[A] AVG detects a Trojan in system file; "smb.sys" causing Windows Update to fail

Inactive
By Romeo J. Chacon
Oct 21, 2012
Topic Status:
Not open for further replies.
  1. Hi, I'm new and I apologize If I'm posting this in the wrong section by AVG has been acting up lately as well as my Windows Update. It all started when I downloaded Adobe Flash apparently it was infected because AVG popped up and blocked Adobe Flash. I do recall downloading Adobe Flash from a third party site. Which I regret sincerely. Anyway, my computer is running fine as for now, but knowing that the file is infected is pretty nail biting. I'm also pretty sure that my computer won't install any updates due to a trust issue, most likely because smb.sys is infected or corrupted. The error I get when trying to download the 13 updates is code; "80096001".

    If I can get some help, that would mean a ton! I don't want to lose any files :-(

    Thank you.
  2. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    Note*
    I did uninstall and deleted the infected Adobe Flash then installed Adobe Flash from Adobe.com

    I've tried checking my PC for system errors using the Operating System Disc but found no errors.
    I could have easily used System Restore but I use PC TuneUp 2012 from AVG and I delete the check points
    (hogs too much space)
    Like I've stated in the post above, my computer is running normal, it just wont install any updates and AVG keeps saying "smb.sys" is infected.

    Thanks again.
  3. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  4. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    I will complete those steps then post my logs.
  5. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    Here is the log from Malwarebytes Anti-Malware

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.10.21.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Romeo Jr Chacon :: STUDIO [administrator]

    Protection: Enabled

    10/21/2012 1:56:44 PM
    mbam-log-2012-10-21 (13-56-44).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 213236
    Time elapsed: 3 minute(s), 37 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  6. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    You stated to keep you updated during this whole process, well during the process of Malwarebytes AVG popped up an infection; "Trojan horse ZeroAcess.IH" in the same system file "smb.sys"
  7. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    Here is the log from GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-10-21 14:13:16
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000058 WDC_WD75 rev.15.0
    Running: kvtt4i8r.exe; Driver: C:\Users\ROMEOJ~1\AppData\Local\Temp\pxldypob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----
  8. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    OTL.txt and Extras.txt

