Inactive [A] AVG detects a Trojan in system file; "smb.sys" causing Windows Update to fail

Status
Not open for further replies.
Romeo J. Chacon

Romeo J. Chacon

Posts: 27   +0
Hi, I'm new and I apologize If I'm posting this in the wrong section by AVG has been acting up lately as well as my Windows Update. It all started when I downloaded Adobe Flash apparently it was infected because AVG popped up and blocked Adobe Flash. I do recall downloading Adobe Flash from a third party site. Which I regret sincerely. Anyway, my computer is running fine as for now, but knowing that the file is infected is pretty nail biting. I'm also pretty sure that my computer won't install any updates due to a trust issue, most likely because smb.sys is infected or corrupted. The error I get when trying to download the 13 updates is code; "80096001".

If I can get some help, that would mean a ton! I don't want to lose any files :-(

Thank you.
 
Note*
I did uninstall and deleted the infected Adobe Flash then installed Adobe Flash from Adobe.com

I've tried checking my PC for system errors using the Operating System Disc but found no errors.
I could have easily used System Restore but I use PC TuneUp 2012 from AVG and I delete the check points
(hogs too much space)
Like I've stated in the post above, my computer is running normal, it just wont install any updates and AVG keeps saying "smb.sys" is infected.

Thanks again.
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Here is the log from Malwarebytes Anti-Malware

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.21.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Romeo Jr Chacon :: STUDIO [administrator]

Protection: Enabled

10/21/2012 1:56:44 PM
mbam-log-2012-10-21 (13-56-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213236
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
You stated to keep you updated during this whole process, well during the process of Malwarebytes AVG popped up an infection; "Trojan horse ZeroAcess.IH" in the same system file "smb.sys"
 
Here is the log from GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-10-21 14:13:16
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000058 WDC_WD75 rev.15.0
Running: kvtt4i8r.exe; Driver: C:\Users\ROMEOJ~1\AppData\Local\Temp\pxldypob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----
 
