 usbhub - ok

03:56:53.0156 7628 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

03:56:53.0250 7628 usbprint - ok

03:56:53.0281 7628 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

03:56:53.0390 7628 usbscan - ok

03:56:53.0390 7628 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

03:56:53.0484 7628 USBSTOR - ok

03:56:53.0500 7628 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

03:56:53.0578 7628 usbuhci - ok

03:56:53.0593 7628 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

03:56:53.0671 7628 VgaSave - ok

03:56:53.0671 7628 ViaIde - ok

03:56:53.0671 7628 VMnetAdapter - ok

03:56:53.0687 7628 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

03:56:53.0781 7628 VolSnap - ok

03:56:53.0796 7628 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

03:56:53.0843 7628 VSS - ok

03:56:53.0859 7628 VSSERV - ok

03:56:53.0859 7628 vtany - ok

03:56:53.0875 7628 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

03:56:53.0953 7628 W32Time - ok

03:56:53.0968 7628 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

03:56:54.0046 7628 Wanarp - ok

03:56:54.0093 7628 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

03:56:54.0125 7628 Wdf01000 - ok

03:56:54.0125 7628 WDICA - ok

03:56:54.0140 7628 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

03:56:54.0421 7628 wdmaud - ok

03:56:54.0437 7628 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

03:56:54.0531 7628 WebClient - ok

03:56:54.0609 7628 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

03:56:54.0703 7628 winmgmt - ok

03:56:54.0734 7628 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

03:56:54.0765 7628 WmdmPmSN - ok

03:56:54.0812 7628 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

03:56:54.0828 7628 Wmi - ok

03:56:54.0859 7628 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

03:56:54.0953 7628 WmiApSrv - ok

03:56:55.0078 7628 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

03:56:55.0125 7628 WMPNetworkSvc - ok

03:56:55.0312 7628 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

03:56:55.0359 7628 WPFFontCache_v0400 - ok

03:56:55.0453 7628 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

03:56:55.0546 7628 WS2IFSL - ok

03:56:55.0593 7628 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

03:56:55.0671 7628 wscsvc - ok

03:56:55.0718 7628 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

03:56:55.0812 7628 WSTCODEC - ok

03:56:55.0843 7628 wuauserv (b72508649dad03bcb5d708edb1e3e57e) C:\WINDOWS\system32\wuauserv.dll

03:56:55.0843 7628 wuauserv - ok

03:56:55.0890 7628 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

03:56:55.0937 7628 WudfPf - ok

03:56:55.0953 7628 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

03:56:55.0968 7628 WudfRd - ok

03:56:56.0000 7628 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

03:56:56.0015 7628 WudfSvc - ok

03:56:56.0078 7628 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

03:56:56.0156 7628 WZCSVC - ok

03:56:56.0171 7628 XDva190 - ok

03:56:56.0171 7628 XDva275 - ok

03:56:56.0171 7628 XDva279 - ok

03:56:56.0171 7628 XDva288 - ok

03:56:56.0171 7628 XDva351 - ok

03:56:56.0171 7628 XDva380 - ok

03:56:56.0187 7628 XDva385 - ok

03:56:56.0187 7628 XDva387 - ok

03:56:56.0187 7628 XDva389 - ok

03:56:56.0187 7628 XDva391 - ok

03:56:56.0187 7628 XDva392 - ok

03:56:56.0187 7628 XDva393 - ok

03:56:56.0203 7628 XDva394 - ok

03:56:56.0203 7628 xhunter1 - ok

03:56:56.0234 7628 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

03:56:56.0328 7628 xmlprov - ok

03:56:56.0359 7628 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

03:56:56.0687 7628 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

03:56:56.0687 7628 \Device\Harddisk0\DR0 - detected TDSS File System (1)

03:56:56.0687 7628 Boot (0x1200) (fda853b3cbc4c69a37ac98933a59178c) \Device\Harddisk0\DR0\Partition0

03:56:56.0718 7628 \Device\Harddisk0\DR0\Partition0 - ok

03:56:56.0718 7628 ============================================================

03:56:56.0718 7628 Scan finished

03:56:56.0718 7628 ============================================================

03:56:56.0828 5596 Detected object count: 24

03:56:56.0828 5596 Actual detected object count: 24

03:57:51.0812 5596 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:51.0812 5596 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:51.0812 5596 CardBusService ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:51.0812 5596 CardBusService ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:51.0859 5596 C:\WINDOWS\system32\DRIVERS\disk.sys - copied to quarantine

03:57:51.0906 5596 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

03:57:51.0906 5596 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine

03:57:51.0906 5596 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine

03:57:51.0906 5596 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine

03:57:51.0906 5596 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine

03:57:51.0921 5596 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine

03:57:53.0015 5596 Backup copy not found, trying to cure infected file..

03:57:53.0015 5596 Cure success, using it..

03:57:53.0046 5596 C:\WINDOWS\system32\DRIVERS\disk.sys - will be cured on reboot

03:57:53.0046 5596 Disk ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure

03:57:53.0046 5596 DrvAgent32 ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0046 5596 DrvAgent32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0046 5596 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0046 5596 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0046 5596 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0046 5596 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0046 5596 GEMC001 ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0046 5596 GEMC001 ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0046 5596 GEMC002 ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0046 5596 GEMC002 ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0046 5596 GEMC003 ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0046 5596 GEMC003 ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0046 5596 GEMC004 ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0046 5596 GEMC004 ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0046 5596 GEMC005 ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0046 5596 GEMC005 ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0046 5596 GEMC007 ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0046 5596 GEMC007 ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0046 5596 GEMC009 ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0046 5596 GEMC009 ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0046 5596 GEMC011 ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0046 5596 GEMC011 ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0062 5596 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0062 5596 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0062 5596 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0062 5596 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0062 5596 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0062 5596 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0062 5596 kbdcap ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0062 5596 kbdcap ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0062 5596 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0062 5596 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0062 5596 NVR0Dev ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0062 5596 NVR0Dev ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0062 5596 rspndr ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0062 5596 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0062 5596 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0062 5596 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0062 5596 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user

03:57:53.0062 5596 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:57:53.0062 5596 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

03:57:53.0062 5596 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

03:58:50.0125 5728 Deinitialize success

-----------------------------------------------------------------------

Malwarebytes:

Možnosti pregleda onemogočene: P2P

Scanned files: 306867

Pretečen čas: 11 minut, 55 sekund

Odkritih spominskih procesov: 0

(Ni bilo najdenih zlonamernih objektov)

Odkritih spominskih modulov: 0

(Ni bilo najdenih zlonamernih objektov)

Odkritih ključev registra: 0

(Ni bilo najdenih zlonamernih objektov)

Odkritih vrednosti registra: 0

(Ni bilo najdenih zlonamernih objektov)

Odkritih vnosov v register: 0

(Ni bilo najdenih zlonamernih objektov)

Odkritih map: 0

(Ni bilo najdenih zlonamernih objektov)

Detected files: 1

C:\Documents and Settings\Silvo\My Documents\Downloads\SoftonicDownloader_for_vlc-media-player.exe (PUP.ToolbarDownloader) -> sent to karantene and successfully deleted,

(The end)

I translated the important parts to english.

------------------------------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33

Run by Silvo at 4:48:49 on 2012-06-21

Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2363 [GMT -7:00]

.

AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: AVG Firewall *Disabled*

.

============== Running Processes ===============

.

C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\npkcmsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = about:blank