    DDS (Ver_2012-10-19.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by Romeo Jr Chacon at 14:18:41 on 2012-10-21
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1919.708 [GMT -7:00]
    .
    AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\AVG\AVG2013\avgfws.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\System32\notepad.exe
    C:\Program Files\AVG\AVG2013\avgcfgex.exe
    C:\Program Files\AVG\AVG2013\avgidsagent.exe
    C:\Program Files\AVG\AVG2013\avgemcx.exe
    C:\Program Files\AVG\AVG2013\avgnsx.exe
    C:\Program Files\AVG\AVG2013\avgrsx.exe
    C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    C:\Users\Romeo Jr Chacon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Romeo Jr Chacon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Romeo Jr Chacon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Romeo Jr Chacon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    C:\Users\Romeo Jr Chacon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Romeo Jr Chacon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Romeo Jr Chacon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uProxyServer = hxxp=;ftp=;https=;
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
    uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
    uRunOnce: [RegistryDefrag Success Message] "c:\program files\avg\avg pc tuneup\TUMessages.exe" /RegDefrag_Success
    mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
    mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-552 reva\wirelesscm.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    LSP: mswsock.dll
    TCP: NameServer = 10.0.1.1
    TCP: Interfaces\{17E46C3E-7A0A-4CF5-8FC9-85632F7B64BF} : DHCPNameServer = 10.0.1.1
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - LocalServer32 - <no file>
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    IFEO: acrord32.exe - "c:\program files\avg\avg pc tuneup\TUAutoReactivator32.exe"
    IFEO: autoupdate-windows.exe - "c:\program files\avg\avg pc tuneup\TUAutoReactivator32.exe"
    IFEO: avic.exe - "c:\program files\avg\avg pc tuneup\TUAutoReactivator32.exe"
    IFEO: minicalc.exe - "c:\program files\avg\avg pc tuneup\TUAutoReactivator32.exe"
    IFEO: miniconvert.exe - "c:\program files\avg\avg pc tuneup\TUAutoReactivator32.exe"
    .
    Note: multiple IFEO entries found. Please refer to Attach.txt
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-21 55008]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 93536]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
    R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 50296]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-9-13 177504]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
    R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-9-25 20384]
    R2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2012-10-2 1314720]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-10-2 5783672]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-2 193568]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-21 399432]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-21 676936]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-9-25 1258856]
    R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2012-8-23 1532280]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-21 22856]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2012-7-4 10088]
    R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2012-9-29 16640]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-10-11 250808]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2012-9-26 79360]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\d-link\dwa-552 reva\jswpsapi.exe [2012-9-25 954368]
    S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    .
    =============== Created Last 30 ================
    .
    2012-10-21 20:55:35--------d-----w-c:\users\romeo jr chacon\appdata\roaming\Malwarebytes
    2012-10-21 20:55:27--------d-----w-c:\programdata\Malwarebytes
    2012-10-21 20:55:2622856----a-w-c:\windows\system32\drivers\mbam.sys
    2012-10-21 20:55:26--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-10-21 07:20:4532120----a-w-c:\windows\system32\TURegOpt.exe
    2012-10-21 07:20:4321880----a-w-c:\windows\system32\authuitu.dll
    2012-10-21 02:31:19--------d-----w-c:\users\romeo jr chacon\appdata\roaming\TS3Client
    2012-10-21 02:30:58--------d-----w-c:\users\romeo jr chacon\appdata\local\TeamSpeak 3 Client
    2012-10-16 19:46:09--------d-----w-c:\windows\system32\catroot2
    2012-10-15 18:17:40--------d-----w-c:\users\romeo jr chacon\appdata\roaming\SUPERAntiSpyware.com
    2012-10-14 01:31:09--------d-----w-c:\users\romeo jr chacon\appdata\local\Skymonk2
    2012-10-12 04:13:1873656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-12 04:13:18696760----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-10-12 03:27:54--------d-----w-c:\users\romeo jr chacon\appdata\local\NPE
    2012-10-12 03:27:54--------d-----w-c:\programdata\Norton
    2012-10-11 03:36:232557288----a-w-c:\windows\system32\nvsvcr.dll
    2012-10-11 03:32:566127464----a-w-c:\windows\system32\nvopencl.dll
    2012-10-11 03:32:562574696----a-w-c:\windows\system32\nvcuvid.dll
    2012-10-11 03:32:5619906920----a-w-c:\windows\system32\nvoglv32.dll
    2012-10-11 03:32:5610837352----a-w-c:\windows\system32\drivers\nvlddmkm.sys
    2012-10-11 03:32:541867112----a-w-c:\windows\system32\nvcuvenc.dll
    2012-10-11 03:32:537697768----a-w-c:\windows\system32\nvcuda.dll
    2012-10-11 03:32:5017559912----a-w-c:\windows\system32\nvcompiler.dll
    2012-10-10 17:48:062048----a-w-c:\windows\system32\tzres.dll
    2012-10-10 17:48:03985088----a-w-c:\windows\system32\crypt32.dll
    2012-10-10 17:48:0398304----a-w-c:\windows\system32\cryptnet.dll
    2012-10-10 17:48:03133120----a-w-c:\windows\system32\cryptsvc.dll
    2012-10-10 17:48:01172544----a-w-c:\windows\system32\wintrust.dll
    2012-10-10 17:48:003602816----a-w-c:\windows\system32\ntkrnlpa.exe
    2012-10-10 17:48:003550080----a-w-c:\windows\system32\ntoskrnl.exe
    2012-10-09 19:49:42--------d-----w-c:\programdata\stw-audio
    2012-10-07 23:56:41--------d-----w-c:\users\romeo jr chacon\appdata\roaming\tiger-k
    2012-10-07 23:56:40--------d-----w-c:\users\romeo jr chacon\appdata\roaming\Leawo
    2012-10-07 23:56:40--------d-----w-c:\programdata\Leawo
    2012-10-07 23:56:08175616----a-w-c:\windows\system32\unrar.dll
    2012-10-05 03:07:01--------d-----w-c:\program files\Novation
    2012-10-04 23:35:30--------d-----w-c:\users\romeo jr chacon\appdata\roaming\iZotope
    2012-10-03 22:21:29--------d-----w-c:\program files\Rob Papen
    2012-10-02 10:30:38159712----a-w-c:\windows\system32\drivers\avgldx86.sys
    2012-10-01 23:22:54--------d-----w-c:\users\romeo jr chacon\appdata\roaming\Thinstall
    2012-10-01 23:22:54--------d-----w-c:\users\romeo jr chacon\appdata\local\Thinstall
    2012-10-01 22:29:35--------d-----w-c:\users\romeo jr chacon\appdata\roaming\Titler
    2012-10-01 22:28:53159744----a-w-c:\program files\internet explorer\plugins\npqtplugin7.dll
    2012-10-01 22:28:53159744----a-w-c:\program files\internet explorer\plugins\npqtplugin6.dll
    2012-10-01 22:28:53159744----a-w-c:\program files\internet explorer\plugins\npqtplugin5.dll
    2012-10-01 22:28:53159744----a-w-c:\program files\internet explorer\plugins\npqtplugin4.dll
    2012-10-01 22:28:53159744----a-w-c:\program files\internet explorer\plugins\npqtplugin3.dll
    2012-10-01 22:28:53159744----a-w-c:\program files\internet explorer\plugins\npqtplugin2.dll
    2012-10-01 22:28:53159744----a-w-c:\program files\internet explorer\plugins\npqtplugin.dll
    2012-10-01 22:26:59--------d-----w-c:\program files\NewBlue
    2012-10-01 22:12:22506824----a-w-c:\windows\system32\prodad-codec.dll
    2012-10-01 22:11:49--------d-----w-c:\users\romeo jr chacon\appdata\roaming\proDAD
    2012-10-01 22:11:46--------d-----w-c:\programdata\proDAD
    2012-10-01 22:11:46--------d-----w-c:\program files\proDAD
    2012-10-01 22:11:3369632----a-w-c:\windows\system32\MtxPreview.dll
    2012-10-01 22:11:3349152----a-w-c:\windows\system32\MtxParhBFXPreview.dll
    2012-10-01 22:11:3349152----a-w-c:\windows\system32\CvoAPI.dll
    2012-10-01 22:11:3345056----a-w-c:\windows\system32\BFXSrcFilter.ax
    2012-10-01 22:11:33237568----a-r-c:\windows\system32\qtmlClient.dll
    2012-10-01 22:11:11--------d-----w-c:\program files\Boris FX, Inc
    2012-10-01 22:10:36733184----a-w-c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
    2012-10-01 22:10:3669715----a-w-c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
    2012-10-01 22:10:365632----a-w-c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
    2012-10-01 22:10:36266240----a-w-c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
    2012-10-01 22:10:36172032----a-w-c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
    2012-10-01 22:10:34303236----a-w-c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
    2012-10-01 22:10:34180356----a-w-c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
    2012-10-01 22:06:35--------d-----w-c:\programdata\eSellerate
    2012-10-01 22:05:55--------d-----w-c:\program files\SmartSound Software
    2012-10-01 22:05:51--------d-----w-c:\programdata\SmartSound Software Inc
    2012-10-01 22:05:13--------d-----w-c:\windows\RegisteredPackages
    2012-10-01 22:04:09--------d-----w-c:\programdata\InterVideo
    2012-10-01 22:04:0577824----a-w-c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
    2012-10-01 22:04:0532768----a-w-c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
    2012-10-01 22:04:05225280----a-w-c:\program files\common files\installshield\iscript\IScript.dll
    2012-10-01 22:04:05212992----a-w-c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
    2012-10-01 22:04:05176128----a-w-c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
    2012-10-01 22:01:37--------d-----w-c:\program files\Windows Media Components
    2012-10-01 21:58:37614532----a-w-c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
    2012-10-01 02:43:37--------d-----w-c:\program files\CCleaner
    2012-09-30 04:47:54--------d-----w-c:\users\romeo jr chacon\appdata\local\Wondershare
    2012-09-30 04:47:53--------d-----w-c:\program files\common files\Wondershare
    2012-09-30 04:47:45--------d-----w-c:\users\romeo jr chacon\appdata\roaming\Wondershare
    2012-09-30 04:46:4416640----a-w-c:\windows\system32\drivers\WsAudioDevice_383.sys
    2012-09-30 04:46:42--------d-----w-c:\program files\Wondershare
    2012-09-30 04:44:111758720----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\engine_vx.dll
    2012-09-30 04:44:0799896----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\~DFK37c542.tmp
    2012-09-30 04:44:0729784----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\qwadjb.dll
    2012-09-30 04:44:0718724----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\bass.dll
    2012-09-30 04:44:0717472----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\rsaadjd.dll
    2012-09-30 04:44:0717472----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\1eaadjc.dll
    2012-09-30 04:44:0716448----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\kfgresk.dll
    2012-09-30 04:44:0714456----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\mjcriu.dll
    2012-09-30 04:44:0712352----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\peaadje.dll
    2012-09-30 04:42:33--------d-----w-c:\users\romeo jr chacon\appdata\roaming\Apowersoft
    2012-09-30 03:52:57--------d-----w-c:\program files\common files\xing shared
    2012-09-28 22:07:592297552----a-w-c:\windows\system32\d3dx9_26.dll
    2012-09-28 22:04:42--------d--h--w-c:\windows\msdownld.tmp
    2012-09-28 22:04:41--------d-----w-c:\windows\system32\directx
    2012-09-28 22:04:36--------d-----w-C:\Games
    2012-09-28 21:38:34491520----a-w-c:\windows\system32\msvcr80.dll
    2012-09-28 21:38:34--------d-----w-c:\program files\LUXONIX
    2012-09-28 21:37:53--------d-----w-C:\Data
    2012-09-28 21:37:522249----a-w-C:\FLVDirect.exe
    2012-09-28 21:33:22--------d-----w-c:\users\romeo jr chacon\appdata\roaming\Azureus
    2012-09-28 21:01:38155648----a-w-c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
    2012-09-28 21:01:37692224----a-w-c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
    2012-09-28 21:01:3757344----a-w-c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
    2012-09-28 21:01:375632----a-w-c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
    2012-09-28 21:01:37237568----a-w-c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
    2012-09-28 21:01:32282756----a-w-c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
    2012-09-28 21:01:32163972----a-w-c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
    2012-09-28 20:55:45--------d-----w-c:\program files\IK Multimedia
    2012-09-28 20:23:02--------d-----w-c:\users\romeo jr chacon\appdata\local\CrashDumps
    2012-09-28 17:38:10--------d-----w-c:\programdata\Protexis
    2012-09-28 17:38:09--------d-----w-c:\users\romeo jr chacon\appdata\local\Corel PaintShop Pro
    2012-09-28 17:36:43--------d-----w-c:\programdata\Corel
    2012-09-28 17:36:43--------d-----w-c:\program files\common files\Protexis
    2012-09-28 17:35:44--------d-----w-c:\program files\Corel
    2012-09-28 16:44:01--------d-----w-c:\users\romeo jr chacon\appdata\roaming\NVIDIA
    2012-09-28 16:42:21--------d-----w-c:\programdata\regid.1986-12.com.adobe
    2012-09-28 15:42:21--------d-----w-c:\users\romeo jr chacon\TruePianos Settings
    2012-09-28 14:48:37--------d-----w-c:\program files\Edirol
    2012-09-28 14:12:18--------d-----w-c:\users\romeo jr chacon\appdata\roaming\4Front
    2012-09-28 14:11:05--------d-----w-c:\programdata\4Front
    2012-09-28 14:10:59--------d-----w-c:\program files\TruePianos
    2012-09-28 02:42:091777664----a-w-c:\windows\system32\gdiplus.dll
    2012-09-28 02:42:091060864----a-w-c:\windows\system32\mfc71.dll
    2012-09-28 02:20:22--------d-----w-c:\users\romeo jr chacon\appdata\roaming\Image-Line
    2012-09-27 18:12:41499712----a-w-c:\windows\system32\msvcp71.dll
    2012-09-27 18:12:41348160----a-w-c:\windows\system32\msvcr71.dll
    2012-09-27 17:38:16645632----a-w-c:\windows\system32\xvidcore.dll
    2012-09-27 17:38:16153088----a-w-c:\windows\system32\xvid.ax
    2012-09-27 17:38:15240640----a-w-c:\windows\system32\xvidvfw.dll
    2012-09-27 17:38:09--------d-----w-c:\program files\Xvid
    2012-09-27 17:32:18--------d-----w-c:\users\romeo jr chacon\appdata\local\Apple Computer
    2012-09-27 17:31:5826840----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-27 17:31:13--------d-----w-c:\program files\iPod
    2012-09-27 17:31:11--------d-----w-c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-09-27 17:31:10--------d-----w-c:\program files\iTunes
    2012-09-27 17:22:18--------d-----w-c:\users\romeo jr chacon\appdata\local\Apple
    2012-09-27 17:20:59--------d-----w-c:\program files\Bonjour
    2012-09-27 13:21:10--------d-----w-c:\program files\PlatinumHideIP
    2012-09-27 12:57:04--------d-----w-c:\users\romeo jr chacon\appdata\roaming\PlatinumHideIP
    2012-09-27 12:57:04--------d-----w-c:\programdata\PlatinumHideIP
    2012-09-27 12:56:46--------d-----w-c:\users\romeo jr chacon\appdata\local\APN
    2012-09-27 12:07:43--------d-----w-c:\users\romeo jr chacon\appdata\roaming\PowerISO
    2012-09-27 12:06:22--------d-----w-c:\program files\PowerISO
    2012-09-27 04:00:39--------d-----w-c:\users\romeo jr chacon\appdata\local\Native Instruments
    2012-09-27 03:59:58--------dc-h--w-c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
    2012-09-27 03:59:33--------d-----w-c:\program files\common files\Native Instruments
    2012-09-27 03:59:14--------dc-h--w-c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
    2012-09-27 03:59:11--------d-----w-c:\programdata\Native Instruments
    2012-09-27 03:59:11--------d-----w-c:\program files\Native Instruments
    2012-09-26 20:00:20413696----a-w-c:\windows\system32\wrap_oal.dll
    2012-09-26 20:00:19110592----a-w-c:\windows\system32\OpenAL32.dll
    2012-09-26 20:00:112873820------w-c:\windows\system32\Sens_oal.dll
    2012-09-26 19:59:47--------d-----w-c:\program files\common files\Creative Labs Shared
    2012-09-26 19:16:33--------d-----w-c:\program files\common files\Digidesign
    2012-09-26 14:26:36--------d-----w-c:\program files\common files\reFX
    2012-09-26 13:50:522440704----a-w-c:\windows\system32\SYNSOEMU.DLL
    2012-09-26 11:36:437062----a-w-c:\windows\system32\audiopid.vxd
    2012-09-26 11:36:06647872------w-c:\windows\system32\Mscomct2.ocx
    2012-09-26 11:36:0553248------w-c:\windows\Ctregrun.exe
    2012-09-26 11:35:5090112------w-c:\windows\Updreg.EXE
    2012-09-26 11:33:5045568----a-w-c:\windows\system32\ctppld.dll
    2012-09-26 11:33:41--------d-----w-c:\windows\system32\Data
    2012-09-26 11:32:41--------d-----w-c:\program files\Creative
    2012-09-26 11:26:2969715----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
    2012-09-26 11:26:295632----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
    2012-09-26 11:26:2932768----a-w-c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2012-09-26 11:26:29266240----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
    2012-09-26 11:26:29192512----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
    2012-09-26 11:26:28729088----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
    2012-09-26 11:26:27188548----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
    2012-09-26 11:26:26311428----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
    2012-09-26 11:15:47--------d-----w-c:\users\romeo jr chacon\appdata\local\Adobe
    2012-09-26 11:15:43--------d-----w-c:\program files\ASIO4ALL v2
    2012-09-26 11:15:281431552----a-w-c:\windows\system32\rewire.dll
    2012-09-26 11:15:28--------d-----w-c:\program files\VstPlugins
    2012-09-26 11:15:071554944----a-w-c:\windows\system32\vorbis.acm
    2012-09-26 11:14:57--------d-----w-c:\program files\Outsim
    2012-09-26 11:11:09--------d-----w-c:\program files\Image-Line
    2012-09-26 02:01:42679936----a-w-c:\windows\system32\Fliqlo.scr
    2012-09-26 02:01:42--------d-----w-c:\programdata\Screentime
    2012-09-26 01:59:24--------d-----w-c:\users\romeo jr chacon\appdata\local\Screentime
    2012-09-25 22:54:20--------d-----w-c:\users\romeo jr chacon\appdata\local\WinZip
    2012-09-25 22:43:08--------d-----w-c:\users\romeo jr chacon\appdata\roaming\AVG
    2012-09-25 22:41:45--------d-----w-c:\programdata\AVG
    2012-09-25 22:41:37--------d-sh--w-c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-09-25 22:33:29--------d-----w-c:\users\romeo jr chacon\appdata\roaming\AVG2013
    2012-09-25 22:32:36--------d-----w-c:\users\romeo jr chacon\appdata\roaming\TuneUp Software
    2012-09-25 22:31:36--------d--h--w-C:\$AVG
    2012-09-25 22:31:36--------d-----w-c:\programdata\AVG2013
    2012-09-25 22:29:42--------d-----w-c:\program files\AVG
    2012-09-25 22:27:02--------d--h--w-c:\programdata\Common Files
    2012-09-25 22:27:02--------d-----w-c:\users\romeo jr chacon\appdata\local\MFAData
    2012-09-25 22:27:02--------d-----w-c:\users\romeo jr chacon\appdata\local\Avg2013
    2012-09-25 22:27:02--------d-----w-c:\programdata\MFAData
    2012-09-25 22:22:13--------d-----w-c:\users\romeo jr chacon\FrostWire
    2012-09-25 22:22:09--------d-----w-c:\users\romeo jr chacon\.frostwire5
    2012-09-25 22:21:43--------d-----w-c:\program files\FrostWire 5
    2012-09-25 22:10:29--------d-----w-c:\program files\RocketDock
    2012-09-25 22:07:34645992----a-w-c:\windows\system32\nvvsvc.exe
    2012-09-25 22:07:3462312----a-w-c:\windows\system32\nvshext.dll
    2012-09-25 22:07:343965288----a-w-c:\windows\system32\nvcpl.dll
    2012-09-25 22:07:342853224----a-w-c:\windows\system32\nvsvc.dll
    2012-09-25 22:07:34108392----a-w-c:\windows\system32\nvmctray.dll
    2012-09-25 22:07:17--------d-----w-C:\temp
    2012-09-25 22:05:45888168----a-w-c:\windows\system32\nvdispgenco32.dll
    2012-09-25 22:05:442428776----a-w-c:\windows\system32\nvapi.dll
    2012-09-25 22:05:10--------d-----w-C:\NVIDIA
    2012-09-25 21:59:57821736----a-w-c:\windows\system32\npDeployJava1.dll
    2012-09-25 21:59:57746984----a-w-c:\windows\system32\deployJava1.dll
    2012-09-25 21:59:4593672----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2012-09-25 21:54:52--------d-----w-c:\users\romeo jr chacon\appdata\local\Google
    2012-09-25 21:54:17--------d-----w-c:\users\romeo jr chacon\appdata\local\Deployment
    2012-09-25 21:54:17--------d-----w-c:\users\romeo jr chacon\appdata\local\Apps
    2012-09-25 21:52:23876032----a-w-c:\windows\system32\XpsPrint.dll
    2012-09-25 21:52:231069056----a-w-c:\windows\system32\DWrite.dll
    2012-09-25 21:52:22683008----a-w-c:\windows\system32\d2d1.dll
    2012-09-25 21:52:22219648----a-w-c:\windows\system32\d3d10_1core.dll
    2012-09-25 21:52:22160768----a-w-c:\windows\system32\d3d10_1.dll
    2012-09-25 21:52:221172480----a-w-c:\windows\system32\d3d10warp.dll
    2012-09-25 21:50:24758784----a-w-c:\windows\system32\cohelper.dll
    2012-09-25 21:42:35--------d-----w-c:\program files\Windows Portable Devices
    2012-09-25 21:35:0792672----a-w-c:\windows\system32\UIAnimation.dll
    2012-09-25 21:35:063023360----a-w-c:\windows\system32\UIRibbon.dll
    2012-09-25 21:35:061164800----a-w-c:\windows\system32\UIRibbonRes.dll
    2012-09-25 21:28:265120----a-w-c:\windows\system32\wmi.dll
    2012-09-25 21:28:26157696----a-w-c:\windows\system32\imagehlp.dll
    2012-09-25 21:28:2612800----a-w-c:\windows\system32\drivers\fs_rec.sys
    2012-09-25 21:23:142047488----a-w-c:\windows\system32\win32k.sys
    2012-09-25 21:21:50974848----a-w-c:\windows\system32\WindowsCodecs.dll
    2012-09-25 21:21:50519680----a-w-c:\windows\system32\d3d11.dll
    2012-09-25 21:21:50369664----a-w-c:\windows\system32\WMPhoto.dll
    2012-09-25 21:21:50321024----a-w-c:\windows\system32\PhotoMetadataHandler.dll
    2012-09-25 21:21:50252928----a-w-c:\windows\system32\dxdiag.exe
    2012-09-25 21:21:50195584----a-w-c:\windows\system32\dxdiagn.dll
    2012-09-25 21:21:50189440----a-w-c:\windows\system32\WindowsCodecsExt.dll
    2012-09-25 21:07:32707584----a-w-c:\program files\common files\system\wab32.dll
    2012-09-25 21:07:23563712----a-w-c:\windows\system32\oleaut32.dll
    2012-09-25 21:07:23555520----a-w-c:\windows\system32\UIAutomationCore.dll
    2012-09-25 21:07:234096----a-w-c:\windows\system32\oleaccrc.dll
    2012-09-25 21:07:23238080----a-w-c:\windows\system32\oleacc.dll
    2012-09-25 21:07:14231424----a-w-c:\windows\system32\msshsq.dll
    2012-09-25 21:07:07797696----a-w-c:\windows\system32\FntCache.dll
    2012-09-25 21:07:07288768----a-w-c:\windows\system32\XpsGdiConverter.dll
    2012-09-25 21:05:11613376----a-w-c:\windows\system32\rdpencom.dll
    2012-09-25 20:55:372422272----a-w-c:\windows\system32\wucltux.dll
    2012-09-25 20:55:3088576----a-w-c:\windows\system32\wudriver.dll
    2012-09-25 20:55:2733792----a-w-c:\windows\system32\wuapp.exe
    2012-09-25 20:55:27171904----a-w-c:\windows\system32\wuwebv.dll
    2012-09-25 20:39:33--------d-----w-c:\windows\system32\eu-ES
    2012-09-25 20:39:33--------d-----w-c:\windows\system32\ca-ES
    2012-09-25 20:39:32--------d-----w-c:\windows\system32\vi-VN
    2012-09-25 20:29:59800768----a-w-c:\windows\system32\advapi32.dll
    2012-09-25 20:13:0199176----a-w-c:\windows\system32\PresentationHostProxy.dll
    2012-09-25 20:13:0149472----a-w-c:\windows\system32\netfxperf.dll
    2012-09-25 20:13:01297808----a-w-c:\windows\system32\mscoree.dll
    2012-09-25 20:13:01295264----a-w-c:\windows\system32\PresentationHost.exe
    2012-09-25 20:13:011130824----a-w-c:\windows\system32\dfshim.dll
    2012-09-25 20:12:24411648----a-w-c:\windows\system32\drivers\http.sys
    2012-09-25 20:12:2430720----a-w-c:\windows\system32\httpapi.dll
    2012-09-25 20:12:2424064----a-w-c:\windows\system32\nshhttp.dll
    2012-09-25 20:12:1517920----a-w-c:\windows\system32\netevent.dll
    2012-09-25 20:12:15125952----a-w-c:\windows\system32\srvsvc.dll
    2012-09-25 19:31:36--------d-----w-c:\programdata\NVIDIA Corporation
    2012-09-25 19:31:32--------d-----w-c:\program files\NVIDIA Corporation
    2012-09-25 19:31:01453152----a-w-c:\windows\system32\nvuninst.exe
    2012-09-25 19:31:0111164----a-w-c:\windows\system32\drivers\nvphy.bin
    2012-09-25 19:00:202730536----a-w-c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
    2012-09-25 19:00:166980552----a-w-c:\programdata\microsoft\windows defender\definition updates\{f2cb0bf1-f1f0-41bd-a314-23b860c606e1}\mpengine.dll
    2012-09-25 19:00:15237072------w-c:\windows\system32\MpSigStub.exe
    2012-09-25 18:43:3418904----a-w-c:\windows\system32\StructuredQuerySchemaTrivial.bin
    2012-09-25 18:37:5373728----a-w-c:\windows\system32\CmdRtr.DLL
    2012-09-25 18:37:53166912----a-w-c:\windows\system32\APOMngr.DLL
    2012-09-25 18:33:06--------d-----w-c:\windows\Panther
    2012-09-25 18:32:50--------d-sh--w-C:\Boot
    2012-09-25 18:32:32--------d-----w-c:\windows\system32\OEM
    2012-09-25 18:12:13339968----a-w-c:\program files\windows nt\accessories\wordpad.exe
    2012-09-25 18:12:131316864----a-w-c:\windows\system32\ole32.dll
    2012-09-25 18:12:08105984----a-w-c:\windows\system32\netiohlp.dll
    2012-09-25 18:12:079728----a-w-c:\windows\system32\TCPSVCS.EXE
    2012-09-25 18:12:078704----a-w-c:\windows\system32\HOSTNAME.EXE
    2012-09-25 18:12:0727136----a-w-c:\windows\system32\NETSTAT.EXE
    2012-09-25 18:12:0719968----a-w-c:\windows\system32\ARP.EXE
    2012-09-25 18:12:0717920----a-w-c:\windows\system32\ROUTE.EXE
    2012-09-25 18:12:0711264----a-w-c:\windows\system32\MRINFO.EXE
    2012-09-25 18:12:0710240----a-w-c:\windows\system32\finger.exe
    2012-09-25 18:09:441696256----a-w-c:\windows\system32\gameux.dll
    2012-09-25 18:08:5979872----a-w-c:\windows\system32\drivers\mrxsmb20.sys
    2012-09-25 18:07:57310784----a-w-c:\windows\system32\unregmp2.exe
    2012-09-25 18:07:571418752----a-w-c:\program files\windows media player\setup_wm.exe
    2012-09-25 18:07:1791136----a-w-c:\windows\system32\avifil32.dll
    2012-09-25 18:07:1782944----a-w-c:\windows\system32\mciavi32.dll
    2012-09-25 18:07:1750176----a-w-c:\windows\system32\iyuv_32.dll
    2012-09-25 18:07:1731744----a-w-c:\windows\system32\msvidc32.dll
    2012-09-25 18:07:1722528----a-w-c:\windows\system32\msyuv.dll
    2012-09-25 18:07:1713312----a-w-c:\windows\system32\msrle32.dll
    2012-09-25 18:07:17123904----a-w-c:\windows\system32\msvfw32.dll
    2012-09-25 18:07:1712288----a-w-c:\windows\system32\tsbyuv.dll
    2012-09-25 17:56:27531968----a-w-c:\windows\system32\comctl32.dll
    2012-09-25 17:56:24604672----a-w-c:\windows\system32\WMSPDMOD.DLL
    2012-09-25 17:48:3720384----a-w-c:\windows\system32\drivers\jswpslwf.sys
    2012-09-25 17:48:371214976----a-w-c:\windows\system32\drivers\athr.sys
    2012-09-25 17:48:37--------d-----w-c:\windows\pcidevice
    2012-09-25 17:48:36--------d-----w-c:\program files\D-Link
    2012-09-25 17:46:48--------d-sh--w-c:\windows\Installer
    .
    ==================== Find3M ====================
    .
    2012-10-02 22:20:0015309160----a-w-c:\windows\system32\nvd3dum.dll
    2012-10-02 22:20:001009512----a-w-c:\windows\system32\nvdispco32.dll
    2012-09-25 21:21:514096----a-w-c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
    2012-09-21 10:46:06164832----a-w-c:\windows\system32\drivers\avgtdix.sys
    2012-09-21 10:46:00177376----a-w-c:\windows\system32\drivers\avglogx.sys
    2012-09-21 10:45:5419936----a-w-c:\windows\system32\drivers\avgidsshimx.sys
    2012-09-21 10:45:5255008----a-w-c:\windows\system32\drivers\avgidshx.sys
    2012-09-14 10:05:2035552----a-w-c:\windows\system32\drivers\avgrkx86.sys
    2012-09-13 10:11:20177504----a-w-c:\windows\system32\drivers\avgidsdriverx.sys
    2012-09-04 17:39:3250296----a-w-c:\windows\system32\drivers\avgfwd6x.sys
    2012-08-24 07:57:00113104----a-w-c:\windows\system32\drivers\scdemu.sys
    2012-08-21 20:01:22106928----a-w-c:\windows\system32\GEARAspi.dll
    .
    ============= FINISH: 14:19:15.78 ===============
  9. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/25/2012 10:36:40 AM
    System Uptime: 10/21/2012 1:33:47 PM (1 hours ago)
    .
    Motherboard: Gateway | | MCP61SM2MA
    Processor: AMD Sempron(tm) Processor LE-1250 | Socket AM2 | 2200/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 699 GiB total, 530.66 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP109: 10/21/2012 12:19:47 AM - Installed AVG PC TuneUp
    .
    ==== Image File Execution Options =============
    .
    IFEO: acrord32.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO: autoupdate-windows.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO: avic.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO: minicalc.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO: miniconvert.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO: realconverter.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO: realplay.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO: realtrimmer.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO: rnxproc.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO: setup.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO: statsreader.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO: streamingaudiorecorder.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO: switchboard.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO: unins000.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO: uninstall.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO: wirelesscm.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop CS5.1
    Adobe Reader 9.3
    Apple Application Support
    Apple Software Update
    ASIO4ALL
    AVG 2013
    AVG PC TuneUp
    AVG PC TuneUp Language Pack (en-US)
    Bonjour
    Boris Graffiti for Corel
    CCleaner
    Contents
    Corel KPT Collection
    Corel PaintShop Pro Misc Content
    Corel PaintShop Pro X5
    Corel VideoStudio Ultimate X5
    Creative Audio Control Panel
    Creative Software AutoUpdate
    Creative Sound Blaster Properties
    Creative System Information
    DWA-552
    Edirol HQ Orchestral v1.01
    FL Studio 10
    Fliqlo Screen Saver
    FrostWire 5.4.0
    Google Chrome
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ICA
    IL Download Manager
    IL Shared Libraries
    IPM_PSP_COM
    IPM_VS_Pro
    ISCOM
    iTunes
    Java 7 Update 7
    Java Auto Updater
    Luxonix Purity VSTi v1.1.2
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Miroslav Philharmonik
    Native Instruments B4 II
    Native Instruments Massive
    Native Instruments Service Center
    NewBlue Titler EX for Corel VSX5
    Novation V-Station v1.20-H2O
    NVIDIA Control Panel 306.97
    NVIDIA Drivers
    NVIDIA Graphics Driver 306.97
    NVIDIA Install Application
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    PDF Settings CS5
    Platinum Hide IP
    PowerISO
    proDAD Mercalli 2.0
    proDAD Route 4.0
    proDAD Vitascene 2.0
    PSPPContent
    PSPPHelp
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    reFX Nexus VSTi RTAS v2.2.0
    reFX Vanguard 1.7.2
    Rob Papen Albino 3
    RocketDock 1.3.5
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Windows Media Encoder (KB2447961)
    Setup
    Share
    SmartSound Common Data
    SmartSound Quicktracks 5
    Sound Blaster Audigy
    TeamSpeak 3 Client
    Tone2 Gladiator VSTi v2.2
    TruePianos 1.5.0
    TruePianos: Amber Module 1.4.0
    TruePianos: Diamond Module 1.4.0
    TruePianos: Emerald Module 1.4.0
    TruePianos: Sapphire Module 1.4.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VSClassic
    VSHelp
    VSUltimate
    Windows Media Encoder 9 Series
    WinZip 16.5
    Wondershare Streaming Audio Recorder(Build 2.0.3.3)
    World of Tanks
    Xvid Video Codec
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/21/2012 1:35:47 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    10/21/2012 1:35:47 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    .
    ==== End Of File ===========================
  10. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    • Malwarebytes Anti-Malware log
    • GMER log
    • DDS logs: both DDS.txt and Attach.txt
  11. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  12. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    Here is TDSSKiller report