OTL.txt and Extras.txt

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Romeo Jr Chacon at 14:18:41 on 2012-10-21
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1919.708 [GMT -7:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVG\AVG2013\avgfws.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\notepad.exe
C:\Program Files\AVG\AVG2013\avgcfgex.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Users\Romeo Jr Chacon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Romeo Jr Chacon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Romeo Jr Chacon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Romeo Jr Chacon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Users\Romeo Jr Chacon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Romeo Jr Chacon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Romeo Jr Chacon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyServer = hxxp=;ftp=;https=;
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRunOnce: [RegistryDefrag Success Message] "c:\program files\avg\avg pc tuneup\TUMessages.exe" /RegDefrag_Success
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-552 reva\wirelesscm.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
LSP: mswsock.dll
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{17E46C3E-7A0A-4CF5-8FC9-85632F7B64BF} : DHCPNameServer = 10.0.1.1
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - LocalServer32 - <no file>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
IFEO: acrord32.exe - "c:\program files\avg\avg pc tuneup\TUAutoReactivator32.exe"
IFEO: autoupdate-windows.exe - "c:\program files\avg\avg pc tuneup\TUAutoReactivator32.exe"
IFEO: avic.exe - "c:\program files\avg\avg pc tuneup\TUAutoReactivator32.exe"
IFEO: minicalc.exe - "c:\program files\avg\avg pc tuneup\TUAutoReactivator32.exe"
IFEO: miniconvert.exe - "c:\program files\avg\avg pc tuneup\TUAutoReactivator32.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-21 55008]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 93536]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 50296]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-9-13 177504]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-9-25 20384]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2012-10-2 1314720]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-10-2 5783672]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-2 193568]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-21 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-21 676936]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-9-25 1258856]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2012-8-23 1532280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-21 22856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2012-7-4 10088]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2012-9-29 16640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-10-11 250808]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2012-9-26 79360]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\d-link\dwa-552 reva\jswpsapi.exe [2012-9-25 954368]
S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-10-21 20:55:35--------d-----w-c:\users\romeo jr chacon\appdata\roaming\Malwarebytes
2012-10-21 20:55:27--------d-----w-c:\programdata\Malwarebytes
2012-10-21 20:55:2622856----a-w-c:\windows\system32\drivers\mbam.sys
2012-10-21 20:55:26--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-10-21 07:20:4532120----a-w-c:\windows\system32\TURegOpt.exe
2012-10-21 07:20:4321880----a-w-c:\windows\system32\authuitu.dll
2012-10-21 02:31:19--------d-----w-c:\users\romeo jr chacon\appdata\roaming\TS3Client
2012-10-21 02:30:58--------d-----w-c:\users\romeo jr chacon\appdata\local\TeamSpeak 3 Client
2012-10-16 19:46:09--------d-----w-c:\windows\system32\catroot2
2012-10-15 18:17:40--------d-----w-c:\users\romeo jr chacon\appdata\roaming\SUPERAntiSpyware.com
2012-10-14 01:31:09--------d-----w-c:\users\romeo jr chacon\appdata\local\Skymonk2
2012-10-12 04:13:1873656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-12 04:13:18696760----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-10-12 03:27:54--------d-----w-c:\users\romeo jr chacon\appdata\local\NPE
2012-10-12 03:27:54--------d-----w-c:\programdata\Norton
2012-10-11 03:36:232557288----a-w-c:\windows\system32\nvsvcr.dll
2012-10-11 03:32:566127464----a-w-c:\windows\system32\nvopencl.dll
2012-10-11 03:32:562574696----a-w-c:\windows\system32\nvcuvid.dll
2012-10-11 03:32:5619906920----a-w-c:\windows\system32\nvoglv32.dll
2012-10-11 03:32:5610837352----a-w-c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 03:32:541867112----a-w-c:\windows\system32\nvcuvenc.dll
2012-10-11 03:32:537697768----a-w-c:\windows\system32\nvcuda.dll
2012-10-11 03:32:5017559912----a-w-c:\windows\system32\nvcompiler.dll
2012-10-10 17:48:062048----a-w-c:\windows\system32\tzres.dll
2012-10-10 17:48:03985088----a-w-c:\windows\system32\crypt32.dll
2012-10-10 17:48:0398304----a-w-c:\windows\system32\cryptnet.dll
2012-10-10 17:48:03133120----a-w-c:\windows\system32\cryptsvc.dll
2012-10-10 17:48:01172544----a-w-c:\windows\system32\wintrust.dll
2012-10-10 17:48:003602816----a-w-c:\windows\system32\ntkrnlpa.exe
2012-10-10 17:48:003550080----a-w-c:\windows\system32\ntoskrnl.exe
2012-10-09 19:49:42--------d-----w-c:\programdata\stw-audio
2012-10-07 23:56:41--------d-----w-c:\users\romeo jr chacon\appdata\roaming\tiger-k
2012-10-07 23:56:40--------d-----w-c:\users\romeo jr chacon\appdata\roaming\Leawo
2012-10-07 23:56:40--------d-----w-c:\programdata\Leawo
2012-10-07 23:56:08175616----a-w-c:\windows\system32\unrar.dll
2012-10-05 03:07:01--------d-----w-c:\program files\Novation
2012-10-04 23:35:30--------d-----w-c:\users\romeo jr chacon\appdata\roaming\iZotope
2012-10-03 22:21:29--------d-----w-c:\program files\Rob Papen
2012-10-02 10:30:38159712----a-w-c:\windows\system32\drivers\avgldx86.sys
2012-10-01 23:22:54--------d-----w-c:\users\romeo jr chacon\appdata\roaming\Thinstall
2012-10-01 23:22:54--------d-----w-c:\users\romeo jr chacon\appdata\local\Thinstall
2012-10-01 22:29:35--------d-----w-c:\users\romeo jr chacon\appdata\roaming\Titler
2012-10-01 22:28:53159744----a-w-c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-10-01 22:28:53159744----a-w-c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-10-01 22:28:53159744----a-w-c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-10-01 22:28:53159744----a-w-c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-10-01 22:28:53159744----a-w-c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-10-01 22:28:53159744----a-w-c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-10-01 22:28:53159744----a-w-c:\program files\internet explorer\plugins\npqtplugin.dll
2012-10-01 22:26:59--------d-----w-c:\program files\NewBlue
2012-10-01 22:12:22506824----a-w-c:\windows\system32\prodad-codec.dll
2012-10-01 22:11:49--------d-----w-c:\users\romeo jr chacon\appdata\roaming\proDAD
2012-10-01 22:11:46--------d-----w-c:\programdata\proDAD
2012-10-01 22:11:46--------d-----w-c:\program files\proDAD
2012-10-01 22:11:3369632----a-w-c:\windows\system32\MtxPreview.dll
2012-10-01 22:11:3349152----a-w-c:\windows\system32\MtxParhBFXPreview.dll
2012-10-01 22:11:3349152----a-w-c:\windows\system32\CvoAPI.dll
2012-10-01 22:11:3345056----a-w-c:\windows\system32\BFXSrcFilter.ax
2012-10-01 22:11:33237568----a-r-c:\windows\system32\qtmlClient.dll
2012-10-01 22:11:11--------d-----w-c:\program files\Boris FX, Inc
2012-10-01 22:10:36733184----a-w-c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
2012-10-01 22:10:3669715----a-w-c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
2012-10-01 22:10:365632----a-w-c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2012-10-01 22:10:36266240----a-w-c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
2012-10-01 22:10:36172032----a-w-c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
2012-10-01 22:10:34303236----a-w-c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2012-10-01 22:10:34180356----a-w-c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
2012-10-01 22:06:35--------d-----w-c:\programdata\eSellerate
2012-10-01 22:05:55--------d-----w-c:\program files\SmartSound Software
2012-10-01 22:05:51--------d-----w-c:\programdata\SmartSound Software Inc
2012-10-01 22:05:13--------d-----w-c:\windows\RegisteredPackages
2012-10-01 22:04:09--------d-----w-c:\programdata\InterVideo
2012-10-01 22:04:0577824----a-w-c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-10-01 22:04:0532768----a-w-c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-10-01 22:04:05225280----a-w-c:\program files\common files\installshield\iscript\IScript.dll
2012-10-01 22:04:05212992----a-w-c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2012-10-01 22:04:05176128----a-w-c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-10-01 22:01:37--------d-----w-c:\program files\Windows Media Components
2012-10-01 21:58:37614532----a-w-c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-10-01 02:43:37--------d-----w-c:\program files\CCleaner
2012-09-30 04:47:54--------d-----w-c:\users\romeo jr chacon\appdata\local\Wondershare
2012-09-30 04:47:53--------d-----w-c:\program files\common files\Wondershare
2012-09-30 04:47:45--------d-----w-c:\users\romeo jr chacon\appdata\roaming\Wondershare
2012-09-30 04:46:4416640----a-w-c:\windows\system32\drivers\WsAudioDevice_383.sys
2012-09-30 04:46:42--------d-----w-c:\program files\Wondershare
2012-09-30 04:44:111758720----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\engine_vx.dll
2012-09-30 04:44:0799896----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\~DFK37c542.tmp
2012-09-30 04:44:0729784----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\qwadjb.dll
2012-09-30 04:44:0718724----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\bass.dll
2012-09-30 04:44:0717472----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\rsaadjd.dll
2012-09-30 04:44:0717472----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\1eaadjc.dll
2012-09-30 04:44:0716448----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\kfgresk.dll
2012-09-30 04:44:0714456----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\mjcriu.dll
2012-09-30 04:44:0712352----atw-c:\users\romeo jr chacon\appdata\roaming\microsoft\peaadje.dll
2012-09-30 04:42:33--------d-----w-c:\users\romeo jr chacon\appdata\roaming\Apowersoft
2012-09-30 03:52:57--------d-----w-c:\program files\common files\xing shared
2012-09-28 22:07:592297552----a-w-c:\windows\system32\d3dx9_26.dll
2012-09-28 22:04:42--------d--h--w-c:\windows\msdownld.tmp
2012-09-28 22:04:41--------d-----w-c:\windows\system32\directx
2012-09-28 22:04:36--------d-----w-C:\Games
2012-09-28 21:38:34491520----a-w-c:\windows\system32\msvcr80.dll
2012-09-28 21:38:34--------d-----w-c:\program files\LUXONIX
2012-09-28 21:37:53--------d-----w-C:\Data
2012-09-28 21:37:522249----a-w-C:\FLVDirect.exe
2012-09-28 21:33:22--------d-----w-c:\users\romeo jr chacon\appdata\roaming\Azureus
2012-09-28 21:01:38155648----a-w-c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2012-09-28 21:01:37692224----a-w-c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2012-09-28 21:01:3757344----a-w-c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2012-09-28 21:01:375632----a-w-c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2012-09-28 21:01:37237568----a-w-c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2012-09-28 21:01:32282756----a-w-c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2012-09-28 21:01:32163972----a-w-c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2012-09-28 20:55:45--------d-----w-c:\program files\IK Multimedia
2012-09-28 20:23:02--------d-----w-c:\users\romeo jr chacon\appdata\local\CrashDumps
2012-09-28 17:38:10--------d-----w-c:\programdata\Protexis
2012-09-28 17:38:09--------d-----w-c:\users\romeo jr chacon\appdata\local\Corel PaintShop Pro
2012-09-28 17:36:43--------d-----w-c:\programdata\Corel
2012-09-28 17:36:43--------d-----w-c:\program files\common files\Protexis
2012-09-28 17:35:44--------d-----w-c:\program files\Corel
2012-09-28 16:44:01--------d-----w-c:\users\romeo jr chacon\appdata\roaming\NVIDIA
2012-09-28 16:42:21--------d-----w-c:\programdata\regid.1986-12.com.adobe
2012-09-28 15:42:21--------d-----w-c:\users\romeo jr chacon\TruePianos Settings
2012-09-28 14:48:37--------d-----w-c:\program files\Edirol
2012-09-28 14:12:18--------d-----w-c:\users\romeo jr chacon\appdata\roaming\4Front
2012-09-28 14:11:05--------d-----w-c:\programdata\4Front
2012-09-28 14:10:59--------d-----w-c:\program files\TruePianos
2012-09-28 02:42:091777664----a-w-c:\windows\system32\gdiplus.dll
2012-09-28 02:42:091060864----a-w-c:\windows\system32\mfc71.dll
2012-09-28 02:20:22--------d-----w-c:\users\romeo jr chacon\appdata\roaming\Image-Line
2012-09-27 18:12:41499712----a-w-c:\windows\system32\msvcp71.dll
2012-09-27 18:12:41348160----a-w-c:\windows\system32\msvcr71.dll
2012-09-27 17:38:16645632----a-w-c:\windows\system32\xvidcore.dll
2012-09-27 17:38:16153088----a-w-c:\windows\system32\xvid.ax
2012-09-27 17:38:15240640----a-w-c:\windows\system32\xvidvfw.dll
2012-09-27 17:38:09--------d-----w-c:\program files\Xvid
2012-09-27 17:32:18--------d-----w-c:\users\romeo jr chacon\appdata\local\Apple Computer
2012-09-27 17:31:5826840----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-27 17:31:13--------d-----w-c:\program files\iPod
2012-09-27 17:31:11--------d-----w-c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-27 17:31:10--------d-----w-c:\program files\iTunes
2012-09-27 17:22:18--------d-----w-c:\users\romeo jr chacon\appdata\local\Apple
2012-09-27 17:20:59--------d-----w-c:\program files\Bonjour
2012-09-27 13:21:10--------d-----w-c:\program files\PlatinumHideIP
2012-09-27 12:57:04--------d-----w-c:\users\romeo jr chacon\appdata\roaming\PlatinumHideIP
2012-09-27 12:57:04--------d-----w-c:\programdata\PlatinumHideIP
2012-09-27 12:56:46--------d-----w-c:\users\romeo jr chacon\appdata\local\APN
2012-09-27 12:07:43--------d-----w-c:\users\romeo jr chacon\appdata\roaming\PowerISO
2012-09-27 12:06:22--------d-----w-c:\program files\PowerISO
2012-09-27 04:00:39--------d-----w-c:\users\romeo jr chacon\appdata\local\Native Instruments
2012-09-27 03:59:58--------dc-h--w-c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-09-27 03:59:33--------d-----w-c:\program files\common files\Native Instruments
2012-09-27 03:59:14--------dc-h--w-c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2012-09-27 03:59:11--------d-----w-c:\programdata\Native Instruments
2012-09-27 03:59:11--------d-----w-c:\program files\Native Instruments
2012-09-26 20:00:20413696----a-w-c:\windows\system32\wrap_oal.dll
2012-09-26 20:00:19110592----a-w-c:\windows\system32\OpenAL32.dll
2012-09-26 20:00:112873820------w-c:\windows\system32\Sens_oal.dll