    14:52:07.0167 1360 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    14:52:07.0610 1360 Current date / time: 2012/10/21 14:52:07.0610
    14:52:07.0610 1360 SystemInfo:
    14:52:07.0610 1360
    14:52:07.0610 1360 OS Version: 6.0.6002 ServicePack: 2.0
    14:52:07.0610 1360 Product type: Workstation
    14:52:07.0610 1360 ComputerName: STUDIO
    14:52:07.0611 1360 UserName: Romeo Jr Chacon
    14:52:07.0611 1360 Windows directory: C:\Windows
    14:52:07.0611 1360 System windows directory: C:\Windows
    14:52:07.0611 1360 Processor architecture: Intel x86
    14:52:07.0611 1360 Number of processors: 1
    14:52:07.0611 1360 Page size: 0x1000
    14:52:07.0611 1360 Boot type: Normal boot
    14:52:07.0996 1360 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    14:52:07.0998 1360 \Device\Harddisk0\DR0:
    14:52:07.0998 1360 MBR partitions:
    14:52:07.0998 1360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
    14:52:08.0014 1360 C: <-> \Device\Harddisk0\DR0\Partition1
    14:52:08.0014 1360 Initialize success
    14:52:10.0690 6972 Scan started
    14:52:10.0690 6972 Mode: Manual;
    14:52:10.0856 6972 ================ Scan system memory ========================
    14:52:10.0856 6972 System memory - ok
    14:52:10.0859 6972 ================ Scan services =============================
    14:52:11.0022 6972 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
    14:52:11.0025 6972 ACPI - ok
    14:52:11.0083 6972 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    14:52:11.0085 6972 AdobeFlashPlayerUpdateSvc - ok
    14:52:11.0140 6972 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    14:52:11.0144 6972 adp94xx - ok
    14:52:11.0168 6972 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
    14:52:11.0173 6972 adpahci - ok
    14:52:11.0187 6972 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    14:52:11.0188 6972 adpu160m - ok
    14:52:11.0212 6972 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    14:52:11.0214 6972 adpu320 - ok
    14:52:11.0242 6972 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    14:52:11.0243 6972 AeLookupSvc - ok
    14:52:11.0283 6972 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
    14:52:11.0285 6972 AFD - ok
    14:52:11.0305 6972 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
    14:52:11.0306 6972 agp440 - ok
    14:52:11.0317 6972 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    14:52:11.0319 6972 aic78xx - ok
    14:52:11.0334 6972 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
    14:52:11.0335 6972 ALG - ok
    14:52:11.0353 6972 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
    14:52:11.0354 6972 aliide - ok
    14:52:11.0372 6972 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    14:52:11.0373 6972 amdagp - ok
    14:52:11.0410 6972 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
    14:52:11.0411 6972 amdide - ok
    14:52:11.0427 6972 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    14:52:11.0428 6972 AmdK7 - ok
    14:52:11.0442 6972 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    14:52:11.0444 6972 AmdK8 - ok
    14:52:11.0488 6972 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
    14:52:11.0489 6972 Appinfo - ok
    14:52:11.0508 6972 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
    14:52:11.0510 6972 arc - ok
    14:52:11.0544 6972 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    14:52:11.0547 6972 arcsas - ok
    14:52:11.0580 6972 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    14:52:11.0581 6972 AsyncMac - ok
    14:52:11.0612 6972 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
    14:52:11.0613 6972 atapi - ok
    14:52:11.0681 6972 [ 69660AF85F35A658D258FC8567318328 ] athr C:\Windows\system32\DRIVERS\athr.sys
    14:52:11.0690 6972 athr - ok
    14:52:11.0760 6972 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    14:52:11.0764 6972 AudioEndpointBuilder - ok
    14:52:11.0788 6972 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
    14:52:11.0791 6972 Audiosrv - ok
    14:52:11.0861 6972 [ 0FE7773CD592DAE0CA994BA987F44E85 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6x.sys
    14:52:11.0862 6972 Avgfwfd - ok
    14:52:11.0933 6972 [ 2E0DB82F4254FF91E153F331BA9B2D6E ] avgfws C:\Program Files\AVG\AVG2013\avgfws.exe
    14:52:11.0943 6972 avgfws - ok
    14:52:12.0076 6972 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
    14:52:12.0117 6972 AVGIDSAgent - ok
    14:52:12.0160 6972 [ 2F47851015D8837976E481F6DAA46A67 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
    14:52:12.0162 6972 AVGIDSDriver - ok
    14:52:12.0180 6972 [ 303BDE0DCDC04CE597C6C1CD06C6F186 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
    14:52:12.0181 6972 AVGIDSHX - ok
    14:52:12.0201 6972 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
    14:52:12.0202 6972 AVGIDSShim - ok
    14:52:12.0233 6972 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
    14:52:12.0235 6972 Avgldx86 - ok
    14:52:12.0258 6972 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
    14:52:12.0260 6972 Avglogx - ok
    14:52:12.0289 6972 [ 6DF7236D3A16C8417FF72F2EB2ADD244 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
    14:52:12.0290 6972 Avgmfx86 - ok
    14:52:12.0307 6972 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
    14:52:12.0309 6972 Avgrkx86 - ok
    14:52:12.0351 6972 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
    14:52:12.0353 6972 Avgtdix - ok
    14:52:12.0387 6972 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    14:52:12.0389 6972 avgwd - ok
    14:52:12.0441 6972 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
    14:52:12.0441 6972 Beep - ok
    14:52:12.0509 6972 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
    14:52:12.0516 6972 BITS - ok
    14:52:12.0548 6972 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    14:52:12.0549 6972 blbdrive - ok
    14:52:12.0633 6972 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    14:52:12.0636 6972 Bonjour Service - ok
    14:52:12.0695 6972 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    14:52:12.0697 6972 bowser - ok
    14:52:12.0725 6972 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    14:52:12.0726 6972 BrFiltLo - ok
    14:52:12.0757 6972 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    14:52:12.0757 6972 BrFiltUp - ok
    14:52:12.0783 6972 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
    14:52:12.0785 6972 Browser - ok
    14:52:12.0810 6972 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
    14:52:12.0811 6972 Brserid - ok
    14:52:12.0834 6972 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    14:52:12.0835 6972 BrSerWdm - ok
    14:52:12.0860 6972 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    14:52:12.0861 6972 BrUsbMdm - ok
    14:52:12.0884 6972 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    14:52:12.0885 6972 BrUsbSer - ok
    14:52:12.0915 6972 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    14:52:12.0916 6972 BTHMODEM - ok
    14:52:12.0957 6972 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    14:52:12.0958 6972 cdfs - ok
    14:52:13.0004 6972 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    14:52:13.0005 6972 cdrom - ok
    14:52:13.0064 6972 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
    14:52:13.0065 6972 CertPropSvc - ok
    14:52:13.0092 6972 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
    14:52:13.0096 6972 circlass - ok
    14:52:13.0145 6972 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
    14:52:13.0149 6972 CLFS - ok
    14:52:13.0221 6972 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    14:52:13.0222 6972 clr_optimization_v2.0.50727_32 - ok
    14:52:13.0266 6972 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    14:52:13.0268 6972 clr_optimization_v4.0.30319_32 - ok
    14:52:13.0300 6972 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    14:52:13.0301 6972 cmdide - ok
    14:52:13.0329 6972 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    14:52:13.0330 6972 Compbatt - ok
    14:52:13.0346 6972 COMSysApp - ok
    14:52:13.0378 6972 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    14:52:13.0380 6972 crcdisk - ok
    14:52:13.0423 6972 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    14:52:13.0424 6972 Creative Audio Engine Licensing Service - ok
    14:52:13.0444 6972 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    14:52:13.0451 6972 Crusoe - ok
    14:52:13.0502 6972 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    14:52:13.0504 6972 CryptSvc - ok
    14:52:13.0544 6972 [ 69CDBA2B9C397E349A04FA70DD9170A2 ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    14:52:13.0550 6972 CTAudSvcService - ok
    14:52:13.0597 6972 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
    14:52:13.0604 6972 DcomLaunch - ok
    14:52:13.0624 6972 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    14:52:13.0626 6972 DfsC - ok
    14:52:13.0693 6972 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
    14:52:13.0708 6972 DFSR - ok
    14:52:13.0965 6972 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    14:52:13.0967 6972 Dhcp - ok
    14:52:13.0992 6972 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
    14:52:13.0993 6972 disk - ok
    14:52:14.0027 6972 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
    14:52:14.0029 6972 Dnscache - ok
    14:52:14.0063 6972 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
    14:52:14.0067 6972 dot3svc - ok
    14:52:14.0091 6972 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
    14:52:14.0094 6972 DPS - ok
    14:52:14.0131 6972 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    14:52:14.0132 6972 drmkaud - ok
    14:52:14.0176 6972 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    14:52:14.0183 6972 DXGKrnl - ok
    14:52:14.0209 6972 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    14:52:14.0211 6972 E1G60 - ok
    14:52:14.0233 6972 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
    14:52:14.0236 6972 EapHost - ok
    14:52:14.0281 6972 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
    14:52:14.0285 6972 Ecache - ok
    14:52:14.0314 6972 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    14:52:14.0319 6972 elxstor - ok
    14:52:14.0362 6972 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    14:52:14.0369 6972 EMDMgmt - ok
    14:52:14.0407 6972 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    14:52:14.0408 6972 ErrDev - ok
    14:52:14.0457 6972 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
    14:52:14.0462 6972 EventSystem - ok
    14:52:14.0505 6972 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
    14:52:14.0508 6972 exfat - ok
    14:52:14.0543 6972 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    14:52:14.0544 6972 fastfat - ok
    14:52:14.0575 6972 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    14:52:14.0576 6972 fdc - ok
    14:52:14.0611 6972 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
    14:52:14.0612 6972 fdPHost - ok
    14:52:14.0631 6972 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
    14:52:14.0633 6972 FDResPub - ok
    14:52:14.0654 6972 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    14:52:14.0656 6972 FileInfo - ok
    14:52:14.0693 6972 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    14:52:14.0695 6972 Filetrace - ok
    14:52:14.0715 6972 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    14:52:14.0716 6972 flpydisk - ok
    14:52:14.0744 6972 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    14:52:14.0746 6972 FltMgr - ok
    14:52:14.0791 6972 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
    14:52:14.0798 6972 FontCache - ok
    14:52:14.0837 6972 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    14:52:14.0838 6972 FontCache3.0.0.0 - ok
    14:52:14.0872 6972 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    14:52:14.0873 6972 Fs_Rec - ok
    14:52:14.0899 6972 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    14:52:14.0900 6972 gagp30kx - ok
    14:52:14.0937 6972 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    14:52:14.0939 6972 GEARAspiWDM - ok
    14:52:14.0967 6972 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
    14:52:14.0973 6972 gpsvc - ok
    14:52:15.0014 6972 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    14:52:15.0019 6972 HdAudAddService - ok
    14:52:15.0056 6972 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    14:52:15.0067 6972 HDAudBus - ok
    14:52:15.0092 6972 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
    14:52:15.0094 6972 HidBth - ok
    14:52:15.0112 6972 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
    14:52:15.0114 6972 HidIr - ok
    14:52:15.0134 6972 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
    14:52:15.0136 6972 hidserv - ok
    14:52:15.0157 6972 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    14:52:15.0159 6972 HidUsb - ok
    14:52:15.0189 6972 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
    14:52:15.0198 6972 hkmsvc - ok
    14:52:15.0228 6972 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    14:52:15.0229 6972 HpCISSs - ok
    14:52:15.0263 6972 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    14:52:15.0277 6972 HTTP - ok
    14:52:15.0300 6972 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    14:52:15.0302 6972 i2omp - ok
    14:52:15.0340 6972 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    14:52:15.0342 6972 i8042prt - ok
    14:52:15.0366 6972 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    14:52:15.0392 6972 iaStorV - ok
    14:52:15.0465 6972 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    14:52:15.0485 6972 idsvc - ok
    14:52:15.0502 6972 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    14:52:15.0504 6972 iirsp - ok
    14:52:15.0543 6972 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
    14:52:15.0552 6972 IKEEXT - ok
    14:52:15.0588 6972 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
    14:52:15.0590 6972 intelide - ok
    14:52:15.0613 6972 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    14:52:15.0614 6972 intelppm - ok
    14:52:15.0653 6972 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    14:52:15.0656 6972 IPBusEnum - ok
    14:52:15.0684 6972 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:52:15.0687 6972 IpFilterDriver - ok
    14:52:15.0698 6972 IpInIp - ok
    14:52:15.0738 6972 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    14:52:15.0741 6972 IPMIDRV - ok
    14:52:15.0769 6972 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    14:52:15.0772 6972 IPNAT - ok
    14:52:15.0814 6972 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    14:52:15.0820 6972 iPod Service - ok
    14:52:15.0853 6972 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    14:52:15.0854 6972 IRENUM - ok
    14:52:15.0875 6972 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    14:52:15.0877 6972 isapnp - ok
    14:52:15.0906 6972 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    14:52:15.0909 6972 iScsiPrt - ok
    14:52:15.0932 6972 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    14:52:15.0934 6972 iteatapi - ok
    14:52:15.0950 6972 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
    14:52:15.0953 6972 iteraid - ok
    14:52:16.0003 6972 [ CD9F4E53DA79ED4CD7562604FE9523A6 ] jswpsapi C:\Program Files\D-Link\DWA-552 revA\jswpsapi.exe
    14:52:16.0028 6972 jswpsapi - ok
    14:52:16.0062 6972 [ 55C9B4252B751226B838EED2BC50BB64 ] jswpslwf C:\Windows\system32\DRIVERS\jswpslwf.sys
    14:52:16.0064 6972 jswpslwf - ok
    14:52:16.0081 6972 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    14:52:16.0083 6972 kbdclass - ok
    14:52:16.0123 6972 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    14:52:16.0125 6972 kbdhid - ok
    14:52:16.0154 6972 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
    14:52:16.0156 6972 KeyIso - ok
    14:52:16.0179 6972 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    14:52:16.0188 6972 KSecDD - ok
    14:52:16.0244 6972 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
    14:52:16.0253 6972 KtmRm - ok
    14:52:16.0288 6972 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
    14:52:16.0293 6972 LanmanServer - ok
    14:52:16.0327 6972 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    14:52:16.0333 6972 LanmanWorkstation - ok
    14:52:16.0357 6972 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    14:52:16.0359 6972 lltdio - ok
    14:52:16.0391 6972 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    14:52:16.0397 6972 lltdsvc - ok
    14:52:16.0415 6972 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
    14:52:16.0418 6972 lmhosts - ok
    14:52:16.0445 6972 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    14:52:16.0448 6972 LSI_FC - ok
    14:52:16.0488 6972 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    14:52:16.0491 6972 LSI_SAS - ok
    14:52:16.0523 6972 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    14:52:16.0526 6972 LSI_SCSI - ok
    14:52:16.0553 6972 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
    14:52:16.0556 6972 luafv - ok
    14:52:16.0606 6972 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    14:52:16.0609 6972 MBAMProtector - ok
    14:52:16.0663 6972 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    14:52:16.0667 6972 MBAMScheduler - ok
    14:52:16.0695 6972 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    14:52:16.0709 6972 MBAMService - ok
    14:52:16.0756 6972 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
    14:52:16.0757 6972 megasas - ok
    14:52:16.0810 6972 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
    14:52:16.0814 6972 MegaSR - ok
    14:52:16.0836 6972 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
    14:52:16.0839 6972 MMCSS - ok
    14:52:16.0867 6972 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
    14:52:16.0868 6972 Modem - ok
    14:52:16.0893 6972 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    14:52:16.0902 6972 monitor - ok
    14:52:16.0932 6972 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    14:52:16.0934 6972 mouclass - ok
    14:52:16.0955 6972 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    14:52:16.0957 6972 mouhid - ok
    14:52:16.0983 6972 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    14:52:16.0985 6972 MountMgr - ok
    14:52:17.0010 6972 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
    14:52:17.0013 6972 mpio - ok
    14:52:17.0033 6972 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    14:52:17.0036 6972 mpsdrv - ok
    14:52:17.0059 6972 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    14:52:17.0061 6972 Mraid35x - ok
    14:52:17.0101 6972 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    14:52:17.0104 6972 MRxDAV - ok
    14:52:17.0147 6972 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:52:17.0150 6972 mrxsmb - ok
    14:52:17.0174 6972 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:52:17.0179 6972 mrxsmb10 - ok
    14:52:17.0192 6972 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:52:17.0195 6972 mrxsmb20 - ok
    14:52:17.0216 6972 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
    14:52:17.0219 6972 msahci - ok
    14:52:17.0239 6972 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    14:52:17.0248 6972 msdsm - ok
    14:52:17.0280 6972 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
    14:52:17.0285 6972 MSDTC - ok
    14:52:17.0315 6972 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    14:52:17.0324 6972 Msfs - ok
    14:52:17.0336 6972 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    14:52:17.0338 6972 msisadrv - ok
    14:52:17.0371 6972 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    14:52:17.0375 6972 MSiSCSI - ok
    14:52:17.0388 6972 msiserver - ok
    14:52:17.0421 6972 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    14:52:17.0424 6972 MSKSSRV - ok
    14:52:17.0457 6972 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    14:52:17.0460 6972 MSPCLOCK - ok
    14:52:17.0479 6972 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    14:52:17.0481 6972 MSPQM - ok
    14:52:17.0511 6972 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    14:52:17.0517 6972 MsRPC - ok
    14:52:17.0564 6972 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    14:52:17.0566 6972 mssmbios - ok
    14:52:17.0582 6972 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    14:52:17.0590 6972 MSTEE - ok
    14:52:17.0620 6972 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
    14:52:17.0622 6972 Mup - ok
    14:52:17.0648 6972 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
    14:52:17.0657 6972 napagent - ok
    14:52:17.0679 6972 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    14:52:17.0683 6972 NativeWifiP - ok
    14:52:17.0709 6972 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
    14:52:17.0719 6972 NDIS - ok
    14:52:17.0746 6972 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    14:52:17.0752 6972 NdisTapi - ok
    14:52:17.0775 6972 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    14:52:17.0777 6972 Ndisuio - ok
    14:52:17.0795 6972 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    14:52:17.0799 6972 NdisWan - ok
    14:52:17.0824 6972 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    14:52:17.0827 6972 NDProxy - ok
    14:52:17.0859 6972 [ 30EEB75EA6DD31CD813AE0500284455C ] NetBIOS
  13. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    Continue...

    C:\Windows\system32\DRIVERS\netbios.sys
    14:52:17.0861 6972 NetBIOS - ok
    14:52:17.0891 6972 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    14:52:17.0895 6972 netbt - ok
    14:52:17.0912 6972 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
    14:52:17.0914 6972 Netlogon - ok
    14:52:17.0943 6972 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
    14:52:17.0951 6972 Netman - ok
    14:52:17.0980 6972 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
    14:52:17.0988 6972 netprofm - ok
    14:52:18.0009 6972 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    14:52:18.0012 6972 NetTcpPortSharing - ok
    14:52:18.0034 6972 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    14:52:18.0036 6972 nfrd960 - ok
    14:52:18.0063 6972 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
    14:52:18.0069 6972 NlaSvc - ok
    14:52:18.0085 6972 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    14:52:18.0087 6972 Npfs - ok
    14:52:18.0104 6972 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
    14:52:18.0107 6972 nsi - ok
    14:52:18.0125 6972 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    14:52:18.0127 6972 nsiproxy - ok
    14:52:18.0175 6972 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    14:52:18.0193 6972 Ntfs - ok
    14:52:18.0217 6972 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
    14:52:18.0225 6972 ntrigdigi - ok
    14:52:18.0247 6972 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
    14:52:18.0248 6972 Null - ok
    14:52:18.0295 6972 [ 1EFEC38A852AB35883BFFF3427B92B3F ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
    14:52:18.0301 6972 NVENETFD - ok
    14:52:18.0527 6972 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    14:52:18.0732 6972 nvlddmkm - ok
    14:52:18.0767 6972 [ 1EFEC38A852AB35883BFFF3427B92B3F ] NVNET C:\Windows\system32\DRIVERS\nvmfdx32.sys
    14:52:18.0770 6972 NVNET - ok
    14:52:18.0797 6972 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    14:52:18.0800 6972 nvraid - ok
    14:52:18.0826 6972 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    14:52:18.0828 6972 nvstor - ok
    14:52:18.0855 6972 [ DC5F166422BEEBF195E3E4BB8AB4EE22 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
    14:52:18.0858 6972 nvstor32 - ok
    14:52:18.0891 6972 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe
    14:52:18.0904 6972 nvsvc - ok
    14:52:18.0971 6972 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    14:52:18.0999 6972 nvUpdatusService - ok
    14:52:19.0029 6972 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    14:52:19.0033 6972 nv_agp - ok
    14:52:19.0045 6972 NwlnkFlt - ok
    14:52:19.0057 6972 NwlnkFwd - ok
    14:52:19.0097 6972 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    14:52:19.0099 6972 ohci1394 - ok
    14:52:19.0145 6972 [ F2519D547A6AC2AFE0DF0DC826A085A7 ] P17 C:\Windows\system32\drivers\P17.sys
    14:52:19.0175 6972 P17 - ok
    14:52:19.0250 6972 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    14:52:19.0263 6972 p2pimsvc - ok
    14:52:19.0292 6972 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
    14:52:19.0299 6972 p2psvc - ok
    14:52:19.0328 6972 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    14:52:19.0331 6972 Parport - ok
    14:52:19.0361 6972 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    14:52:19.0363 6972 partmgr - ok
    14:52:19.0385 6972 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
    14:52:19.0386 6972 Parvdm - ok
    14:52:19.0419 6972 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
    14:52:19.0424 6972 PcaSvc - ok
    14:52:19.0445 6972 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
    14:52:19.0449 6972 pci - ok
    14:52:19.0465 6972 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
    14:52:19.0466 6972 pciide - ok
    14:52:19.0504 6972 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    14:52:19.0520 6972 pcmcia - ok
    14:52:19.0566 6972 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    14:52:19.0599 6972 PEAUTH - ok
    14:52:19.0736 6972 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
    14:52:19.0765 6972 pla - ok
    14:52:19.0853 6972 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    14:52:19.0866 6972 PlugPlay - ok
    14:52:19.0888 6972 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    14:52:19.0894 6972 PNRPAutoReg - ok
    14:52:19.0915 6972 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    14:52:19.0921 6972 PNRPsvc - ok
    14:52:20.0000 6972 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    14:52:20.0015 6972 PolicyAgent - ok
    14:52:20.0048 6972 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    14:52:20.0050 6972 PptpMiniport - ok
    14:52:20.0077 6972 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
    14:52:20.0090 6972 Processor - ok
    14:52:20.0121 6972 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
    14:52:20.0126 6972 ProfSvc - ok
    14:52:20.0146 6972 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
    14:52:20.0147 6972 ProtectedStorage - ok
    14:52:20.0183 6972 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    14:52:20.0184 6972 PSched - ok
    14:52:20.0232 6972 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    14:52:20.0235 6972 PSI_SVC_2 - ok
    14:52:20.0442 6972 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    14:52:20.0467 6972 ql2300 - ok
    14:52:20.0492 6972 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    14:52:20.0495 6972 ql40xx - ok
    14:52:20.0530 6972 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
    14:52:20.0540 6972 QWAVE - ok
    14:52:20.0566 6972 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    14:52:20.0568 6972 QWAVEdrv - ok
    14:52:20.0584 6972 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    14:52:20.0586 6972 RasAcd - ok
    14:52:20.0615 6972 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
    14:52:20.0624 6972 RasAuto - ok
    14:52:20.0648 6972 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:52:20.0651 6972 Rasl2tp - ok
    14:52:20.0682 6972 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
    14:52:20.0690 6972 RasMan - ok
    14:52:20.0714 6972 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    14:52:20.0717 6972 RasPppoe - ok
    14:52:20.0812 6972 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    14:52:20.0834 6972 RasSstp - ok
    14:52:20.0859 6972 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    14:52:20.0864 6972 rdbss - ok
    14:52:20.0880 6972 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:52:20.0881 6972 RDPCDD - ok
    14:52:20.0943 6972 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    14:52:20.0949 6972 rdpdr - ok
    14:52:20.0961 6972 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    14:52:20.0962 6972 RDPENCDD - ok
    14:52:21.0011 6972 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    14:52:21.0016 6972 RDPWD - ok
    14:52:21.0043 6972 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
    14:52:21.0046 6972 RemoteAccess - ok
    14:52:21.0088 6972 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
    14:52:21.0098 6972 RemoteRegistry - ok
    14:52:21.0121 6972 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
    14:52:21.0123 6972 RpcLocator - ok
    14:52:21.0155 6972 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
    14:52:21.0162 6972 RpcSs - ok
    14:52:21.0178 6972 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    14:52:21.0181 6972 rspndr - ok
    14:52:21.0204 6972 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
    14:52:21.0206 6972 SamSs - ok
    14:52:21.0249 6972 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    14:52:21.0252 6972 sbp2port - ok
    14:52:21.0284 6972 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    14:52:21.0288 6972 SCardSvr - ok
    14:52:21.0323 6972 [ BC7C602A9202429D37CCD07E7EBB6404 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
    14:52:21.0327 6972 SCDEmu - ok
    14:52:21.0364 6972 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
    14:52:21.0390 6972 Schedule - ok
    14:52:21.0406 6972 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
    14:52:21.0407 6972 SCPolicySvc - ok
    14:52:21.0442 6972 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    14:52:21.0448 6972 SDRSVC - ok
    14:52:21.0469 6972 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    14:52:21.0470 6972 secdrv - ok
    14:52:21.0483 6972 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
    14:52:21.0486 6972 seclogon - ok
    14:52:21.0509 6972 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
    14:52:21.0513 6972 SENS - ok
    14:52:21.0538 6972 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    14:52:21.0540 6972 Serenum - ok
    14:52:21.0568 6972 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    14:52:21.0569 6972 Serial - ok
    14:52:21.0593 6972 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    14:52:21.0595 6972 sermouse - ok
    14:52:21.0654 6972 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
    14:52:21.0658 6972 SessionEnv - ok
    14:52:21.0675 6972 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    14:52:21.0677 6972 sffdisk - ok
    14:52:21.0694 6972 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    14:52:21.0695 6972 sffp_mmc - ok
    14:52:21.0716 6972 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    14:52:21.0717 6972 sffp_sd - ok
    14:52:21.0741 6972 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    14:52:21.0743 6972 sfloppy - ok
    14:52:21.0786 6972 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    14:52:21.0793 6972 ShellHWDetection - ok
    14:52:21.0812 6972 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    14:52:21.0813 6972 sisagp - ok
    14:52:21.0834 6972 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    14:52:21.0836 6972 SiSRaid2 - ok
    14:52:21.0859 6972 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    14:52:21.0863 6972 SiSRaid4 - ok
    14:52:21.0962 6972 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
    14:52:22.0040 6972 slsvc - ok
    14:52:22.0074 6972 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
    14:52:22.0079 6972 SLUINotify - ok
    14:52:22.0111 6972 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    14:52:22.0115 6972 SNMPTRAP - ok
    14:52:22.0138 6972 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
    14:52:22.0140 6972 spldr - ok
    14:52:22.0177 6972 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
    14:52:22.0182 6972 Spooler - ok
    14:52:22.0203 6972 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
    14:52:22.0218 6972 srv - ok
    14:52:22.0237 6972 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    14:52:22.0239 6972 srv2 - ok
    14:52:22.0254 6972 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    14:52:22.0255 6972 srvnet - ok
    14:52:22.0270 6972 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    14:52:22.0275 6972 SSDPSRV - ok
    14:52:22.0307 6972 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    14:52:22.0312 6972 SstpSvc - ok
    14:52:22.0357 6972 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
    14:52:22.0368 6972 stisvc - ok
    14:52:22.0383 6972 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    14:52:22.0385 6972 swenum - ok
    14:52:22.0459 6972 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    14:52:22.0469 6972 SwitchBoard - ok
    14:52:22.0500 6972 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
    14:52:22.0518 6972 swprv - ok
    14:52:22.0540 6972 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    14:52:22.0541 6972 Symc8xx - ok
    14:52:22.0564 6972 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    14:52:22.0566 6972 Sym_hi - ok
    14:52:22.0590 6972 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    14:52:22.0591 6972 Sym_u3 - ok
    14:52:22.0623 6972 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
    14:52:22.0648 6972 SysMain - ok
    14:52:22.0679 6972 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
    14:52:22.0683 6972 TabletInputService - ok
    14:52:22.0709 6972 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
    14:52:22.0717 6972 TapiSrv - ok
    14:52:22.0736 6972 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
    14:52:22.0740 6972 TBS - ok
    14:52:22.0780 6972 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    14:52:22.0788 6972 Tcpip - ok
    14:52:22.0928 6972 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    14:52:22.0937 6972 Tcpip6 - ok
    14:52:22.0965 6972 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    14:52:22.0967 6972 tcpipreg - ok
    14:52:22.0995 6972 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    14:52:22.0998 6972 TDPIPE - ok
    14:52:23.0019 6972 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    14:52:23.0020 6972 TDTCP - ok
    14:52:23.0051 6972 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    14:52:23.0053 6972 tdx - ok
    14:52:23.0089 6972 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    14:52:23.0092 6972 TermDD - ok
    14:52:23.0114 6972 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
    14:52:23.0124 6972 TermService - ok
    14:52:23.0163 6972 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
    14:52:23.0167 6972 Themes - ok
    14:52:23.0186 6972 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
    14:52:23.0189 6972 THREADORDER - ok
    14:52:23.0218 6972 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
    14:52:23.0222 6972 TrkWks - ok
    14:52:23.0267 6972 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    14:52:23.0269 6972 TrustedInstaller - ok
    14:52:23.0310 6972 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:52:23.0312 6972 tssecsrv - ok
    14:52:23.0405 6972 [ 9DF6AD6FC51A802808621CBFB2A88453 ] TuneUp.UtilitiesSvc C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    14:52:23.0435 6972 TuneUp.UtilitiesSvc - ok
    14:52:23.0478 6972 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys
    14:52:23.0480 6972 TuneUpUtilitiesDrv - ok
    14:52:23.0501 6972 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    14:52:23.0503 6972 tunmp - ok
    14:52:23.0523 6972 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    14:52:23.0525 6972 tunnel - ok
    14:52:23.0555 6972 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    14:52:23.0557 6972 uagp35 - ok
    14:52:23.0580 6972 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    14:52:23.0585 6972 udfs - ok
    14:52:23.0638 6972 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    14:52:23.0642 6972 UI0Detect - ok
    14:52:23.0668 6972 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    14:52:23.0671 6972 uliagpkx - ok
    14:52:23.0697 6972 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
    14:52:23.0703 6972 uliahci - ok
    14:52:23.0731 6972 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
    14:52:23.0732 6972 UlSata - ok
    14:52:23.0759 6972 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    14:52:23.0763 6972 ulsata2 - ok
    14:52:23.0788 6972 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    14:52:23.0790 6972 umbus - ok
    14:52:23.0816 6972 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
    14:52:23.0826 6972 upnphost - ok
    14:52:23.0991 6972 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    14:52:23.0994 6972 usbaudio - ok
    14:52:24.0048 6972 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    14:52:24.0051 6972 usbccgp - ok
    14:52:24.0078 6972 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    14:52:24.0080 6972 usbcir - ok
    14:52:24.0129 6972 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    14:52:24.0131 6972 usbehci - ok
    14:52:24.0162 6972 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    14:52:24.0167 6972 usbhub - ok
    14:52:24.0189 6972 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    14:52:24.0190 6972 usbohci - ok
    14:52:24.0218 6972 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
    14:52:24.0220 6972 usbprint - ok
    14:52:24.0232 6972 USBSTOR - ok
    14:52:24.0257 6972 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    14:52:24.0259 6972 usbuhci - ok
    14:52:24.0296 6972 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
    14:52:24.0300 6972 UxSms - ok
    14:52:24.0329 6972 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
    14:52:24.0340 6972 vds - ok
    14:52:24.0365 6972 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    14:52:24.0367 6972 vga - ok
    14:52:24.0392 6972 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
    14:52:24.0394 6972 VgaSave - ok
    14:52:24.0419 6972 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
    14:52:24.0421 6972 viaagp - ok
    14:52:24.0435 6972 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    14:52:24.0437 6972 ViaC7 - ok
    14:52:24.0484 6972 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
    14:52:24.0486 6972 viaide - ok
    14:52:24.0517 6972 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    14:52:24.0521 6972 volmgr - ok
    14:52:24.0544 6972 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    14:52:24.0550 6972 volmgrx - ok
    14:52:24.0571 6972 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    14:52:24.0574 6972 volsnap - ok
    14:52:24.0604 6972 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    14:52:24.0608 6972 vsmraid - ok