2012-09-26 19:59:47--------d-----w-c:\program files\common files\Creative Labs Shared
2012-09-26 19:16:33--------d-----w-c:\program files\common files\Digidesign
2012-09-26 14:26:36--------d-----w-c:\program files\common files\reFX
2012-09-26 13:50:522440704----a-w-c:\windows\system32\SYNSOEMU.DLL
2012-09-26 11:36:437062----a-w-c:\windows\system32\audiopid.vxd
2012-09-26 11:36:06647872------w-c:\windows\system32\Mscomct2.ocx
2012-09-26 11:36:0553248------w-c:\windows\Ctregrun.exe
2012-09-26 11:35:5090112------w-c:\windows\Updreg.EXE
2012-09-26 11:33:5045568----a-w-c:\windows\system32\ctppld.dll
2012-09-26 11:33:41--------d-----w-c:\windows\system32\Data
2012-09-26 11:32:41--------d-----w-c:\program files\Creative
2012-09-26 11:26:2969715----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-09-26 11:26:295632----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-09-26 11:26:2932768----a-w-c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-09-26 11:26:29266240----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-09-26 11:26:29192512----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-09-26 11:26:28729088----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-09-26 11:26:27188548----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-09-26 11:26:26311428----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-09-26 11:15:47--------d-----w-c:\users\romeo jr chacon\appdata\local\Adobe
2012-09-26 11:15:43--------d-----w-c:\program files\ASIO4ALL v2
2012-09-26 11:15:281431552----a-w-c:\windows\system32\rewire.dll
2012-09-26 11:15:28--------d-----w-c:\program files\VstPlugins
2012-09-26 11:15:071554944----a-w-c:\windows\system32\vorbis.acm
2012-09-26 11:14:57--------d-----w-c:\program files\Outsim
2012-09-26 11:11:09--------d-----w-c:\program files\Image-Line
2012-09-26 02:01:42679936----a-w-c:\windows\system32\Fliqlo.scr
2012-09-26 02:01:42--------d-----w-c:\programdata\Screentime
2012-09-26 01:59:24--------d-----w-c:\users\romeo jr chacon\appdata\local\Screentime
2012-09-25 22:54:20--------d-----w-c:\users\romeo jr chacon\appdata\local\WinZip
2012-09-25 22:43:08--------d-----w-c:\users\romeo jr chacon\appdata\roaming\AVG
2012-09-25 22:41:45--------d-----w-c:\programdata\AVG
2012-09-25 22:41:37--------d-sh--w-c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-25 22:33:29--------d-----w-c:\users\romeo jr chacon\appdata\roaming\AVG2013
2012-09-25 22:32:36--------d-----w-c:\users\romeo jr chacon\appdata\roaming\TuneUp Software
2012-09-25 22:31:36--------d--h--w-C:\$AVG
2012-09-25 22:31:36--------d-----w-c:\programdata\AVG2013
2012-09-25 22:29:42--------d-----w-c:\program files\AVG
2012-09-25 22:27:02--------d--h--w-c:\programdata\Common Files
2012-09-25 22:27:02--------d-----w-c:\users\romeo jr chacon\appdata\local\MFAData
2012-09-25 22:27:02--------d-----w-c:\users\romeo jr chacon\appdata\local\Avg2013
2012-09-25 22:27:02--------d-----w-c:\programdata\MFAData
2012-09-25 22:22:13--------d-----w-c:\users\romeo jr chacon\FrostWire
2012-09-25 22:22:09--------d-----w-c:\users\romeo jr chacon\.frostwire5
2012-09-25 22:21:43--------d-----w-c:\program files\FrostWire 5
2012-09-25 22:10:29--------d-----w-c:\program files\RocketDock
2012-09-25 22:07:34645992----a-w-c:\windows\system32\nvvsvc.exe
2012-09-25 22:07:3462312----a-w-c:\windows\system32\nvshext.dll
2012-09-25 22:07:343965288----a-w-c:\windows\system32\nvcpl.dll
2012-09-25 22:07:342853224----a-w-c:\windows\system32\nvsvc.dll
2012-09-25 22:07:34108392----a-w-c:\windows\system32\nvmctray.dll
2012-09-25 22:07:17--------d-----w-C:\temp
2012-09-25 22:05:45888168----a-w-c:\windows\system32\nvdispgenco32.dll
2012-09-25 22:05:442428776----a-w-c:\windows\system32\nvapi.dll
2012-09-25 22:05:10--------d-----w-C:\NVIDIA
2012-09-25 21:59:57821736----a-w-c:\windows\system32\npDeployJava1.dll
2012-09-25 21:59:57746984----a-w-c:\windows\system32\deployJava1.dll
2012-09-25 21:59:4593672----a-w-c:\windows\system32\WindowsAccessBridge.dll
2012-09-25 21:54:52--------d-----w-c:\users\romeo jr chacon\appdata\local\Google
2012-09-25 21:54:17--------d-----w-c:\users\romeo jr chacon\appdata\local\Deployment
2012-09-25 21:54:17--------d-----w-c:\users\romeo jr chacon\appdata\local\Apps
2012-09-25 21:52:23876032----a-w-c:\windows\system32\XpsPrint.dll
2012-09-25 21:52:231069056----a-w-c:\windows\system32\DWrite.dll
2012-09-25 21:52:22683008----a-w-c:\windows\system32\d2d1.dll
2012-09-25 21:52:22219648----a-w-c:\windows\system32\d3d10_1core.dll
2012-09-25 21:52:22160768----a-w-c:\windows\system32\d3d10_1.dll
2012-09-25 21:52:221172480----a-w-c:\windows\system32\d3d10warp.dll
2012-09-25 21:50:24758784----a-w-c:\windows\system32\cohelper.dll
2012-09-25 21:42:35--------d-----w-c:\program files\Windows Portable Devices
2012-09-25 21:35:0792672----a-w-c:\windows\system32\UIAnimation.dll
2012-09-25 21:35:063023360----a-w-c:\windows\system32\UIRibbon.dll
2012-09-25 21:35:061164800----a-w-c:\windows\system32\UIRibbonRes.dll
2012-09-25 21:28:265120----a-w-c:\windows\system32\wmi.dll
2012-09-25 21:28:26157696----a-w-c:\windows\system32\imagehlp.dll
2012-09-25 21:28:2612800----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-09-25 21:23:142047488----a-w-c:\windows\system32\win32k.sys
2012-09-25 21:21:50974848----a-w-c:\windows\system32\WindowsCodecs.dll
2012-09-25 21:21:50519680----a-w-c:\windows\system32\d3d11.dll
2012-09-25 21:21:50369664----a-w-c:\windows\system32\WMPhoto.dll
2012-09-25 21:21:50321024----a-w-c:\windows\system32\PhotoMetadataHandler.dll
2012-09-25 21:21:50252928----a-w-c:\windows\system32\dxdiag.exe
2012-09-25 21:21:50195584----a-w-c:\windows\system32\dxdiagn.dll
2012-09-25 21:21:50189440----a-w-c:\windows\system32\WindowsCodecsExt.dll
2012-09-25 21:07:32707584----a-w-c:\program files\common files\system\wab32.dll
2012-09-25 21:07:23563712----a-w-c:\windows\system32\oleaut32.dll
2012-09-25 21:07:23555520----a-w-c:\windows\system32\UIAutomationCore.dll
2012-09-25 21:07:234096----a-w-c:\windows\system32\oleaccrc.dll
2012-09-25 21:07:23238080----a-w-c:\windows\system32\oleacc.dll
2012-09-25 21:07:14231424----a-w-c:\windows\system32\msshsq.dll
2012-09-25 21:07:07797696----a-w-c:\windows\system32\FntCache.dll
2012-09-25 21:07:07288768----a-w-c:\windows\system32\XpsGdiConverter.dll
2012-09-25 21:05:11613376----a-w-c:\windows\system32\rdpencom.dll
2012-09-25 20:55:372422272----a-w-c:\windows\system32\wucltux.dll
2012-09-25 20:55:3088576----a-w-c:\windows\system32\wudriver.dll
2012-09-25 20:55:2733792----a-w-c:\windows\system32\wuapp.exe
2012-09-25 20:55:27171904----a-w-c:\windows\system32\wuwebv.dll
2012-09-25 20:39:33--------d-----w-c:\windows\system32\eu-ES
2012-09-25 20:39:33--------d-----w-c:\windows\system32\ca-ES
2012-09-25 20:39:32--------d-----w-c:\windows\system32\vi-VN
2012-09-25 20:29:59800768----a-w-c:\windows\system32\advapi32.dll
2012-09-25 20:13:0199176----a-w-c:\windows\system32\PresentationHostProxy.dll
2012-09-25 20:13:0149472----a-w-c:\windows\system32\netfxperf.dll
2012-09-25 20:13:01297808----a-w-c:\windows\system32\mscoree.dll
2012-09-25 20:13:01295264----a-w-c:\windows\system32\PresentationHost.exe
2012-09-25 20:13:011130824----a-w-c:\windows\system32\dfshim.dll
2012-09-25 20:12:24411648----a-w-c:\windows\system32\drivers\http.sys
2012-09-25 20:12:2430720----a-w-c:\windows\system32\httpapi.dll
2012-09-25 20:12:2424064----a-w-c:\windows\system32\nshhttp.dll
2012-09-25 20:12:1517920----a-w-c:\windows\system32\netevent.dll
2012-09-25 20:12:15125952----a-w-c:\windows\system32\srvsvc.dll
2012-09-25 19:31:36--------d-----w-c:\programdata\NVIDIA Corporation
2012-09-25 19:31:32--------d-----w-c:\program files\NVIDIA Corporation
2012-09-25 19:31:01453152----a-w-c:\windows\system32\nvuninst.exe
2012-09-25 19:31:0111164----a-w-c:\windows\system32\drivers\nvphy.bin
2012-09-25 19:00:202730536----a-w-c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-09-25 19:00:166980552----a-w-c:\programdata\microsoft\windows defender\definition updates\{f2cb0bf1-f1f0-41bd-a314-23b860c606e1}\mpengine.dll
2012-09-25 19:00:15237072------w-c:\windows\system32\MpSigStub.exe
2012-09-25 18:43:3418904----a-w-c:\windows\system32\StructuredQuerySchemaTrivial.bin
2012-09-25 18:37:5373728----a-w-c:\windows\system32\CmdRtr.DLL
2012-09-25 18:37:53166912----a-w-c:\windows\system32\APOMngr.DLL
2012-09-25 18:33:06--------d-----w-c:\windows\Panther
2012-09-25 18:32:50--------d-sh--w-C:\Boot
2012-09-25 18:32:32--------d-----w-c:\windows\system32\OEM
2012-09-25 18:12:13339968----a-w-c:\program files\windows nt\accessories\wordpad.exe
2012-09-25 18:12:131316864----a-w-c:\windows\system32\ole32.dll
2012-09-25 18:12:08105984----a-w-c:\windows\system32\netiohlp.dll
2012-09-25 18:12:079728----a-w-c:\windows\system32\TCPSVCS.EXE
2012-09-25 18:12:078704----a-w-c:\windows\system32\HOSTNAME.EXE
2012-09-25 18:12:0727136----a-w-c:\windows\system32\NETSTAT.EXE
2012-09-25 18:12:0719968----a-w-c:\windows\system32\ARP.EXE
2012-09-25 18:12:0717920----a-w-c:\windows\system32\ROUTE.EXE
2012-09-25 18:12:0711264----a-w-c:\windows\system32\MRINFO.EXE
2012-09-25 18:12:0710240----a-w-c:\windows\system32\finger.exe
2012-09-25 18:09:441696256----a-w-c:\windows\system32\gameux.dll
2012-09-25 18:08:5979872----a-w-c:\windows\system32\drivers\mrxsmb20.sys
2012-09-25 18:07:57310784----a-w-c:\windows\system32\unregmp2.exe
2012-09-25 18:07:571418752----a-w-c:\program files\windows media player\setup_wm.exe
2012-09-25 18:07:1791136----a-w-c:\windows\system32\avifil32.dll
2012-09-25 18:07:1782944----a-w-c:\windows\system32\mciavi32.dll
2012-09-25 18:07:1750176----a-w-c:\windows\system32\iyuv_32.dll
2012-09-25 18:07:1731744----a-w-c:\windows\system32\msvidc32.dll
2012-09-25 18:07:1722528----a-w-c:\windows\system32\msyuv.dll
2012-09-25 18:07:1713312----a-w-c:\windows\system32\msrle32.dll
2012-09-25 18:07:17123904----a-w-c:\windows\system32\msvfw32.dll
2012-09-25 18:07:1712288----a-w-c:\windows\system32\tsbyuv.dll
2012-09-25 17:56:27531968----a-w-c:\windows\system32\comctl32.dll
2012-09-25 17:56:24604672----a-w-c:\windows\system32\WMSPDMOD.DLL
2012-09-25 17:48:3720384----a-w-c:\windows\system32\drivers\jswpslwf.sys
2012-09-25 17:48:371214976----a-w-c:\windows\system32\drivers\athr.sys
2012-09-25 17:48:37--------d-----w-c:\windows\pcidevice
2012-09-25 17:48:36--------d-----w-c:\program files\D-Link
2012-09-25 17:46:48--------d-sh--w-c:\windows\Installer
.
==================== Find3M ====================
.
2012-10-02 22:20:0015309160----a-w-c:\windows\system32\nvd3dum.dll
2012-10-02 22:20:001009512----a-w-c:\windows\system32\nvdispco32.dll
2012-09-25 21:21:514096----a-w-c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2012-09-21 10:46:06164832----a-w-c:\windows\system32\drivers\avgtdix.sys
2012-09-21 10:46:00177376----a-w-c:\windows\system32\drivers\avglogx.sys
2012-09-21 10:45:5419936----a-w-c:\windows\system32\drivers\avgidsshimx.sys
2012-09-21 10:45:5255008----a-w-c:\windows\system32\drivers\avgidshx.sys
2012-09-14 10:05:2035552----a-w-c:\windows\system32\drivers\avgrkx86.sys
2012-09-13 10:11:20177504----a-w-c:\windows\system32\drivers\avgidsdriverx.sys
2012-09-04 17:39:3250296----a-w-c:\windows\system32\drivers\avgfwd6x.sys
2012-08-24 07:57:00113104----a-w-c:\windows\system32\drivers\scdemu.sys
2012-08-21 20:01:22106928----a-w-c:\windows\system32\GEARAspi.dll
.
============= FINISH: 14:19:15.78 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 9/25/2012 10:36:40 AM
System Uptime: 10/21/2012 1:33:47 PM (1 hours ago)
.
Motherboard: Gateway | | MCP61SM2MA
Processor: AMD Sempron(tm) Processor LE-1250 | Socket AM2 | 2200/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 530.66 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP109: 10/21/2012 12:19:47 AM - Installed AVG PC TuneUp
.
==== Image File Execution Options =============
.
IFEO: acrord32.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO: autoupdate-windows.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO: avic.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO: minicalc.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO: miniconvert.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO: realconverter.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO: realplay.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO: realtrimmer.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO: rnxproc.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO: setup.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO: statsreader.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO: streamingaudiorecorder.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO: switchboard.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO: unins000.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO: uninstall.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO: wirelesscm.exe - "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader 9.3
Apple Application Support
Apple Software Update
ASIO4ALL
AVG 2013
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
Bonjour
Boris Graffiti for Corel
CCleaner
Contents
Corel KPT Collection
Corel PaintShop Pro Misc Content
Corel PaintShop Pro X5
Corel VideoStudio Ultimate X5
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties
Creative System Information
DWA-552
Edirol HQ Orchestral v1.01
FL Studio 10
Fliqlo Screen Saver
FrostWire 5.4.0
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICA
IL Download Manager
IL Shared Libraries
IPM_PSP_COM
IPM_VS_Pro
ISCOM
iTunes
Java 7 Update 7
Java Auto Updater
Luxonix Purity VSTi v1.1.2
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Miroslav Philharmonik
Native Instruments B4 II
Native Instruments Massive
Native Instruments Service Center
NewBlue Titler EX for Corel VSX5
Novation V-Station v1.20-H2O
NVIDIA Control Panel 306.97
NVIDIA Drivers
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
PDF Settings CS5
Platinum Hide IP
PowerISO
proDAD Mercalli 2.0
proDAD Route 4.0
proDAD Vitascene 2.0
PSPPContent
PSPPHelp
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
reFX Nexus VSTi RTAS v2.2.0
reFX Vanguard 1.7.2
Rob Papen Albino 3
RocketDock 1.3.5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Windows Media Encoder (KB2447961)
Setup
Share
SmartSound Common Data
SmartSound Quicktracks 5
Sound Blaster Audigy
TeamSpeak 3 Client
Tone2 Gladiator VSTi v2.2
TruePianos 1.5.0
TruePianos: Amber Module 1.4.0
TruePianos: Diamond Module 1.4.0
TruePianos: Emerald Module 1.4.0
TruePianos: Sapphire Module 1.4.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VSClassic
VSHelp
VSUltimate
Windows Media Encoder 9 Series
WinZip 16.5
Wondershare Streaming Audio Recorder(Build 2.0.3.3)
World of Tanks
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
10/21/2012 1:35:47 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
10/21/2012 1:35:47 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
.
==== End Of File ===========================
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