    14:52:24.0645 6972 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
    14:52:24.0662 6972 VSS - ok
    14:52:24.0694 6972 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
    14:52:24.0702 6972 W32Time - ok
    14:52:24.0735 6972 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    14:52:24.0737 6972 WacomPen - ok
    14:52:24.0761 6972 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    14:52:24.0763 6972 Wanarp - ok
    14:52:24.0774 6972 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    14:52:24.0776 6972 Wanarpv6 - ok
    14:52:24.0806 6972 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
    14:52:24.0816 6972 wcncsvc - ok
    14:52:24.0844 6972 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    14:52:24.0847 6972 WcsPlugInService - ok
    14:52:24.0888 6972 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
    14:52:24.0890 6972 Wd - ok
    14:52:24.0921 6972 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    14:52:24.0931 6972 Wdf01000 - ok
    14:52:24.0977 6972 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    14:52:24.0982 6972 WdiServiceHost - ok
    14:52:24.0993 6972 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    14:52:24.0996 6972 WdiSystemHost - ok
    14:52:25.0024 6972 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
    14:52:25.0030 6972 WebClient - ok
    14:52:25.0066 6972 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
    14:52:25.0071 6972 Wecsvc - ok
    14:52:25.0093 6972 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    14:52:25.0109 6972 wercplsupport - ok
    14:52:25.0140 6972 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
    14:52:25.0146 6972 WerSvc - ok
    14:52:25.0165 6972 WinHttpAutoProxySvc - ok
    14:52:25.0208 6972 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    14:52:25.0212 6972 Winmgmt - ok
    14:52:25.0261 6972 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
    14:52:25.0298 6972 WinRM - ok
    14:52:25.0352 6972 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
    14:52:25.0365 6972 Wlansvc - ok
    14:52:25.0399 6972 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    14:52:25.0401 6972 WmiAcpi - ok
    14:52:25.0447 6972 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    14:52:25.0449 6972 wmiApSrv - ok
    14:52:25.0511 6972 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    14:52:25.0538 6972 WMPNetworkSvc - ok
    14:52:25.0593 6972 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    14:52:25.0599 6972 WPCSvc - ok
    14:52:25.0636 6972 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    14:52:25.0640 6972 WPDBusEnum - ok
    14:52:25.0709 6972 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    14:52:25.0724 6972 WPFFontCache_v0400 - ok
    14:52:25.0777 6972 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    14:52:25.0779 6972 ws2ifsl - ok
    14:52:25.0807 6972 [ 85ECE26F326C2D07BA77A60343468272 ] WsAudioDevice_383 C:\Windows\system32\drivers\WsAudioDevice_383.sys
    14:52:25.0808 6972 WsAudioDevice_383 - ok
    14:52:25.0827 6972 WSearch - ok
    14:52:25.0937 6972 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    14:52:25.0973 6972 wuauserv - ok
    14:52:26.0011 6972 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    14:52:26.0015 6972 wudfsvc - ok
    14:52:26.0045 6972 ================ Scan global ===============================
    14:52:26.0081 6972 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
    14:52:26.0103 6972 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    14:52:26.0145 6972 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    14:52:26.0179 6972 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
    14:52:26.0187 6972 [Global] - ok
    14:52:26.0191 6972 ================ Scan MBR ==================================
    14:52:26.0206 6972 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    14:52:26.0494 6972 \Device\Harddisk0\DR0 - ok
    14:52:26.0498 6972 ================ Scan VBR ==================================
    14:52:26.0503 6972 [ C016A6110B272F528262C3F0D4BDAF7B ] \Device\Harddisk0\DR0\Partition1
    14:52:26.0504 6972 \Device\Harddisk0\DR0\Partition1 - ok
    14:52:26.0509 6972 Scan finished
    14:52:26.0532 6504 Detected object count: 0
    14:52:26.0532 6504 Actual detected object count: 0
  14. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    RogueKiller Report [2]