===============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Here is TDSSKiller report

14:52:07.0167 1360 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
14:52:07.0610 1360 Current date / time: 2012/10/21 14:52:07.0610
14:52:07.0610 1360 SystemInfo:
14:52:07.0610 1360
14:52:07.0610 1360 OS Version: 6.0.6002 ServicePack: 2.0
14:52:07.0610 1360 Product type: Workstation
14:52:07.0610 1360 ComputerName: STUDIO
14:52:07.0611 1360 UserName: Romeo Jr Chacon
14:52:07.0611 1360 Windows directory: C:\Windows
14:52:07.0611 1360 System windows directory: C:\Windows
14:52:07.0611 1360 Processor architecture: Intel x86
14:52:07.0611 1360 Number of processors: 1
14:52:07.0611 1360 Page size: 0x1000
14:52:07.0611 1360 Boot type: Normal boot
14:52:07.0996 1360 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:52:07.0998 1360 \Device\Harddisk0\DR0:
14:52:07.0998 1360 MBR partitions:
14:52:07.0998 1360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
14:52:08.0014 1360 C: <-> \Device\Harddisk0\DR0\Partition1
14:52:08.0014 1360 Initialize success
14:52:10.0690 6972 Scan started
14:52:10.0690 6972 Mode: Manual;
14:52:10.0856 6972 ================ Scan system memory ========================
14:52:10.0856 6972 System memory - ok
14:52:10.0859 6972 ================ Scan services =============================
14:52:11.0022 6972 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:52:11.0025 6972 ACPI - ok
14:52:11.0083 6972 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:52:11.0085 6972 AdobeFlashPlayerUpdateSvc - ok
14:52:11.0140 6972 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:52:11.0144 6972 adp94xx - ok
14:52:11.0168 6972 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:52:11.0173 6972 adpahci - ok
14:52:11.0187 6972 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:52:11.0188 6972 adpu160m - ok
14:52:11.0212 6972 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:52:11.0214 6972 adpu320 - ok
14:52:11.0242 6972 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:52:11.0243 6972 AeLookupSvc - ok
14:52:11.0283 6972 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
14:52:11.0285 6972 AFD - ok
14:52:11.0305 6972 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:52:11.0306 6972 agp440 - ok
14:52:11.0317 6972 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:52:11.0319 6972 aic78xx - ok
14:52:11.0334 6972 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
14:52:11.0335 6972 ALG - ok
14:52:11.0353 6972 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
14:52:11.0354 6972 aliide - ok
14:52:11.0372 6972 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:52:11.0373 6972 amdagp - ok
14:52:11.0410 6972 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
14:52:11.0411 6972 amdide - ok
14:52:11.0427 6972 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
14:52:11.0428 6972 AmdK7 - ok
14:52:11.0442 6972 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:52:11.0444 6972 AmdK8 - ok
14:52:11.0488 6972 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
14:52:11.0489 6972 Appinfo - ok
14:52:11.0508 6972 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
14:52:11.0510 6972 arc - ok
14:52:11.0544 6972 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:52:11.0547 6972 arcsas - ok
14:52:11.0580 6972 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:52:11.0581 6972 AsyncMac - ok
14:52:11.0612 6972 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
14:52:11.0613 6972 atapi - ok
14:52:11.0681 6972 [ 69660AF85F35A658D258FC8567318328 ] athr C:\Windows\system32\DRIVERS\athr.sys
14:52:11.0690 6972 athr - ok
14:52:11.0760 6972 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:52:11.0764 6972 AudioEndpointBuilder - ok
14:52:11.0788 6972 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:52:11.0791 6972 Audiosrv - ok
14:52:11.0861 6972 [ 0FE7773CD592DAE0CA994BA987F44E85 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6x.sys
14:52:11.0862 6972 Avgfwfd - ok
14:52:11.0933 6972 [ 2E0DB82F4254FF91E153F331BA9B2D6E ] avgfws C:\Program Files\AVG\AVG2013\avgfws.exe
14:52:11.0943 6972 avgfws - ok
14:52:12.0076 6972 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
14:52:12.0117 6972 AVGIDSAgent - ok
14:52:12.0160 6972 [ 2F47851015D8837976E481F6DAA46A67 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
14:52:12.0162 6972 AVGIDSDriver - ok
14:52:12.0180 6972 [ 303BDE0DCDC04CE597C6C1CD06C6F186 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
14:52:12.0181 6972 AVGIDSHX - ok
14:52:12.0201 6972 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
14:52:12.0202 6972 AVGIDSShim - ok
14:52:12.0233 6972 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
14:52:12.0235 6972 Avgldx86 - ok
14:52:12.0258 6972 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
14:52:12.0260 6972 Avglogx - ok
14:52:12.0289 6972 [ 6DF7236D3A16C8417FF72F2EB2ADD244 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
14:52:12.0290 6972 Avgmfx86 - ok
14:52:12.0307 6972 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
14:52:12.0309 6972 Avgrkx86 - ok
14:52:12.0351 6972 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
14:52:12.0353 6972 Avgtdix - ok
14:52:12.0387 6972 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
14:52:12.0389 6972 avgwd - ok
14:52:12.0441 6972 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
14:52:12.0441 6972 Beep - ok
14:52:12.0509 6972 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
14:52:12.0516 6972 BITS - ok
14:52:12.0548 6972 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:52:12.0549 6972 blbdrive - ok
14:52:12.0633 6972 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:52:12.0636 6972 Bonjour Service - ok
14:52:12.0695 6972 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:52:12.0697 6972 bowser - ok
14:52:12.0725 6972 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:52:12.0726 6972 BrFiltLo - ok
14:52:12.0757 6972 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:52:12.0757 6972 BrFiltUp - ok
14:52:12.0783 6972 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
14:52:12.0785 6972 Browser - ok
14:52:12.0810 6972 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
14:52:12.0811 6972 Brserid - ok
14:52:12.0834 6972 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:52:12.0835 6972 BrSerWdm - ok
14:52:12.0860 6972 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:52:12.0861 6972 BrUsbMdm - ok
14:52:12.0884 6972 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:52:12.0885 6972 BrUsbSer - ok
14:52:12.0915 6972 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:52:12.0916 6972 BTHMODEM - ok
14:52:12.0957 6972 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:52:12.0958 6972 cdfs - ok
14:52:13.0004 6972 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:52:13.0005 6972 cdrom - ok
14:52:13.0064 6972 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
14:52:13.0065 6972 CertPropSvc - ok
14:52:13.0092 6972 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
14:52:13.0096 6972 circlass - ok
14:52:13.0145 6972 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
14:52:13.0149 6972 CLFS - ok
14:52:13.0221 6972 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:52:13.0222 6972 clr_optimization_v2.0.50727_32 - ok
14:52:13.0266 6972 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:52:13.0268 6972 clr_optimization_v4.0.30319_32 - ok
14:52:13.0300 6972 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:52:13.0301 6972 cmdide - ok
14:52:13.0329 6972 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:52:13.0330 6972 Compbatt - ok
14:52:13.0346 6972 COMSysApp - ok
14:52:13.0378 6972 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:52:13.0380 6972 crcdisk - ok
14:52:13.0423 6972 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
14:52:13.0424 6972 Creative Audio Engine Licensing Service - ok
14:52:13.0444 6972 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
14:52:13.0451 6972 Crusoe - ok
14:52:13.0502 6972 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:52:13.0504 6972 CryptSvc - ok
14:52:13.0544 6972 [ 69CDBA2B9C397E349A04FA70DD9170A2 ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
14:52:13.0550 6972 CTAudSvcService - ok
14:52:13.0597 6972 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:52:13.0604 6972 DcomLaunch - ok
14:52:13.0624 6972 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:52:13.0626 6972 DfsC - ok
14:52:13.0693 6972 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
14:52:13.0708 6972 DFSR - ok
14:52:13.0965 6972 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:52:13.0967 6972 Dhcp - ok
14:52:13.0992 6972 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
14:52:13.0993 6972 disk - ok
14:52:14.0027 6972 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:52:14.0029 6972 Dnscache - ok
14:52:14.0063 6972 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:52:14.0067 6972 dot3svc - ok
14:52:14.0091 6972 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
14:52:14.0094 6972 DPS - ok
14:52:14.0131 6972 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:52:14.0132 6972 drmkaud - ok
14:52:14.0176 6972 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:52:14.0183 6972 DXGKrnl - ok
14:52:14.0209 6972 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:52:14.0211 6972 E1G60 - ok
14:52:14.0233 6972 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
14:52:14.0236 6972 EapHost - ok
14:52:14.0281 6972 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
14:52:14.0285 6972 Ecache - ok
14:52:14.0314 6972 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:52:14.0319 6972 elxstor - ok
14:52:14.0362 6972 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:52:14.0369 6972 EMDMgmt - ok
14:52:14.0407 6972 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:52:14.0408 6972 ErrDev - ok
14:52:14.0457 6972 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
14:52:14.0462 6972 EventSystem - ok
14:52:14.0505 6972 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
14:52:14.0508 6972 exfat - ok
14:52:14.0543 6972 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:52:14.0544 6972 fastfat - ok
14:52:14.0575 6972 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:52:14.0576 6972 fdc - ok
14:52:14.0611 6972 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
14:52:14.0612 6972 fdPHost - ok
14:52:14.0631 6972 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
14:52:14.0633 6972 FDResPub - ok
14:52:14.0654 6972 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:52:14.0656 6972 FileInfo - ok
14:52:14.0693 6972 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:52:14.0695 6972 Filetrace - ok
14:52:14.0715 6972 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:52:14.0716 6972 flpydisk - ok
14:52:14.0744 6972 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:52:14.0746 6972 FltMgr - ok
14:52:14.0791 6972 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
14:52:14.0798 6972 FontCache - ok
14:52:14.0837 6972 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:52:14.0838 6972 FontCache3.0.0.0 - ok
14:52:14.0872 6972 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:52:14.0873 6972 Fs_Rec - ok
14:52:14.0899 6972 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:52:14.0900 6972 gagp30kx - ok
14:52:14.0937 6972 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:52:14.0939 6972 GEARAspiWDM - ok
14:52:14.0967 6972 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
14:52:14.0973 6972 gpsvc - ok
14:52:15.0014 6972 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:52:15.0019 6972 HdAudAddService - ok
14:52:15.0056 6972 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:52:15.0067 6972 HDAudBus - ok
14:52:15.0092 6972 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:52:15.0094 6972 HidBth - ok
14:52:15.0112 6972 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:52:15.0114 6972 HidIr - ok
14:52:15.0134 6972 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
14:52:15.0136 6972 hidserv - ok
14:52:15.0157 6972 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:52:15.0159 6972 HidUsb - ok
14:52:15.0189 6972 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:52:15.0198 6972 hkmsvc - ok
14:52:15.0228 6972 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:52:15.0229 6972 HpCISSs - ok
14:52:15.0263 6972 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:52:15.0277 6972 HTTP - ok
14:52:15.0300 6972 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:52:15.0302 6972 i2omp - ok
14:52:15.0340 6972 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:52:15.0342 6972 i8042prt - ok
14:52:15.0366 6972 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:52:15.0392 6972 iaStorV - ok
14:52:15.0465 6972 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:52:15.0485 6972 idsvc - ok
14:52:15.0502 6972 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:52:15.0504 6972 iirsp - ok
14:52:15.0543 6972 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
14:52:15.0552 6972 IKEEXT - ok
14:52:15.0588 6972 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
14:52:15.0590 6972 intelide - ok
14:52:15.0613 6972 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:52:15.0614 6972 intelppm - ok
14:52:15.0653 6972 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:52:15.0656 6972 IPBusEnum - ok
14:52:15.0684 6972 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:52:15.0687 6972 IpFilterDriver - ok
14:52:15.0698 6972 IpInIp - ok
14:52:15.0738 6972 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:52:15.0741 6972 IPMIDRV - ok
14:52:15.0769 6972 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:52:15.0772 6972 IPNAT - ok
14:52:15.0814 6972 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:52:15.0820 6972 iPod Service - ok
14:52:15.0853 6972 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:52:15.0854 6972 IRENUM - ok
14:52:15.0875 6972 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:52:15.0877 6972 isapnp - ok
14:52:15.0906 6972 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:52:15.0909 6972 iScsiPrt - ok
14:52:15.0932 6972 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:52:15.0934 6972 iteatapi - ok
14:52:15.0950 6972 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:52:15.0953 6972 iteraid - ok
14:52:16.0003 6972 [ CD9F4E53DA79ED4CD7562604FE9523A6 ] jswpsapi C:\Program Files\D-Link\DWA-552 revA\jswpsapi.exe
14:52:16.0028 6972 jswpsapi - ok
14:52:16.0062 6972 [ 55C9B4252B751226B838EED2BC50BB64 ] jswpslwf C:\Windows\system32\DRIVERS\jswpslwf.sys
14:52:16.0064 6972 jswpslwf - ok
14:52:16.0081 6972 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:52:16.0083 6972 kbdclass - ok
14:52:16.0123 6972 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:52:16.0125 6972 kbdhid - ok
14:52:16.0154 6972 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
14:52:16.0156 6972 KeyIso - ok
14:52:16.0179 6972 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:52:16.0188 6972 KSecDD - ok
14:52:16.0244 6972 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:52:16.0253 6972 KtmRm - ok
14:52:16.0288 6972 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
14:52:16.0293 6972 LanmanServer - ok
14:52:16.0327 6972 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:52:16.0333 6972 LanmanWorkstation - ok
14:52:16.0357 6972 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:52:16.0359 6972 lltdio - ok
14:52:16.0391 6972 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:52:16.0397 6972 lltdsvc - ok
14:52:16.0415 6972 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:52:16.0418 6972 lmhosts - ok
14:52:16.0445 6972 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:52:16.0448 6972 LSI_FC - ok
14:52:16.0488 6972 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:52:16.0491 6972 LSI_SAS - ok
14:52:16.0523 6972 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:52:16.0526 6972 LSI_SCSI - ok
14:52:16.0553 6972 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
14:52:16.0556 6972 luafv - ok
14:52:16.0606 6972 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:52:16.0609 6972 MBAMProtector - ok
14:52:16.0663 6972 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:52:16.0667 6972 MBAMScheduler - ok
14:52:16.0695 6972 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:52:16.0709 6972 MBAMService - ok
14:52:16.0756 6972 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
14:52:16.0757 6972 megasas - ok
14:52:16.0810 6972 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
14:52:16.0814 6972 MegaSR - ok
14:52:16.0836 6972 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
14:52:16.0839 6972 MMCSS - ok
14:52:16.0867 6972 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
14:52:16.0868 6972 Modem - ok
14:52:16.0893 6972 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:52:16.0902 6972 monitor - ok
14:52:16.0932 6972 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:52:16.0934 6972 mouclass - ok
14:52:16.0955 6972 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:52:16.0957 6972 mouhid - ok
14:52:16.0983 6972 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:52:16.0985 6972 MountMgr - ok
14:52:17.0010 6972 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
14:52:17.0013 6972 mpio - ok
14:52:17.0033 6972 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:52:17.0036 6972 mpsdrv - ok
14:52:17.0059 6972 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:52:17.0061 6972 Mraid35x - ok
14:52:17.0101 6972 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:52:17.0104 6972 MRxDAV - ok
14:52:17.0147 6972 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:52:17.0150 6972 mrxsmb - ok
14:52:17.0174 6972 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:52:17.0179 6972 mrxsmb10 - ok
14:52:17.0192 6972 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:52:17.0195 6972 mrxsmb20 - ok
14:52:17.0216 6972 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
14:52:17.0219 6972 msahci - ok
14:52:17.0239 6972 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:52:17.0248 6972 msdsm - ok
14:52:17.0280 6972 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
14:52:17.0285 6972 MSDTC - ok
14:52:17.0315 6972 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:52:17.0324 6972 Msfs - ok
14:52:17.0336 6972 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:52:17.0338 6972 msisadrv - ok
14:52:17.0371 6972 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:52:17.0375 6972 MSiSCSI - ok
14:52:17.0388 6972 msiserver - ok
14:52:17.0421 6972 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:52:17.0424 6972 MSKSSRV - ok
14:52:17.0457 6972 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:52:17.0460 6972 MSPCLOCK - ok
14:52:17.0479 6972 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:52:17.0481 6972 MSPQM - ok
14:52:17.0511 6972 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:52:17.0517 6972 MsRPC - ok
14:52:17.0564 6972 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:52:17.0566 6972 mssmbios - ok
14:52:17.0582 6972 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:52:17.0590 6972 MSTEE - ok
14:52:17.0620 6972 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
14:52:17.0622 6972 Mup - ok
14:52:17.0648 6972 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
14:52:17.0657 6972 napagent - ok
14:52:17.0679 6972 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:52:17.0683 6972 NativeWifiP - ok
14:52:17.0709 6972 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:52:17.0719 6972 NDIS - ok
14:52:17.0746 6972 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:52:17.0752 6972 NdisTapi - ok
14:52:17.0775 6972 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:52:17.0777 6972 Ndisuio - ok
14:52:17.0795 6972 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:52:17.0799 6972 NdisWan - ok
14:52:17.0824 6972 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:52:17.0827 6972 NDProxy - ok
14:52:17.0859 6972 [ 30EEB75EA6DD31CD813AE0500284455C ] NetBIOS
 
Continue...

C:\Windows\system32\DRIVERS\netbios.sys
14:52:17.0861 6972 NetBIOS - ok
14:52:17.0891 6972 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:52:17.0895 6972 netbt - ok
14:52:17.0912 6972 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
14:52:17.0914 6972 Netlogon - ok
14:52:17.0943 6972 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
14:52:17.0951 6972 Netman - ok
14:52:17.0980 6972 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
14:52:17.0988 6972 netprofm - ok
14:52:18.0009 6972 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:52:18.0012 6972 NetTcpPortSharing - ok
14:52:18.0034 6972 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:52:18.0036 6972 nfrd960 - ok
14:52:18.0063 6972 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:52:18.0069 6972 NlaSvc - ok
14:52:18.0085 6972 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:52:18.0087 6972 Npfs - ok
14:52:18.0104 6972 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
14:52:18.0107 6972 nsi - ok
14:52:18.0125 6972 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:52:18.0127 6972 nsiproxy - ok
14:52:18.0175 6972 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:52:18.0193 6972 Ntfs - ok
14:52:18.0217 6972 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
14:52:18.0225 6972 ntrigdigi - ok
14:52:18.0247 6972 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
14:52:18.0248 6972 Null - ok
14:52:18.0295 6972 [ 1EFEC38A852AB35883BFFF3427B92B3F ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:52:18.0301 6972 NVENETFD - ok
14:52:18.0527 6972 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:52:18.0732 6972 nvlddmkm - ok
14:52:18.0767 6972 [ 1EFEC38A852AB35883BFFF3427B92B3F ] NVNET C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:52:18.0770 6972 NVNET - ok
14:52:18.0797 6972 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:52:18.0800 6972 nvraid - ok
14:52:18.0826 6972 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:52:18.0828 6972 nvstor - ok
14:52:18.0855 6972 [ DC5F166422BEEBF195E3E4BB8AB4EE22 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
14:52:18.0858 6972 nvstor32 - ok
14:52:18.0891 6972 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:52:18.0904 6972 nvsvc - ok
14:52:18.0971 6972 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:52:18.0999 6972 nvUpdatusService - ok
14:52:19.0029 6972 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:52:19.0033 6972 nv_agp - ok
14:52:19.0045 6972 NwlnkFlt - ok
14:52:19.0057 6972 NwlnkFwd - ok
14:52:19.0097 6972 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:52:19.0099 6972 ohci1394 - ok
14:52:19.0145 6972 [ F2519D547A6AC2AFE0DF0DC826A085A7 ] P17 C:\Windows\system32\drivers\P17.sys
14:52:19.0175 6972 P17 - ok
14:52:19.0250 6972 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:52:19.0263 6972 p2pimsvc - ok
14:52:19.0292 6972 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
14:52:19.0299 6972 p2psvc - ok
14:52:19.0328 6972 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:52:19.0331 6972 Parport - ok
14:52:19.0361 6972 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:52:19.0363 6972 partmgr - ok
14:52:19.0385 6972 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
14:52:19.0386 6972 Parvdm - ok
14:52:19.0419 6972 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
14:52:19.0424 6972 PcaSvc - ok
14:52:19.0445 6972 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
14:52:19.0449 6972 pci - ok
14:52:19.0465 6972 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
14:52:19.0466 6972 pciide - ok
14:52:19.0504 6972 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:52:19.0520 6972 pcmcia - ok
14:52:19.0566 6972 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:52:19.0599 6972 PEAUTH - ok
14:52:19.0736 6972 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
14:52:19.0765 6972 pla - ok
14:52:19.0853 6972 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:52:19.0866 6972 PlugPlay - ok
14:52:19.0888 6972 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:52:19.0894 6972 PNRPAutoReg - ok
14:52:19.0915 6972 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:52:19.0921 6972 PNRPsvc - ok
14:52:20.0000 6972 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:52:20.0015 6972 PolicyAgent - ok
14:52:20.0048 6972 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:52:20.0050 6972 PptpMiniport - ok
14:52:20.0077 6972 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
14:52:20.0090 6972 Processor - ok
14:52:20.0121 6972 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
14:52:20.0126 6972 ProfSvc - ok
14:52:20.0146 6972 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:52:20.0147 6972 ProtectedStorage - ok
14:52:20.0183 6972 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:52:20.0184 6972 PSched - ok
14:52:20.0232 6972 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
14:52:20.0235 6972 PSI_SVC_2 - ok
14:52:20.0442 6972 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:52:20.0467 6972 ql2300 - ok
14:52:20.0492 6972 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:52:20.0495 6972 ql40xx - ok
14:52:20.0530 6972 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
14:52:20.0540 6972 QWAVE - ok
14:52:20.0566 6972 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:52:20.0568 6972 QWAVEdrv - ok
14:52:20.0584 6972 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:52:20.0586 6972 RasAcd - ok
14:52:20.0615 6972 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
14:52:20.0624 6972 RasAuto - ok
14:52:20.0648 6972 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:52:20.0651 6972 Rasl2tp - ok
14:52:20.0682 6972 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
14:52:20.0690 6972 RasMan - ok
14:52:20.0714 6972 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:52:20.0717 6972 RasPppoe - ok
14:52:20.0812 6972 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:52:20.0834 6972 RasSstp - ok
14:52:20.0859 6972 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:52:20.0864 6972 rdbss - ok
14:52:20.0880 6972 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:52:20.0881 6972 RDPCDD - ok
14:52:20.0943 6972 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:52:20.0949 6972 rdpdr - ok
14:52:20.0961 6972 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:52:20.0962 6972 RDPENCDD - ok
14:52:21.0011 6972 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:52:21.0016 6972 RDPWD - ok
14:52:21.0043 6972 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:52:21.0046 6972 RemoteAccess - ok
14:52:21.0088 6972 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:52:21.0098 6972 RemoteRegistry - ok
14:52:21.0121 6972 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
14:52:21.0123 6972 RpcLocator - ok
14:52:21.0155 6972 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
14:52:21.0162 6972 RpcSs - ok
14:52:21.0178 6972 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:52:21.0181 6972 rspndr - ok
14:52:21.0204 6972 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
14:52:21.0206 6972 SamSs - ok
14:52:21.0249 6972 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:52:21.0252 6972 sbp2port - ok
14:52:21.0284 6972 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:52:21.0288 6972 SCardSvr - ok
14:52:21.0323 6972 [ BC7C602A9202429D37CCD07E7EBB6404 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
14:52:21.0327 6972 SCDEmu - ok
14:52:21.0364 6972 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
14:52:21.0390 6972 Schedule - ok
14:52:21.0406 6972 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:52:21.0407 6972 SCPolicySvc - ok
14:52:21.0442 6972 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:52:21.0448 6972 SDRSVC - ok
14:52:21.0469 6972 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:52:21.0470 6972 secdrv - ok
14:52:21.0483 6972 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
14:52:21.0486 6972 seclogon - ok
14:52:21.0509 6972 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
14:52:21.0513 6972 SENS - ok
14:52:21.0538 6972 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:52:21.0540 6972 Serenum - ok
14:52:21.0568 6972 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:52:21.0569 6972 Serial - ok
14:52:21.0593 6972 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:52:21.0595 6972 sermouse - ok
14:52:21.0654 6972 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
14:52:21.0658 6972 SessionEnv - ok
14:52:21.0675 6972 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:52:21.0677 6972 sffdisk - ok
14:52:21.0694 6972 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:52:21.0695 6972 sffp_mmc - ok
14:52:21.0716 6972 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:52:21.0717 6972 sffp_sd - ok
14:52:21.0741 6972 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:52:21.0743 6972 sfloppy - ok
14:52:21.0786 6972 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:52:21.0793 6972 ShellHWDetection - ok
14:52:21.0812 6972 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:52:21.0813 6972 sisagp - ok
14:52:21.0834 6972 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:52:21.0836 6972 SiSRaid2 - ok
14:52:21.0859 6972 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:52:21.0863 6972 SiSRaid4 - ok
14:52:21.0962 6972 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
14:52:22.0040 6972 slsvc - ok
14:52:22.0074 6972 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:52:22.0079 6972 SLUINotify - ok
14:52:22.0111 6972 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:52:22.0115 6972 SNMPTRAP - ok
14:52:22.0138 6972 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
14:52:22.0140 6972 spldr - ok
14:52:22.0177 6972 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
14:52:22.0182 6972 Spooler - ok
14:52:22.0203 6972 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:52:22.0218 6972 srv - ok
14:52:22.0237 6972 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:52:22.0239 6972 srv2 - ok
14:52:22.0254 6972 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:52:22.0255 6972 srvnet - ok
14:52:22.0270 6972 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:52:22.0275 6972 SSDPSRV - ok
14:52:22.0307 6972 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:52:22.0312 6972 SstpSvc - ok
14:52:22.0357 6972 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
14:52:22.0368 6972 stisvc - ok
14:52:22.0383 6972 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:52:22.0385 6972 swenum - ok
14:52:22.0459 6972 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:52:22.0469 6972 SwitchBoard - ok
14:52:22.0500 6972 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
14:52:22.0518 6972 swprv - ok
14:52:22.0540 6972 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:52:22.0541 6972 Symc8xx - ok
14:52:22.0564 6972 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:52:22.0566 6972 Sym_hi - ok
14:52:22.0590 6972 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:52:22.0591 6972 Sym_u3 - ok
14:52:22.0623 6972 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
14:52:22.0648 6972 SysMain - ok
14:52:22.0679 6972 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:52:22.0683 6972 TabletInputService - ok
14:52:22.0709 6972 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:52:22.0717 6972 TapiSrv - ok
14:52:22.0736 6972 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
14:52:22.0740 6972 TBS - ok
14:52:22.0780 6972 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:52:22.0788 6972 Tcpip - ok
14:52:22.0928 6972 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:52:22.0937 6972 Tcpip6 - ok
14:52:22.0965 6972 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:52:22.0967 6972 tcpipreg - ok
14:52:22.0995 6972 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:52:22.0998 6972 TDPIPE - ok
14:52:23.0019 6972 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:52:23.0020 6972 TDTCP - ok
14:52:23.0051 6972 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:52:23.0053 6972 tdx - ok
14:52:23.0089 6972 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:52:23.0092 6972 TermDD - ok
14:52:23.0114 6972 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
14:52:23.0124 6972 TermService - ok
14:52:23.0163 6972 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
14:52:23.0167 6972 Themes - ok
14:52:23.0186 6972 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
14:52:23.0189 6972 THREADORDER - ok
14:52:23.0218 6972 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
14:52:23.0222 6972 TrkWks - ok
14:52:23.0267 6972 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:52:23.0269 6972 TrustedInstaller - ok
14:52:23.0310 6972 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:52:23.0312 6972 tssecsrv - ok
14:52:23.0405 6972 [ 9DF6AD6FC51A802808621CBFB2A88453 ] TuneUp.UtilitiesSvc C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
14:52:23.0435 6972 TuneUp.UtilitiesSvc - ok
14:52:23.0478 6972 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys
14:52:23.0480 6972 TuneUpUtilitiesDrv - ok
14:52:23.0501 6972 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:52:23.0503 6972 tunmp - ok
14:52:23.0523 6972 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:52:23.0525 6972 tunnel - ok
14:52:23.0555 6972 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:52:23.0557 6972 uagp35 - ok
14:52:23.0580 6972 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:52:23.0585 6972 udfs - ok
14:52:23.0638 6972 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:52:23.0642 6972 UI0Detect - ok
14:52:23.0668 6972 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:52:23.0671 6972 uliagpkx - ok
14:52:23.0697 6972 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:52:23.0703 6972 uliahci - ok
14:52:23.0731 6972 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:52:23.0732 6972 UlSata - ok
14:52:23.0759 6972 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:52:23.0763 6972 ulsata2 - ok
14:52:23.0788 6972 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:52:23.0790 6972 umbus - ok
14:52:23.0816 6972 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
14:52:23.0826 6972 upnphost - ok
14:52:23.0991 6972 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:52:23.0994 6972 usbaudio - ok
14:52:24.0048 6972 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:52:24.0051 6972 usbccgp - ok
14:52:24.0078 6972 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:52:24.0080 6972 usbcir - ok
14:52:24.0129 6972 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:52:24.0131 6972 usbehci - ok
14:52:24.0162 6972 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:52:24.0167 6972 usbhub - ok
14:52:24.0189 6972 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:52:24.0190 6972 usbohci - ok
14:52:24.0218 6972 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
14:52:24.0220 6972 usbprint - ok
14:52:24.0232 6972 USBSTOR - ok
14:52:24.0257 6972 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:52:24.0259 6972 usbuhci - ok
14:52:24.0296 6972 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
14:52:24.0300 6972 UxSms - ok
14:52:24.0329 6972 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
14:52:24.0340 6972 vds - ok
14:52:24.0365 6972 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:52:24.0367 6972 vga - ok
14:52:24.0392 6972 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
14:52:24.0394 6972 VgaSave - ok
14:52:24.0419 6972 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:52:24.0421 6972 viaagp - ok
14:52:24.0435 6972 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:52:24.0437 6972 ViaC7 - ok
14:52:24.0484 6972 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
14:52:24.0486 6972 viaide - ok
14:52:24.0517 6972 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:52:24.0521 6972 volmgr - ok
14:52:24.0544 6972 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:52:24.0550 6972 volmgrx - ok
14:52:24.0571 6972 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:52:24.0574 6972 volsnap - ok
14:52:24.0604 6972 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:52:24.0608 6972 vsmraid - ok