    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Romeo Jr Chacon [Admin rights]
    Mode : Remove -- Date : 10/21/2012 14:59:44

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [RUN][BLPATH] HKUS\S-1-5-21-2321283058-4084574830-2792957718-1001[...]\RunOnce : InetReg ("C:\Program Files\Creative\Product Registration\English\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6) -> DELETED
    [TASK][SUSP PATH] D-Link DWA-552 Registration (Romeo Jr Chacon) : C:\Users\Romeo Jr Chacon\AppData\Roaming\Leadertech\PowerRegister\D-Link DWA-552 Registration.exe /remind /language=EN /MODL="DWA-552" /PRNM="D-Link" -> DELETED
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> NOT REMOVED, USE PROXYFIX
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD75 00AALX-009BA SCSI Disk Device +++++
    --- User ---
    [MBR] 16fb39c88763325f8d88b8bb8f9eeeb5
    [BSP] 9485f3f0722d824e3c70893d78e100f8 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 715402 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  15. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    RogueKiller Report [1]

    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Romeo Jr Chacon [Admin rights]
    Mode : Scan -- Date : 10/21/2012 14:58:40
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 7 ¤¤¤
    [RUN][BLPATH] HKUS\S-1-5-21-2321283058-4084574830-2792957718-1001[...]\RunOnce : InetReg ("C:\Program Files\Creative\Product Registration\English\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6) -> FOUND
    [TASK][SUSP PATH] D-Link DWA-552 Registration (Romeo Jr Chacon) : C:\Users\Romeo Jr Chacon\AppData\Roaming\Leadertech\PowerRegister\D-Link DWA-552 Registration.exe /remind /language=EN /MODL="DWA-552" /PRNM="D-Link" -> FOUND
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD75 00AALX-009BA SCSI Disk Device +++++
    --- User ---
    [MBR] 16fb39c88763325f8d88b8bb8f9eeeb5
    [BSP] 9485f3f0722d824e3c70893d78e100f8 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 715402 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
  16. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    aswMBR log

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-21 15:06:43
    -----------------------------
    15:06:43.944 OS Version: Windows 6.0.6002 Service Pack 2
    15:06:43.945 Number of processors: 1 586 0x7F02
    15:06:43.946 ComputerName: STUDIO UserName:
    15:06:45.716 Initialize success
    15:10:57.293 AVAST engine defs: 12102101
    15:11:03.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
    15:11:03.942 Disk 0 Vendor: WDC_WD75 15.0 Size: 715404MB BusType: 6
    15:11:03.951 Disk 0 MBR read successfully
    15:11:03.956 Disk 0 MBR scan
    15:11:03.962 Disk 0 Windows VISTA default MBR code
    15:11:03.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715402 MB offset 2048
    15:11:04.015 Disk 0 scanning sectors +1465145344
    15:11:04.122 Disk 0 scanning C:\Windows\system32\drivers
    15:11:12.955 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Sirefef-AMS [Rtk]
    15:11:16.518 Disk 0 trace - called modules:
    15:11:16.534 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
    15:11:16.539 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a37a28]
    15:11:16.546 3 CLASSPNP.SYS[875a38b3] -> nt!IofCallDriver -> [0x83b90aa0]
    15:11:16.562 5 acpi.sys[8060f6bc] -> nt!IofCallDriver -> \Device\00000058[0x83b8aa88]
    15:11:18.112 AVAST engine scan C:\Windows
    15:11:21.294 AVAST engine scan C:\Windows\system32
    15:14:57.262 AVAST engine scan C:\Windows\system32\drivers
    15:15:06.426 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Sirefef-AMS [Rtk]
    15:15:10.430 AVAST engine scan C:\Users\Romeo Jr Chacon
    15:28:38.631 Disk 0 MBR has been saved successfully to "C:\Users\Romeo Jr Chacon\Desktop\MBR.dat"
    15:28:38.633 The log file has been saved successfully to "C:\Users\Romeo Jr Chacon\Desktop\aswMBR.txt"
  17. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  18. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    Not sure If this is the right log

    ComboFix 12-10-21.02 - Romeo Jr Chacon 10/21/2012 20:21:31.1.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1919.1148 [GMT -7:00]
    Running from: C:\Users\Romeo Jr Chacon\Desktop\ComboFix.exe
    AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
  19. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    It's incomplete.
    Did you uninstall AVG as my instructions say?
    If so, re-run Combofix.

    If you receive similar short log.

  20. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    Sorry, I didn't uninstall AVG. I read "temporarily disable it" but I will uninstall it right now.
    Combofix ran smoothly. Ones I uninstall AVG do I run Combofix again?