14:52:24.0645 6972 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
14:52:24.0662 6972 VSS - ok
14:52:24.0694 6972 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
14:52:24.0702 6972 W32Time - ok
14:52:24.0735 6972 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:52:24.0737 6972 WacomPen - ok
14:52:24.0761 6972 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:52:24.0763 6972 Wanarp - ok
14:52:24.0774 6972 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:52:24.0776 6972 Wanarpv6 - ok
14:52:24.0806 6972 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:52:24.0816 6972 wcncsvc - ok
14:52:24.0844 6972 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:52:24.0847 6972 WcsPlugInService - ok
14:52:24.0888 6972 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
14:52:24.0890 6972 Wd - ok
14:52:24.0921 6972 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:52:24.0931 6972 Wdf01000 - ok
14:52:24.0977 6972 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:52:24.0982 6972 WdiServiceHost - ok
14:52:24.0993 6972 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:52:24.0996 6972 WdiSystemHost - ok
14:52:25.0024 6972 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
14:52:25.0030 6972 WebClient - ok
14:52:25.0066 6972 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:52:25.0071 6972 Wecsvc - ok
14:52:25.0093 6972 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:52:25.0109 6972 wercplsupport - ok
14:52:25.0140 6972 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
14:52:25.0146 6972 WerSvc - ok
14:52:25.0165 6972 WinHttpAutoProxySvc - ok
14:52:25.0208 6972 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:52:25.0212 6972 Winmgmt - ok
14:52:25.0261 6972 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
14:52:25.0298 6972 WinRM - ok
14:52:25.0352 6972 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:52:25.0365 6972 Wlansvc - ok
14:52:25.0399 6972 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:52:25.0401 6972 WmiAcpi - ok
14:52:25.0447 6972 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:52:25.0449 6972 wmiApSrv - ok
14:52:25.0511 6972 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:52:25.0538 6972 WMPNetworkSvc - ok
14:52:25.0593 6972 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:52:25.0599 6972 WPCSvc - ok
14:52:25.0636 6972 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:52:25.0640 6972 WPDBusEnum - ok
14:52:25.0709 6972 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:52:25.0724 6972 WPFFontCache_v0400 - ok
14:52:25.0777 6972 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:52:25.0779 6972 ws2ifsl - ok
14:52:25.0807 6972 [ 85ECE26F326C2D07BA77A60343468272 ] WsAudioDevice_383 C:\Windows\system32\drivers\WsAudioDevice_383.sys
14:52:25.0808 6972 WsAudioDevice_383 - ok
14:52:25.0827 6972 WSearch - ok
14:52:25.0937 6972 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:52:25.0973 6972 wuauserv - ok
14:52:26.0011 6972 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:52:26.0015 6972 wudfsvc - ok
14:52:26.0045 6972 ================ Scan global ===============================
14:52:26.0081 6972 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:52:26.0103 6972 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:52:26.0145 6972 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:52:26.0179 6972 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:52:26.0187 6972 [Global] - ok
14:52:26.0191 6972 ================ Scan MBR ==================================
14:52:26.0206 6972 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:52:26.0494 6972 \Device\Harddisk0\DR0 - ok
14:52:26.0498 6972 ================ Scan VBR ==================================
14:52:26.0503 6972 [ C016A6110B272F528262C3F0D4BDAF7B ] \Device\Harddisk0\DR0\Partition1
14:52:26.0504 6972 \Device\Harddisk0\DR0\Partition1 - ok
14:52:26.0509 6972 Scan finished
14:52:26.0532 6504 Detected object count: 0
14:52:26.0532 6504 Actual detected object count: 0
 
RogueKiller Report [2]

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Romeo Jr Chacon [Admin rights]
Mode : Remove -- Date : 10/21/2012 14:59:44

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][BLPATH] HKUS\S-1-5-21-2321283058-4084574830-2792957718-1001[...]\RunOnce : InetReg ("C:\Program Files\Creative\Product Registration\English\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6) -> DELETED
[TASK][SUSP PATH] D-Link DWA-552 Registration (Romeo Jr Chacon) : C:\Users\Romeo Jr Chacon\AppData\Roaming\Leadertech\PowerRegister\D-Link DWA-552 Registration.exe /remind /language=EN /MODL="DWA-552" /PRNM="D-Link" -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> NOT REMOVED, USE PROXYFIX
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD75 00AALX-009BA SCSI Disk Device +++++
--- User ---
[MBR] 16fb39c88763325f8d88b8bb8f9eeeb5
[BSP] 9485f3f0722d824e3c70893d78e100f8 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 715402 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
 
RogueKiller Report [1]

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Romeo Jr Chacon [Admin rights]
Mode : Scan -- Date : 10/21/2012 14:58:40
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][BLPATH] HKUS\S-1-5-21-2321283058-4084574830-2792957718-1001[...]\RunOnce : InetReg ("C:\Program Files\Creative\Product Registration\English\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6) -> FOUND
[TASK][SUSP PATH] D-Link DWA-552 Registration (Romeo Jr Chacon) : C:\Users\Romeo Jr Chacon\AppData\Roaming\Leadertech\PowerRegister\D-Link DWA-552 Registration.exe /remind /language=EN /MODL="DWA-552" /PRNM="D-Link" -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD75 00AALX-009BA SCSI Disk Device +++++
--- User ---
[MBR] 16fb39c88763325f8d88b8bb8f9eeeb5
[BSP] 9485f3f0722d824e3c70893d78e100f8 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 715402 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
 
aswMBR log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-21 15:06:43
-----------------------------
15:06:43.944 OS Version: Windows 6.0.6002 Service Pack 2
15:06:43.945 Number of processors: 1 586 0x7F02
15:06:43.946 ComputerName: STUDIO UserName:
15:06:45.716 Initialize success
15:10:57.293 AVAST engine defs: 12102101
15:11:03.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
15:11:03.942 Disk 0 Vendor: WDC_WD75 15.0 Size: 715404MB BusType: 6
15:11:03.951 Disk 0 MBR read successfully
15:11:03.956 Disk 0 MBR scan
15:11:03.962 Disk 0 Windows VISTA default MBR code
15:11:03.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715402 MB offset 2048
15:11:04.015 Disk 0 scanning sectors +1465145344
15:11:04.122 Disk 0 scanning C:\Windows\system32\drivers
15:11:12.955 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Sirefef-AMS [Rtk]
15:11:16.518 Disk 0 trace - called modules:
15:11:16.534 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
15:11:16.539 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a37a28]
15:11:16.546 3 CLASSPNP.SYS[875a38b3] -> nt!IofCallDriver -> [0x83b90aa0]
15:11:16.562 5 acpi.sys[8060f6bc] -> nt!IofCallDriver -> \Device\00000058[0x83b8aa88]
15:11:18.112 AVAST engine scan C:\Windows
15:11:21.294 AVAST engine scan C:\Windows\system32
15:14:57.262 AVAST engine scan C:\Windows\system32\drivers
15:15:06.426 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Sirefef-AMS [Rtk]
15:15:10.430 AVAST engine scan C:\Users\Romeo Jr Chacon
15:28:38.631 Disk 0 MBR has been saved successfully to "C:\Users\Romeo Jr Chacon\Desktop\MBR.dat"
15:28:38.633 The log file has been saved successfully to "C:\Users\Romeo Jr Chacon\Desktop\aswMBR.txt"
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Not sure If this is the right log

ComboFix 12-10-21.02 - Romeo Jr Chacon 10/21/2012 20:21:31.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1919.1148 [GMT -7:00]
Running from: C:\Users\Romeo Jr Chacon\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
It's incomplete.
Did you uninstall AVG as my instructions say?
If so, re-run Combofix.

If you receive similar short log.

NOTE.
If, for some reason, Combofix refuses to run, try the following...
Click to expand...
 
Sorry, I didn't uninstall AVG. I read "temporarily disable it" but I will uninstall it right now.
Combofix ran smoothly. Ones I uninstall AVG do I run Combofix again?

It did detect the Rootkit..
 
You have to read my instructions more carefully:
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
Click to expand...

Ones I uninstall AVG do I run Combofix again?
Click to expand...
Yes.
 
I tried uninstalling AVG using both the Appremover and the basic "remove programs"
now I'm getting an error when trying to uninstall it. here is one out of a few other logs

=== Verbose logging started: 10/21/2012 21:21:05 Build type: SHIP UNICODE 4.05.6002.00 Calling process: C:\Users\ROMEOJ~1\AppData\Local\Temp\7zS52D0.tmp\avgmfapx.exe ===
MSI (c) (38:48) [21:21:05:816]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\ProgramData\MFAData\pack\AVGx86.msi' against software restriction policy
MSI (c) (38:48) [21:21:05:816]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\MFAData\pack\AVGx86.msi has a digital signature
MSI (c) (38:48) [21:21:06:003]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\MFAData\pack\AVGx86.msi is permitted to run at the 'unrestricted' authorization level.
MSI (c) (38:48) [21:21:06:003]: Failed to connect to server. Error: 0x800401F0