    It did detect the Rootkit..
  21. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    You have to read my instructions more carefully:
    Yes.
  22. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    Thanks for your patience, I'll post the new log after its completed.
  23. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    I tried uninstalling AVG using both the Appremover and the basic "remove programs"
    now I'm getting an error when trying to uninstall it. here is one out of a few other logs

    === Verbose logging started: 10/21/2012 21:21:05 Build type: SHIP UNICODE 4.05.6002.00 Calling process: C:\Users\ROMEOJ~1\AppData\Local\Temp\7zS52D0.tmp\avgmfapx.exe ===
    MSI (c) (38:48) [21:21:05:816]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\ProgramData\MFAData\pack\AVGx86.msi' against software restriction policy
    MSI (c) (38:48) [21:21:05:816]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\MFAData\pack\AVGx86.msi has a digital signature
    MSI (c) (38:48) [21:21:06:003]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\MFAData\pack\AVGx86.msi is permitted to run at the 'unrestricted' authorization level.
    MSI (c) (38:48) [21:21:06:003]: Failed to connect to server. Error: 0x800401F0

    MSI (c) (38:48) [21:21:06:019]: End dialog not enabled
    MSI (c) (38:48) [21:21:06:019]: Original package ==> C:\ProgramData\MFAData\pack\AVGx86.msi
    MSI (c) (38:48) [21:21:06:019]: Package we're running from ==> C:\ProgramData\MFAData\pack\AVGx86.msi
    MSI (c) (38:48) [21:21:06:019]: APPCOMPAT: looking for appcompat database entry with ProductCode '{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}'.
    MSI (c) (38:48) [21:21:06:019]: APPCOMPAT: no matching ProductCode found in database.
    MSI (c) (38:48) [21:21:06:034]: MSCOREE not loaded loading copy from system32
    MSI (c) (38:48) [21:21:06:034]: Machine policy value 'DisablePatch' is 0
    MSI (c) (38:48) [21:21:06:034]: Machine policy value 'AllowLockdownPatch' is 0
    MSI (c) (38:48) [21:21:06:034]: Machine policy value 'DisableLUAPatching' is 0
    MSI (c) (38:48) [21:21:06:034]: Machine policy value 'DisableFlyWeightPatching' is 0
    MSI (c) (38:48) [21:21:06:034]: APPCOMPAT: looking for appcompat database entry with ProductCode '{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}'.
    MSI (c) (38:48) [21:21:06:034]: APPCOMPAT: no matching ProductCode found in database.
    MSI (c) (38:48) [21:21:06:034]: Transforms are not secure.
    MSI (c) (38:48) [21:21:06:034]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\Romeo Jr Chacon\AppData\Local\MFAData\logs\msi-20121022-042057.log'.
    MSI (c) (38:48) [21:21:06:034]: No Command Line.
    MSI (c) (38:48) [21:21:06:034]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{038CDECC-53CA-49AA-B8EF-DF555DDF9B72}'.
    MSI (c) (38:48) [21:21:06:034]: Product Code passed to Engine.Initialize: '(none)'
    MSI (c) (38:48) [21:21:06:034]: Product Code from property table before transforms: '{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}'
    MSI (c) (38:48) [21:21:06:034]: Product Code from property table after transforms: '{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}'
    MSI (c) (38:48) [21:21:06:034]: Product registered: entering maintenance mode
    MSI (c) (38:48) [21:21:06:034]: PROPERTY CHANGE: Adding ProductState property. Its value is '5'.
    MSI (c) (38:48) [21:21:06:034]: PROPERTY CHANGE: Adding ProductToBeRegistered property. Its value is '1'.
    MSI (c) (38:48) [21:21:06:034]: Entering CMsiConfigurationManager::SetLastUsedSource.
    MSI (c) (38:48) [21:21:06:034]: Specifed source is not already in a list.
    MSI (c) (38:48) [21:21:06:034]: User policy value 'SearchOrder' is 'nmu'
    MSI (c) (38:48) [21:21:06:034]: Machine policy value 'DisableBrowse' is 0
    MSI (c) (38:48) [21:21:06:034]: Machine policy value 'AllowLockdownBrowse' is 0
    MSI (c) (38:48) [21:21:06:034]: Adding new sources is allowed.
    MSI (c) (38:48) [21:21:06:034]: Package name retrieved from configuration data: 'Avgx86.msi'
    MSI (c) (38:48) [21:21:06:034]: Determined that existing product (either this product or the product being upgraded with a patch) is installed per-machine.
    MSI (c) (38:48) [21:21:06:034]: Note: 1: 2262 2: AdminProperties 3: -2147287038
    MSI (c) (38:48) [21:21:06:034]: Machine policy value 'DisableMsi' is 0
    MSI (c) (38:48) [21:21:06:034]: Machine policy value 'AlwaysInstallElevated' is 0
    MSI (c) (38:48) [21:21:06:034]: User policy value 'AlwaysInstallElevated' is 0
    MSI (c) (38:48) [21:21:06:034]: Product {013C4AC1-64FB-46EA-9320-D34CEB65BDBC} is admin assigned: LocalSystem owns the publish key.
    MSI (c) (38:48) [21:21:06:034]: Product {013C4AC1-64FB-46EA-9320-D34CEB65BDBC} is managed.
    MSI (c) (38:48) [21:21:06:034]: Running product '{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}' with elevated privileges: Product is assigned.
    MSI (c) (38:48) [21:21:06:034]: TRANSFORMS property is now:
    MSI (c) (38:48) [21:21:06:034]: PROPERTY CHANGE: Adding PRODUCTLANGUAGE property. Its value is '1033'.
    MSI (c) (38:48) [21:21:06:034]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '300'.
    MSI (c) (38:48) [21:21:06:034]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming
    MSI (c) (38:48) [21:21:06:034]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\Favorites
    MSI (c) (38:48) [21:21:06:034]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\Network Shortcuts
    MSI (c) (38:48) [21:21:06:034]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\Documents
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\Recent
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\SendTo
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\Templates
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\ProgramData
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Local
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\Pictures
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\Start Menu
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\Desktop
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
    MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Windows\Fonts
    MSI (c) (38:48) [21:21:06:050]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
    MSI (c) (38:48) [21:21:06:050]: MSI_LUA: Setting AdminUser property to 1 because this is the client or the user has already permitted elevation
    MSI (c) (38:48) [21:21:06:050]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.
    MSI (c) (38:48) [21:21:06:050]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.
    MSI (c) (38:48) [21:21:06:050]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
    MSI (c) (38:48) [21:21:06:050]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
    MSI (c) (38:48) [21:21:06:050]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Romeo Jr Chacon'.
    MSI (c) (38:48) [21:21:06:050]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
    MSI (c) (38:48) [21:21:06:050]: PROPERTY CHANGE: Adding Installed property. Its value is '00:00:00'.
    MSI (c) (38:48) [21:21:06:050]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\ProgramData\MFAData\pack\AVGx86.msi'.
    MSI (c) (38:48) [21:21:06:050]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\ProgramData\MFAData\pack\AVGx86.msi'.
    MSI (c) (38:48) [21:21:06:050]: Machine policy value 'MsiDisableEmbeddedUI' is 0
    MSI (c) (38:48) [21:21:06:050]: EEUI - Disabling MsiEmbeddedUI due to existing external or embedded UI
    MSI (c) (38:48) [21:21:06:050]: EEUI - Disabling MsiEmbeddedUI in quiet mode
    === Logging started: 10/21/2012 21:21:06 ===
    MSI (c) (38:48) [21:21:06:065]: Note: 1: 2205 2: 3: PatchPackage
    MSI (c) (38:48) [21:21:06:065]: Machine policy value 'DisableRollback' is 0
    MSI (c) (38:48) [21:21:06:065]: User policy value 'DisableRollback' is 0
    MSI (c) (38:48) [21:21:06:065]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
    MSI (c) (38:48) [21:21:06:065]: MsiOpenPackageEx is returning 0
    MSI (c) (38:48) [21:21:06:065]: MsiOpenPackage is returning 0
    MSI (c) (38:48) [21:21:06:065]: PROPERTY CHANGE: Modifying UIBYMFA property. Its current value is '0'. Its new value: '1'.
    MSI (c) (38:48) [21:21:06:065]: PROPERTY CHANGE: Modifying PRODTYPE property. Its current value is 'AVG'. Its new value: 'IS'.
    MSI (c) (38:48) [21:21:06:065]: Doing action: FatalError
    Action 21:21:06: FatalError.
    Action start 21:21:06: FatalError.
    Action ended 21:21:06: FatalError. Return value 0.
    MSI (c) (38:48) [21:21:06:065]: Doing action: UserExit
    Action 21:21:06: UserExit.
    Action start 21:21:06: UserExit.
    Action ended 21:21:06: UserExit. Return value 0.
    MSI (c) (38:48) [21:21:06:065]: Doing action: ExitDialog
    Action 21:21:06: ExitDialog.
    Action start 21:21:06: ExitDialog.
    Action ended 21:21:06: ExitDialog. Return value 0.
    MSI (c) (38:48) [21:21:06:081]: Doing action: CA_PublishMsiPhase1
    Action 21:21:06: CA_PublishMsiPhase1.
    Action start 21:21:06: CA_PublishMsiPhase1.
    MSI (c) (38:88) [21:21:06:143]: Invoking remote custom action. DLL: C:\Users\ROMEOJ~1\AppData\Local\Temp\MSI7A5D.tmp, Entrypoint: CA_PublishMsiPhase1
    MSI (c) (38:84) [21:21:06:159]: Failed to connect to server. Error: 0x80070424

    Action ended 21:21:06: CA_PublishMsiPhase1. Return value 1.
    MSI (c) (38:48) [21:21:06:159]: Doing action: LaunchConditions
    Action 21:21:06: LaunchConditions. Evaluating launch conditions
    Action start 21:21:06: LaunchConditions.
    MSI (c) (38:48) [21:21:06:159]: Note: 1: 2205 2: 3: LaunchCondition
    MSI (c) (38:48) [21:21:06:159]: Note: 1: 2228 2: 3: LaunchCondition 4: SELECT `Condition`, `Description` FROM `LaunchCondition`
    Action ended 21:21:06: LaunchConditions. Return value 0.
    MSI (c) (38:48) [21:21:06:159]: Doing action: PrepareDlg
    Action 21:21:06: PrepareDlg.
    Action start 21:21:06: PrepareDlg.
    Action ended 21:21:06: PrepareDlg. Return value 0.
    MSI (c) (38:48) [21:21:06:159]: Doing action: SetReinstallMode_Inst
    Action 21:21:06: SetReinstallMode_Inst.
    Action start 21:21:06: SetReinstallMode_Inst.
    MSI (c) (38:48) [21:21:06:159]: PROPERTY CHANGE: Adding REINSTALLMODE property. Its value is 'ocmus'.
    Action ended 21:21:06: SetReinstallMode_Inst. Return value 1.
    MSI (c) (38:48) [21:21:06:159]: Doing action: FindRelatedProducts
    Action 21:21:06: FindRelatedProducts. Searching for related applications
    Action start 21:21:06: FindRelatedProducts.
    MSI (c) (38:48) [21:21:06:175]: Skipping FindRelatedProducts action: not run in maintenance mode
    Action ended 21:21:06: FindRelatedProducts. Return value 0.
    MSI (c) (38:48) [21:21:06:175]: Doing action: CA_InitInstallation
    Action 21:21:06: CA_InitInstallation.
    Action start 21:21:06: CA_InitInstallation.
    MSI (c) (38:A4) [21:21:06:237]: Invoking remote custom action. DLL: C:\Users\ROMEOJ~1\AppData\Local\Temp\MSI7ABB.tmp, Entrypoint: CA_InitInstallation
    MSI (c) (38:84) [21:21:06:237]: Failed to connect to server. Error: 0x80070424

    MSI (c) (38:48) [21:21:06:237]: Note: 1: 1719
    Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
    MSI (c) (38:48) [21:21:06:237]: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
  24. Romeo J. Chacon

    Romeo J. Chacon TechSpot Member Topic Starter Posts: 27

    Never mind, I got it to work by removing AVG using the AVGRemover from their site.
    Okay, I got the right log now. Here is the log:

    ComboFix 12-10-21.02 - Romeo Jr Chacon 10/21/2012 21:38:11.2.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1919.1150 [GMT -7:00]
    Running from: c:\users\Romeo Jr Chacon\Desktop\ComboFix.exe
    AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\logboot_22.10.2012.tureg.log
    .
    ---- Previous Run -------
    .
    C:\data
    c:\data\Lp_setup.exe
    c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\~DFK37c542.tmp
    c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\1eaadjc.dll
    c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\bass.dll
    c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\engine_vx.dll
    c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\kfgresk.dll
    c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\mjcriu.dll
    c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\peaadje.dll
    c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\qwadjb.dll
    c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\rsaadjd.dll
    c:\windows\$NtUninstallKB20050$
    c:\windows\$NtUninstallKB20050$\1830475237
    c:\windows\$NtUninstallKB20050$\853113995\Desktop.ini
    c:\windows\system32\tmpDFD0.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_nvsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-22 to 2012-10-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-22 04:47 . 2012-10-22 04:47--------d-----w-c:\users\Default\AppData\Local\temp
    2012-10-21 07:20 . 2012-08-23 18:3132120----a-w-c:\windows\system32\TURegOpt.exe
    2012-10-21 07:20 . 2012-08-23 18:3121880----a-w-c:\windows\system32\authuitu.dll
    2012-10-16 19:46 . 2012-10-22 00:43--------d-----w-c:\windows\system32\catroot2
    2012-10-13 15:55 . 2012-10-13 15:55--------d-----w-c:\users\Default\AppData\Roaming\TuneUp Software
    2012-10-12 04:13 . 2012-10-12 06:3373656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-12 04:13 . 2012-10-12 06:33696760----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-10-12 03:27 . 2012-10-12 03:27--------d-----w-c:\programdata\Norton
    2012-10-11 03:36 . 2012-10-02 19:292557288----a-w-c:\windows\system32\nvsvcr.dll
    2012-10-11 03:32 . 2012-10-02 22:206127464----a-w-c:\windows\system32\nvopencl.dll
    2012-10-11 03:32 . 2012-10-02 22:202574696----a-w-c:\windows\system32\nvcuvid.dll
    2012-10-11 03:32 . 2012-10-02 22:2019906920----a-w-c:\windows\system32\nvoglv32.dll
    2012-10-11 03:32 . 2012-10-02 22:2010837352----a-w-c:\windows\system32\drivers\nvlddmkm.sys
    2012-10-11 03:32 . 2012-10-02 22:201867112----a-w-c:\windows\system32\nvcuvenc.dll
    2012-10-11 03:32 . 2012-10-02 22:207697768----a-w-c:\windows\system32\nvcuda.dll
    2012-10-11 03:32 . 2012-10-02 22:2017559912----a-w-c:\windows\system32\nvcompiler.dll
    2012-10-10 17:48 . 2012-09-13 13:282048----a-w-c:\windows\system32\tzres.dll
    2012-10-10 17:48 . 2012-06-02 00:02985088----a-w-c:\windows\system32\crypt32.dll
    2012-10-10 17:48 . 2012-06-02 00:0298304----a-w-c:\windows\system32\cryptnet.dll
    2012-10-10 17:48 . 2012-06-02 00:02133120----a-w-c:\windows\system32\cryptsvc.dll
    2012-10-10 17:48 . 2012-08-24 15:53172544----a-w-c:\windows\system32\wintrust.dll
    2012-10-10 17:48 . 2012-08-29 11:273602816----a-w-c:\windows\system32\ntkrnlpa.exe
    2012-10-10 17:48 . 2012-08-29 11:273550080----a-w-c:\windows\system32\ntoskrnl.exe
    2012-10-09 19:49 . 2012-10-09 19:49--------d-----w-c:\programdata\stw-audio
    2012-10-07 23:56 . 2012-10-07 23:56--------d-----w-c:\programdata\Leawo
    2012-10-07 23:56 . 2011-03-02 10:43175616----a-w-c:\windows\system32\unrar.dll
    2012-10-05 03:07 . 2012-10-05 03:07--------d-----w-c:\program files\Novation
    2012-10-03 22:21 . 2012-10-05 02:58--------d-----w-c:\program files\Rob Papen
    2012-10-01 22:28 . 2012-10-01 22:28159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2012-10-01 22:28 . 2012-10-01 22:28159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2012-10-01 22:28 . 2012-10-01 22:28159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2012-10-01 22:28 . 2012-10-01 22:28159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2012-10-01 22:28 . 2012-10-01 22:28159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2012-10-01 22:28 . 2012-10-01 22:28159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2012-10-01 22:28 . 2012-10-01 22:28159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2012-10-01 22:28 . 2012-10-01 22:28--------d-----w-c:\program files\QuickTime
    2012-10-01 22:26 . 2012-10-01 22:26--------d-----w-c:\program files\NewBlue
    2012-10-01 22:12 . 2011-02-26 23:17506824----a-w-c:\windows\system32\prodad-codec.dll
    2012-10-01 22:11 . 2012-10-01 22:16--------d-----w-c:\programdata\proDAD
    2012-10-01 22:11 . 2012-10-01 22:12--------d-----w-c:\program files\proDAD
    2012-10-01 22:11 . 2003-07-09 16:4345056----a-w-c:\windows\system32\BFXSrcFilter.ax
    2012-10-01 22:11 . 2003-07-01 22:4969632----a-w-c:\windows\system32\MtxPreview.dll
    2012-10-01 22:11 . 2003-07-01 22:4949152----a-w-c:\windows\system32\MtxParhBFXPreview.dll
    2012-10-01 22:11 . 2003-06-26 16:04237568----a-r-c:\windows\system32\qtmlClient.dll
    2012-10-01 22:11 . 2003-01-20 15:0849152----a-w-c:\windows\system32\CvoAPI.dll
    2012-10-01 22:11 . 2012-10-01 22:11--------d-----w-c:\program files\Boris FX, Inc
    2012-10-01 22:06 . 2012-10-01 22:29--------d-----w-c:\programdata\eSellerate
    2012-10-01 22:05 . 2012-10-01 22:06--------d-----w-c:\program files\SmartSound Software
    2012-10-01 22:05 . 2012-10-01 22:06--------d-----w-c:\programdata\SmartSound Software Inc
    2012-10-01 22:04 . 2012-10-01 22:04--------d-----w-c:\programdata\InterVideo
    2012-10-01 22:01 . 2012-10-01 22:01--------d-----w-c:\program files\Windows Media Components
    2012-10-01 02:43 . 2012-10-01 02:45--------d-----w-c:\program files\CCleaner
    2012-09-30 04:47 . 2012-09-30 04:47--------d-----w-c:\program files\Common Files\Wondershare
    2012-09-30 04:46 . 2011-11-17 23:0816640----a-w-c:\windows\system32\drivers\WsAudioDevice_383.sys
    2012-09-30 04:46 . 2012-09-30 04:46--------d-----w-c:\program files\Wondershare
    2012-09-30 03:52 . 2012-09-30 03:52--------d-----w-c:\program files\Common Files\xing shared
    2012-09-30 03:52 . 2012-09-30 03:52--------d-----w-c:\program files\Real
    2012-09-28 22:07 . 2005-05-26 22:342297552----a-w-c:\windows\system32\d3dx9_26.dll
    2012-09-28 22:04 . 2012-10-12 18:40--------d--h--w-c:\windows\msdownld.tmp
    2012-09-28 22:04 . 2012-10-14 02:48--------d-----w-C:\Games
    2012-09-28 21:38 . 2012-09-28 21:38--------d-----w-c:\program files\LUXONIX
    2012-09-28 21:38 . 2005-03-24 15:26491520----a-w-c:\windows\system32\msvcr80.dll
    2012-09-28 21:37 . 2012-09-28 21:372249----a-w-C:\FLVDirect.exe
    2012-09-28 20:55 . 2012-09-28 20:55--------d-----w-c:\program files\IK Multimedia
    2012-09-28 17:38 . 2012-09-28 17:40--------d-----w-c:\programdata\Protexis
    2012-09-28 17:36 . 2012-10-01 22:03--------d-----w-c:\programdata\Corel
    2012-09-28 17:36 . 2012-09-28 17:36--------d-----w-c:\program files\Common Files\Protexis
    2012-09-28 17:35 . 2012-10-01 22:01--------d-----w-c:\program files\Corel
    2012-09-28 16:42 . 2012-09-28 16:44--------d-----w-c:\programdata\regid.1986-12.com.adobe
    2012-09-28 16:37 . 2012-09-28 16:37--------d-----w-c:\program files\Common Files\Adobe AIR
    2012-09-28 14:48 . 2012-09-28 14:48--------d-----w-c:\program files\Edirol
    2012-09-28 14:11 . 2012-09-28 14:11--------d-----w-c:\programdata\4Front
    2012-09-28 14:10 . 2012-09-28 14:11--------d-----w-c:\program files\TruePianos
    2012-09-28 02:42 . 2012-09-28 02:421060864----a-w-c:\windows\system32\mfc71.dll
    2012-09-28 02:42 . 2003-06-20 19:281777664----a-w-c:\windows\system32\gdiplus.dll
    2012-09-27 18:12 . 2012-09-30 03:52499712----a-w-c:\windows\system32\msvcp71.dll
    2012-09-27 18:12 . 2012-09-30 03:52348160----a-w-c:\windows\system32\msvcr71.dll
    2012-09-27 17:38 . 2011-05-23 09:52153088----a-w-c:\windows\system32\xvid.ax
    2012-09-27 17:38 . 2011-05-23 07:46645632----a-w-c:\windows\system32\xvidcore.dll
    2012-09-27 17:38 . 2011-05-30 13:42240640----a-w-c:\windows\system32\xvidvfw.dll
    2012-09-27 17:38 . 2012-09-27 17:38--------d-----w-c:\program files\Xvid
    2012-09-27 17:31 . 2012-09-27 17:31--------dc----w-c:\windows\system32\DRVSTORE
    2012-09-27 17:31 . 2012-08-21 20:0126840----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-27 17:31 . 2012-09-27 17:31--------d-----w-c:\program files\iPod
    2012-09-27 17:31 . 2012-09-27 17:31--------d-----w-c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-09-27 17:31 . 2012-09-27 17:31--------d-----w-c:\programdata\Apple Computer
    2012-09-27 17:31 . 2012-09-27 17:31--------d-----w-c:\program files\iTunes
    2012-09-27 17:22 . 2012-09-27 17:22--------d-----w-c:\program files\Apple Software Update
    2012-09-27 17:20 . 2012-09-27 17:20--------d-----w-c:\program files\Bonjour
    2012-09-27 17:20 . 2012-09-27 21:57--------d-----w-c:\program files\Common Files\Apple
    2012-09-27 17:20 . 2012-09-27 17:22--------d-----w-c:\programdata\Apple
    2012-09-27 13:21 . 2012-09-27 13:21--------d-----w-c:\program files\PlatinumHideIP
    2012-09-27 12:57 . 2012-09-27 12:57--------d-----w-c:\programdata\PlatinumHideIP
    2012-09-27 12:06 . 2012-09-27 12:06--------d-----w-c:\program files\PowerISO
    2012-09-27 03:59 . 2012-09-27 03:59--------dc-h--w-c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
    2012-09-27 03:59 . 2012-09-27 03:59--------d-----w-c:\program files\Common Files\Native Instruments
    2012-09-27 03:59 . 2012-09-27 03:59--------dc-h--w-c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
    2012-09-27 03:59 . 2012-09-29 15:44--------d-----w-c:\program files\Native Instruments
    2012-09-27 03:59 . 2012-09-27 03:59--------d-----w-c:\programdata\Native Instruments
    2012-09-26 20:00 . 2012-09-26 20:00413696----a-w-c:\windows\system32\wrap_oal.dll
    2012-09-26 20:00 . 2012-09-26 20:00110592----a-w-c:\windows\system32\OpenAL32.dll
    2012-09-26 11:26 . 2012-10-01 22:04--------d-----w-c:\program files\Common Files\InstallShield
    2012-09-26 11:15 . 2012-09-26 11:15--------d-----w-c:\program files\ASIO4ALL v2
    2012-09-26 11:15 . 2012-10-09 19:52--------d-----w-c:\program files\VstPlugins
    2012-09-26 11:15 . 2011-10-11 14:451431552----a-w-c:\windows\system32\rewire.dll
    2012-09-26 11:15 . 2009-09-15 09:141554944----a-w-c:\windows\system32\vorbis.acm
    2012-09-26 11:14 . 2012-09-26 11:14--------d-----w-c:\program files\Outsim
    2012-09-26 11:11 . 2012-09-26 11:15--------d-----w-c:\program files\Image-Line
    2012-09-26 02:01 . 2012-09-26 02:01679936----a-w-c:\windows\system32\Fliqlo.scr
    2012-09-26 02:01 . 2012-09-26 02:01--------d-----w-c:\programdata\Screentime
    2012-09-26 01:59 . 2012-09-26 01:59--------d-----w-c:\windows\system32\Macromed
    2012-09-25 22:53 . 2012-09-25 22:54--------d-----w-c:\programdata\WinZip
    2012-09-25 22:41 . 2012-09-25 22:43--------d-----w-c:\programdata\AVG
    2012-09-25 22:41 . 2012-09-25 22:41--------d-sh--w-c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-09-25 22:31 . 2012-09-25 22:31--------d-----w-C:\$AVG
    2012-09-25 22:29 . 2012-10-22 04:34--------d-----w-c:\program files\AVG
    2012-09-25 22:27 . 2012-09-25 22:27--------d--h--w-c:\programdata\Common Files
    2012-09-25 22:21 . 2012-09-25 22:21--------d-----w-c:\program files\FrostWire 5
    2012-09-25 22:10 . 2012-09-25 22:10--------d-----w-c:\program files\RocketDock
    2012-09-25 22:08 . 2012-10-22 04:34--------d-----w-c:\users\UpdatusUser
    2012-09-25 22:07 . 2012-10-02 19:29645992----a-w-c:\windows\system32\nvvsvc.exe
    2012-09-25 22:07 . 2012-10-02 19:2962312----a-w-c:\windows\system32\nvshext.dll
    2012-09-25 22:07 . 2012-10-02 19:29108392----a-w-c:\windows\system32\nvmctray.dll
    2012-09-25 22:07 . 2012-10-02 19:292853224----a-w-c:\windows\system32\nvsvc.dll
    2012-09-25 22:07 . 2012-10-02 19:283965288----a-w-c:\windows\system32\nvcpl.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-02 22:20 . 2012-02-10 05:431009512----a-w-c:\windows\system32\nvdispco32.dll
    2012-10-02 22:20 . 2008-01-21 02:3215309160----a-w-c:\windows\system32\nvd3dum.dll
    2012-09-25 21:21 . 2012-09-25 21:214096----a-w-c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
    2012-08-24 07:57 . 2012-08-24 07:57113104----a-w-c:\windows\system32\drivers\scdemu.sys
    2012-08-21 20:01 . 2012-08-21 20:01106928----a-w-c:\windows\system32\GEARAspi.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "P17RunE"="P17RunE.dll" [2008-03-28 14848]
    "VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2007-03-01 180224]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-09-30 296096]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-552 revA\wirelesscm.exe [2012-9-25 517440]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\users\Romeo Jr Chacon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "UpdReg"=c:\windows\UpdReg.EXE
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetworkREG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 06:33]
    .
    2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2321283058-4084574830-2792957718-1000Core.job
    - c:\users\Romeo Jr Chacon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 21:54]
    .
    2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2321283058-4084574830-2792957718-1000UA.job
    - c:\users\Romeo Jr Chacon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 21:54]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = http=;ftp=;https=;
    TCP: DhcpNameServer = 10.0.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-21 21:48
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Creative\Shared Files\CTAudSvc.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    c:\windows\System32\rundll32.exe
    c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-21 21:53:23 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-22 04:53
    .
    Pre-Run: 583,820,800,000 bytes free
    Post-Run: 583,651,385,344 bytes free
    .
    - - End Of File - - 832070482FBF08F1264B34EADB21DD13
  25. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Upload following files to http://www.virustotal.com/ for security check:
    - C:\Windows\system32\drivers\smb.sys
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.

    ==================================

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      smb.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.