MSI (c) (38:48) [21:21:06:019]: End dialog not enabled
MSI (c) (38:48) [21:21:06:019]: Original package ==> C:\ProgramData\MFAData\pack\AVGx86.msi
MSI (c) (38:48) [21:21:06:019]: Package we're running from ==> C:\ProgramData\MFAData\pack\AVGx86.msi
MSI (c) (38:48) [21:21:06:019]: APPCOMPAT: looking for appcompat database entry with ProductCode '{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}'.
MSI (c) (38:48) [21:21:06:019]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (38:48) [21:21:06:034]: MSCOREE not loaded loading copy from system32
MSI (c) (38:48) [21:21:06:034]: Machine policy value 'DisablePatch' is 0
MSI (c) (38:48) [21:21:06:034]: Machine policy value 'AllowLockdownPatch' is 0
MSI (c) (38:48) [21:21:06:034]: Machine policy value 'DisableLUAPatching' is 0
MSI (c) (38:48) [21:21:06:034]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (c) (38:48) [21:21:06:034]: APPCOMPAT: looking for appcompat database entry with ProductCode '{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}'.
MSI (c) (38:48) [21:21:06:034]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (38:48) [21:21:06:034]: Transforms are not secure.
MSI (c) (38:48) [21:21:06:034]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\Romeo Jr Chacon\AppData\Local\MFAData\logs\msi-20121022-042057.log'.
MSI (c) (38:48) [21:21:06:034]: No Command Line.
MSI (c) (38:48) [21:21:06:034]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{038CDECC-53CA-49AA-B8EF-DF555DDF9B72}'.
MSI (c) (38:48) [21:21:06:034]: Product Code passed to Engine.Initialize: '(none)'
MSI (c) (38:48) [21:21:06:034]: Product Code from property table before transforms: '{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}'
MSI (c) (38:48) [21:21:06:034]: Product Code from property table after transforms: '{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}'
MSI (c) (38:48) [21:21:06:034]: Product registered: entering maintenance mode
MSI (c) (38:48) [21:21:06:034]: PROPERTY CHANGE: Adding ProductState property. Its value is '5'.
MSI (c) (38:48) [21:21:06:034]: PROPERTY CHANGE: Adding ProductToBeRegistered property. Its value is '1'.
MSI (c) (38:48) [21:21:06:034]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (c) (38:48) [21:21:06:034]: Specifed source is not already in a list.
MSI (c) (38:48) [21:21:06:034]: User policy value 'SearchOrder' is 'nmu'
MSI (c) (38:48) [21:21:06:034]: Machine policy value 'DisableBrowse' is 0
MSI (c) (38:48) [21:21:06:034]: Machine policy value 'AllowLockdownBrowse' is 0
MSI (c) (38:48) [21:21:06:034]: Adding new sources is allowed.
MSI (c) (38:48) [21:21:06:034]: Package name retrieved from configuration data: 'Avgx86.msi'
MSI (c) (38:48) [21:21:06:034]: Determined that existing product (either this product or the product being upgraded with a patch) is installed per-machine.
MSI (c) (38:48) [21:21:06:034]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (c) (38:48) [21:21:06:034]: Machine policy value 'DisableMsi' is 0
MSI (c) (38:48) [21:21:06:034]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (c) (38:48) [21:21:06:034]: User policy value 'AlwaysInstallElevated' is 0
MSI (c) (38:48) [21:21:06:034]: Product {013C4AC1-64FB-46EA-9320-D34CEB65BDBC} is admin assigned: LocalSystem owns the publish key.
MSI (c) (38:48) [21:21:06:034]: Product {013C4AC1-64FB-46EA-9320-D34CEB65BDBC} is managed.
MSI (c) (38:48) [21:21:06:034]: Running product '{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}' with elevated privileges: Product is assigned.
MSI (c) (38:48) [21:21:06:034]: TRANSFORMS property is now:
MSI (c) (38:48) [21:21:06:034]: PROPERTY CHANGE: Adding PRODUCTLANGUAGE property. Its value is '1033'.
MSI (c) (38:48) [21:21:06:034]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '300'.
MSI (c) (38:48) [21:21:06:034]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming
MSI (c) (38:48) [21:21:06:034]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\Favorites
MSI (c) (38:48) [21:21:06:034]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI (c) (38:48) [21:21:06:034]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\Documents
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\Recent
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\SendTo
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\Templates
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Local
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\Pictures
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\AppData\Roaming\Microsoft\Windows\Start Menu
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Users\Romeo Jr Chacon\Desktop
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI (c) (38:48) [21:21:06:050]: SHELL32::SHGetFolderPath returned: C:\Windows\Fonts
MSI (c) (38:48) [21:21:06:050]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (c) (38:48) [21:21:06:050]: MSI_LUA: Setting AdminUser property to 1 because this is the client or the user has already permitted elevation
MSI (c) (38:48) [21:21:06:050]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.
MSI (c) (38:48) [21:21:06:050]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.
MSI (c) (38:48) [21:21:06:050]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (c) (38:48) [21:21:06:050]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (c) (38:48) [21:21:06:050]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Romeo Jr Chacon'.
MSI (c) (38:48) [21:21:06:050]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (c) (38:48) [21:21:06:050]: PROPERTY CHANGE: Adding Installed property. Its value is '00:00:00'.
MSI (c) (38:48) [21:21:06:050]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\ProgramData\MFAData\pack\AVGx86.msi'.
MSI (c) (38:48) [21:21:06:050]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\ProgramData\MFAData\pack\AVGx86.msi'.
MSI (c) (38:48) [21:21:06:050]: Machine policy value 'MsiDisableEmbeddedUI' is 0
MSI (c) (38:48) [21:21:06:050]: EEUI - Disabling MsiEmbeddedUI due to existing external or embedded UI
MSI (c) (38:48) [21:21:06:050]: EEUI - Disabling MsiEmbeddedUI in quiet mode
=== Logging started: 10/21/2012 21:21:06 ===
MSI (c) (38:48) [21:21:06:065]: Note: 1: 2205 2: 3: PatchPackage
MSI (c) (38:48) [21:21:06:065]: Machine policy value 'DisableRollback' is 0
MSI (c) (38:48) [21:21:06:065]: User policy value 'DisableRollback' is 0
MSI (c) (38:48) [21:21:06:065]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
MSI (c) (38:48) [21:21:06:065]: MsiOpenPackageEx is returning 0
MSI (c) (38:48) [21:21:06:065]: MsiOpenPackage is returning 0
MSI (c) (38:48) [21:21:06:065]: PROPERTY CHANGE: Modifying UIBYMFA property. Its current value is '0'. Its new value: '1'.
MSI (c) (38:48) [21:21:06:065]: PROPERTY CHANGE: Modifying PRODTYPE property. Its current value is 'AVG'. Its new value: 'IS'.
MSI (c) (38:48) [21:21:06:065]: Doing action: FatalError
Action 21:21:06: FatalError.
Action start 21:21:06: FatalError.
Action ended 21:21:06: FatalError. Return value 0.
MSI (c) (38:48) [21:21:06:065]: Doing action: UserExit
Action 21:21:06: UserExit.
Action start 21:21:06: UserExit.
Action ended 21:21:06: UserExit. Return value 0.
MSI (c) (38:48) [21:21:06:065]: Doing action: ExitDialog
Action 21:21:06: ExitDialog.
Action start 21:21:06: ExitDialog.
Action ended 21:21:06: ExitDialog. Return value 0.
MSI (c) (38:48) [21:21:06:081]: Doing action: CA_PublishMsiPhase1
Action 21:21:06: CA_PublishMsiPhase1.
Action start 21:21:06: CA_PublishMsiPhase1.
MSI (c) (38:88) [21:21:06:143]: Invoking remote custom action. DLL: C:\Users\ROMEOJ~1\AppData\Local\Temp\MSI7A5D.tmp, Entrypoint: CA_PublishMsiPhase1
MSI (c) (38:84) [21:21:06:159]: Failed to connect to server. Error: 0x80070424

Action ended 21:21:06: CA_PublishMsiPhase1. Return value 1.
MSI (c) (38:48) [21:21:06:159]: Doing action: LaunchConditions
Action 21:21:06: LaunchConditions. Evaluating launch conditions
Action start 21:21:06: LaunchConditions.
MSI (c) (38:48) [21:21:06:159]: Note: 1: 2205 2: 3: LaunchCondition
MSI (c) (38:48) [21:21:06:159]: Note: 1: 2228 2: 3: LaunchCondition 4: SELECT `Condition`, `Description` FROM `LaunchCondition`
Action ended 21:21:06: LaunchConditions. Return value 0.
MSI (c) (38:48) [21:21:06:159]: Doing action: PrepareDlg
Action 21:21:06: PrepareDlg.
Action start 21:21:06: PrepareDlg.
Action ended 21:21:06: PrepareDlg. Return value 0.
MSI (c) (38:48) [21:21:06:159]: Doing action: SetReinstallMode_Inst
Action 21:21:06: SetReinstallMode_Inst.
Action start 21:21:06: SetReinstallMode_Inst.
MSI (c) (38:48) [21:21:06:159]: PROPERTY CHANGE: Adding REINSTALLMODE property. Its value is 'ocmus'.
Action ended 21:21:06: SetReinstallMode_Inst. Return value 1.
MSI (c) (38:48) [21:21:06:159]: Doing action: FindRelatedProducts
Action 21:21:06: FindRelatedProducts. Searching for related applications
Action start 21:21:06: FindRelatedProducts.
MSI (c) (38:48) [21:21:06:175]: Skipping FindRelatedProducts action: not run in maintenance mode
Action ended 21:21:06: FindRelatedProducts. Return value 0.
MSI (c) (38:48) [21:21:06:175]: Doing action: CA_InitInstallation
Action 21:21:06: CA_InitInstallation.
Action start 21:21:06: CA_InitInstallation.
MSI (c) (38:A4) [21:21:06:237]: Invoking remote custom action. DLL: C:\Users\ROMEOJ~1\AppData\Local\Temp\MSI7ABB.tmp, Entrypoint: CA_InitInstallation
MSI (c) (38:84) [21:21:06:237]: Failed to connect to server. Error: 0x80070424

MSI (c) (38:48) [21:21:06:237]: Note: 1: 1719
Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
MSI (c) (38:48) [21:21:06:237]: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
 
Never mind, I got it to work by removing AVG using the AVGRemover from their site.
Okay, I got the right log now. Here is the log:

ComboFix 12-10-21.02 - Romeo Jr Chacon 10/21/2012 21:38:11.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1919.1150 [GMT -7:00]
Running from: c:\users\Romeo Jr Chacon\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\logboot_22.10.2012.tureg.log
.
---- Previous Run -------
.
C:\data
c:\data\Lp_setup.exe
c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\~DFK37c542.tmp
c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\bass.dll
c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Romeo Jr Chacon\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\$NtUninstallKB20050$
c:\windows\$NtUninstallKB20050$\1830475237
c:\windows\$NtUninstallKB20050$\853113995\Desktop.ini
c:\windows\system32\tmpDFD0.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-22 to 2012-10-22 )))))))))))))))))))))))))))))))
.
.
2012-10-22 04:47 . 2012-10-22 04:47--------d-----w-c:\users\Default\AppData\Local\temp
2012-10-21 07:20 . 2012-08-23 18:3132120----a-w-c:\windows\system32\TURegOpt.exe
2012-10-21 07:20 . 2012-08-23 18:3121880----a-w-c:\windows\system32\authuitu.dll
2012-10-16 19:46 . 2012-10-22 00:43--------d-----w-c:\windows\system32\catroot2
2012-10-13 15:55 . 2012-10-13 15:55--------d-----w-c:\users\Default\AppData\Roaming\TuneUp Software
2012-10-12 04:13 . 2012-10-12 06:3373656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-12 04:13 . 2012-10-12 06:33696760----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-10-12 03:27 . 2012-10-12 03:27--------d-----w-c:\programdata\Norton
2012-10-11 03:36 . 2012-10-02 19:292557288----a-w-c:\windows\system32\nvsvcr.dll
2012-10-11 03:32 . 2012-10-02 22:206127464----a-w-c:\windows\system32\nvopencl.dll
2012-10-11 03:32 . 2012-10-02 22:202574696----a-w-c:\windows\system32\nvcuvid.dll
2012-10-11 03:32 . 2012-10-02 22:2019906920----a-w-c:\windows\system32\nvoglv32.dll
2012-10-11 03:32 . 2012-10-02 22:2010837352----a-w-c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 03:32 . 2012-10-02 22:201867112----a-w-c:\windows\system32\nvcuvenc.dll
2012-10-11 03:32 . 2012-10-02 22:207697768----a-w-c:\windows\system32\nvcuda.dll
2012-10-11 03:32 . 2012-10-02 22:2017559912----a-w-c:\windows\system32\nvcompiler.dll
2012-10-10 17:48 . 2012-09-13 13:282048----a-w-c:\windows\system32\tzres.dll
2012-10-10 17:48 . 2012-06-02 00:02985088----a-w-c:\windows\system32\crypt32.dll
2012-10-10 17:48 . 2012-06-02 00:0298304----a-w-c:\windows\system32\cryptnet.dll
2012-10-10 17:48 . 2012-06-02 00:02133120----a-w-c:\windows\system32\cryptsvc.dll
2012-10-10 17:48 . 2012-08-24 15:53172544----a-w-c:\windows\system32\wintrust.dll
2012-10-10 17:48 . 2012-08-29 11:273602816----a-w-c:\windows\system32\ntkrnlpa.exe
2012-10-10 17:48 . 2012-08-29 11:273550080----a-w-c:\windows\system32\ntoskrnl.exe
2012-10-09 19:49 . 2012-10-09 19:49--------d-----w-c:\programdata\stw-audio
2012-10-07 23:56 . 2012-10-07 23:56--------d-----w-c:\programdata\Leawo
2012-10-07 23:56 . 2011-03-02 10:43175616----a-w-c:\windows\system32\unrar.dll
2012-10-05 03:07 . 2012-10-05 03:07--------d-----w-c:\program files\Novation
2012-10-03 22:21 . 2012-10-05 02:58--------d-----w-c:\program files\Rob Papen
2012-10-01 22:28 . 2012-10-01 22:28159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-01 22:28 . 2012-10-01 22:28159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-01 22:28 . 2012-10-01 22:28159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-01 22:28 . 2012-10-01 22:28159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-01 22:28 . 2012-10-01 22:28159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-01 22:28 . 2012-10-01 22:28159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-01 22:28 . 2012-10-01 22:28159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-10-01 22:28 . 2012-10-01 22:28--------d-----w-c:\program files\QuickTime
2012-10-01 22:26 . 2012-10-01 22:26--------d-----w-c:\program files\NewBlue
2012-10-01 22:12 . 2011-02-26 23:17506824----a-w-c:\windows\system32\prodad-codec.dll
2012-10-01 22:11 . 2012-10-01 22:16--------d-----w-c:\programdata\proDAD
2012-10-01 22:11 . 2012-10-01 22:12--------d-----w-c:\program files\proDAD
2012-10-01 22:11 . 2003-07-09 16:4345056----a-w-c:\windows\system32\BFXSrcFilter.ax
2012-10-01 22:11 . 2003-07-01 22:4969632----a-w-c:\windows\system32\MtxPreview.dll
2012-10-01 22:11 . 2003-07-01 22:4949152----a-w-c:\windows\system32\MtxParhBFXPreview.dll
2012-10-01 22:11 . 2003-06-26 16:04237568----a-r-c:\windows\system32\qtmlClient.dll
2012-10-01 22:11 . 2003-01-20 15:0849152----a-w-c:\windows\system32\CvoAPI.dll
2012-10-01 22:11 . 2012-10-01 22:11--------d-----w-c:\program files\Boris FX, Inc
2012-10-01 22:06 . 2012-10-01 22:29--------d-----w-c:\programdata\eSellerate
2012-10-01 22:05 . 2012-10-01 22:06--------d-----w-c:\program files\SmartSound Software
2012-10-01 22:05 . 2012-10-01 22:06--------d-----w-c:\programdata\SmartSound Software Inc
2012-10-01 22:04 . 2012-10-01 22:04--------d-----w-c:\programdata\InterVideo
2012-10-01 22:01 . 2012-10-01 22:01--------d-----w-c:\program files\Windows Media Components
2012-10-01 02:43 . 2012-10-01 02:45--------d-----w-c:\program files\CCleaner
2012-09-30 04:47 . 2012-09-30 04:47--------d-----w-c:\program files\Common Files\Wondershare
2012-09-30 04:46 . 2011-11-17 23:0816640----a-w-c:\windows\system32\drivers\WsAudioDevice_383.sys
2012-09-30 04:46 . 2012-09-30 04:46--------d-----w-c:\program files\Wondershare
2012-09-30 03:52 . 2012-09-30 03:52--------d-----w-c:\program files\Common Files\xing shared
2012-09-30 03:52 . 2012-09-30 03:52--------d-----w-c:\program files\Real
2012-09-28 22:07 . 2005-05-26 22:342297552----a-w-c:\windows\system32\d3dx9_26.dll
2012-09-28 22:04 . 2012-10-12 18:40--------d--h--w-c:\windows\msdownld.tmp
2012-09-28 22:04 . 2012-10-14 02:48--------d-----w-C:\Games
2012-09-28 21:38 . 2012-09-28 21:38--------d-----w-c:\program files\LUXONIX
2012-09-28 21:38 . 2005-03-24 15:26491520----a-w-c:\windows\system32\msvcr80.dll
2012-09-28 21:37 . 2012-09-28 21:372249----a-w-C:\FLVDirect.exe
2012-09-28 20:55 . 2012-09-28 20:55--------d-----w-c:\program files\IK Multimedia
2012-09-28 17:38 . 2012-09-28 17:40--------d-----w-c:\programdata\Protexis
2012-09-28 17:36 . 2012-10-01 22:03--------d-----w-c:\programdata\Corel
2012-09-28 17:36 . 2012-09-28 17:36--------d-----w-c:\program files\Common Files\Protexis
2012-09-28 17:35 . 2012-10-01 22:01--------d-----w-c:\program files\Corel
2012-09-28 16:42 . 2012-09-28 16:44--------d-----w-c:\programdata\regid.1986-12.com.adobe
2012-09-28 16:37 . 2012-09-28 16:37--------d-----w-c:\program files\Common Files\Adobe AIR
2012-09-28 14:48 . 2012-09-28 14:48--------d-----w-c:\program files\Edirol
2012-09-28 14:11 . 2012-09-28 14:11--------d-----w-c:\programdata\4Front
2012-09-28 14:10 . 2012-09-28 14:11--------d-----w-c:\program files\TruePianos
2012-09-28 02:42 . 2012-09-28 02:421060864----a-w-c:\windows\system32\mfc71.dll
2012-09-28 02:42 . 2003-06-20 19:281777664----a-w-c:\windows\system32\gdiplus.dll
2012-09-27 18:12 . 2012-09-30 03:52499712----a-w-c:\windows\system32\msvcp71.dll
2012-09-27 18:12 . 2012-09-30 03:52348160----a-w-c:\windows\system32\msvcr71.dll
2012-09-27 17:38 . 2011-05-23 09:52153088----a-w-c:\windows\system32\xvid.ax
2012-09-27 17:38 . 2011-05-23 07:46645632----a-w-c:\windows\system32\xvidcore.dll
2012-09-27 17:38 . 2011-05-30 13:42240640----a-w-c:\windows\system32\xvidvfw.dll
2012-09-27 17:38 . 2012-09-27 17:38--------d-----w-c:\program files\Xvid
2012-09-27 17:31 . 2012-09-27 17:31--------dc----w-c:\windows\system32\DRVSTORE
2012-09-27 17:31 . 2012-08-21 20:0126840----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-27 17:31 . 2012-09-27 17:31--------d-----w-c:\program files\iPod
2012-09-27 17:31 . 2012-09-27 17:31--------d-----w-c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-27 17:31 . 2012-09-27 17:31--------d-----w-c:\programdata\Apple Computer
2012-09-27 17:31 . 2012-09-27 17:31--------d-----w-c:\program files\iTunes
2012-09-27 17:22 . 2012-09-27 17:22--------d-----w-c:\program files\Apple Software Update
2012-09-27 17:20 . 2012-09-27 17:20--------d-----w-c:\program files\Bonjour
2012-09-27 17:20 . 2012-09-27 21:57--------d-----w-c:\program files\Common Files\Apple
2012-09-27 17:20 . 2012-09-27 17:22--------d-----w-c:\programdata\Apple
2012-09-27 13:21 . 2012-09-27 13:21--------d-----w-c:\program files\PlatinumHideIP
2012-09-27 12:57 . 2012-09-27 12:57--------d-----w-c:\programdata\PlatinumHideIP
2012-09-27 12:06 . 2012-09-27 12:06--------d-----w-c:\program files\PowerISO
2012-09-27 03:59 . 2012-09-27 03:59--------dc-h--w-c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-09-27 03:59 . 2012-09-27 03:59--------d-----w-c:\program files\Common Files\Native Instruments
2012-09-27 03:59 . 2012-09-27 03:59--------dc-h--w-c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2012-09-27 03:59 . 2012-09-29 15:44--------d-----w-c:\program files\Native Instruments
2012-09-27 03:59 . 2012-09-27 03:59--------d-----w-c:\programdata\Native Instruments
2012-09-26 20:00 . 2012-09-26 20:00413696----a-w-c:\windows\system32\wrap_oal.dll
2012-09-26 20:00 . 2012-09-26 20:00110592----a-w-c:\windows\system32\OpenAL32.dll
2012-09-26 11:26 . 2012-10-01 22:04--------d-----w-c:\program files\Common Files\InstallShield
2012-09-26 11:15 . 2012-09-26 11:15--------d-----w-c:\program files\ASIO4ALL v2
2012-09-26 11:15 . 2012-10-09 19:52--------d-----w-c:\program files\VstPlugins
2012-09-26 11:15 . 2011-10-11 14:451431552----a-w-c:\windows\system32\rewire.dll
2012-09-26 11:15 . 2009-09-15 09:141554944----a-w-c:\windows\system32\vorbis.acm
2012-09-26 11:14 . 2012-09-26 11:14--------d-----w-c:\program files\Outsim
2012-09-26 11:11 . 2012-09-26 11:15--------d-----w-c:\program files\Image-Line
2012-09-26 02:01 . 2012-09-26 02:01679936----a-w-c:\windows\system32\Fliqlo.scr
2012-09-26 02:01 . 2012-09-26 02:01--------d-----w-c:\programdata\Screentime
2012-09-26 01:59 . 2012-09-26 01:59--------d-----w-c:\windows\system32\Macromed
2012-09-25 22:53 . 2012-09-25 22:54--------d-----w-c:\programdata\WinZip
2012-09-25 22:41 . 2012-09-25 22:43--------d-----w-c:\programdata\AVG
2012-09-25 22:41 . 2012-09-25 22:41--------d-sh--w-c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-25 22:31 . 2012-09-25 22:31--------d-----w-C:\$AVG
2012-09-25 22:29 . 2012-10-22 04:34--------d-----w-c:\program files\AVG
2012-09-25 22:27 . 2012-09-25 22:27--------d--h--w-c:\programdata\Common Files
2012-09-25 22:21 . 2012-09-25 22:21--------d-----w-c:\program files\FrostWire 5
2012-09-25 22:10 . 2012-09-25 22:10--------d-----w-c:\program files\RocketDock
2012-09-25 22:08 . 2012-10-22 04:34--------d-----w-c:\users\UpdatusUser
2012-09-25 22:07 . 2012-10-02 19:29645992----a-w-c:\windows\system32\nvvsvc.exe
2012-09-25 22:07 . 2012-10-02 19:2962312----a-w-c:\windows\system32\nvshext.dll
2012-09-25 22:07 . 2012-10-02 19:29108392----a-w-c:\windows\system32\nvmctray.dll
2012-09-25 22:07 . 2012-10-02 19:292853224----a-w-c:\windows\system32\nvsvc.dll
2012-09-25 22:07 . 2012-10-02 19:283965288----a-w-c:\windows\system32\nvcpl.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-02 22:20 . 2012-02-10 05:431009512----a-w-c:\windows\system32\nvdispco32.dll
2012-10-02 22:20 . 2008-01-21 02:3215309160----a-w-c:\windows\system32\nvd3dum.dll
2012-09-25 21:21 . 2012-09-25 21:214096----a-w-c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-08-24 07:57 . 2012-08-24 07:57113104----a-w-c:\windows\system32\drivers\scdemu.sys
2012-08-21 20:01 . 2012-08-21 20:01106928----a-w-c:\windows\system32\GEARAspi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2007-03-01 180224]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-09-30 296096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-552 revA\wirelesscm.exe [2012-9-25 517440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Romeo Jr Chacon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"UpdReg"=c:\windows\UpdReg.EXE
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetworkREG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 06:33]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2321283058-4084574830-2792957718-1000Core.job
- c:\users\Romeo Jr Chacon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 21:54]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2321283058-4084574830-2792957718-1000UA.job
- c:\users\Romeo Jr Chacon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 21:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=;ftp=;https=;
TCP: DhcpNameServer = 10.0.1.1
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-21 21:48
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
c:\windows\System32\rundll32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-10-21 21:53:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-22 04:53
.
Pre-Run: 583,820,800,000 bytes free
Post-Run: 583,651,385,344 bytes free
.
- - End Of File - - 832070482FBF08F1264B34EADB21DD13
 
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\Windows\system32\drivers\smb.sys
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

==================================

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code: 
    :filefind
smb.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
Status
Not open for further replies.

Similar threads

Humza
Beware of this newly discovered Android spyware that pretends to be a system update
Replies
7
Views
1K
Markoni35
M
N
Windows 11 review round-up: Better than Windows 10, but still a work in progress
2
Replies
30
Views
6K
loki1944
L
P
Microsoft rumored to be planning a Fluent Design revamp for Windows 10's File Explorer...
2
Replies
32
Views
5K
Danster1616
Danster1616

Latest posts

Back