# Win64/Patched.A detected by AVG - need help removing



## Defragger (Dec 13, 2012)

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2550K CPU @ 3.40GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 8173 Mb
Graphics Card: NVIDIA GeForce GT 520, 1023 Mb
Hard Drives: C: Total - 953766 MB, Free - 851534 MB;
Motherboard: ASUSTeK Computer INC., P8Z68-V LX
Antivirus: AVG Anti-Virus Free Edition 2013, Updated and Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:07:26 PM, on 12/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Users\DeFragger\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-175869551-1456407368-2275875465-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-175869551-1456407368-2275875465-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10512 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by DeFragger at 20:08:38 on 2012-12-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.6895 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
uSearch Page = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
uDefault_Page_URL = hxxp://nmd.msn.com
uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
mWinlogon: Userinit = userinit.exe,
BHO: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F1B89120-180F-4C2A-A43A-1B5E91D75DC6} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.searchamong.com/searchview.php?cat=webs&bar=true&query=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-09 11:12; [email protected]; C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636&q=
FF - user.js: extensions.funmoods.id - C860006C8C0D8BCB
FF - user.js: extensions.funmoods.instlDay - 15593
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.221:14:34
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
.
FF - user.js: security.csp.enable - false
.
FF - user.js: extensions.autoDisableScopes - 14//Playbryte-fa-ptn
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-26 30568]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [2012-4-16 947328]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-4 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-4-4 161560]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-8-28 92632]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-4 646248]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2012-6-16 29288]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-5 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-5 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-5 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-17 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-12-10 22:28:44 -------- d-----w- C:\Users\DeFragger\AppData\Roaming\Malwarebytes
2012-12-10 22:28:31 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-10 22:28:30 25928  ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-10 22:28:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-10 21:45:52 -------- d-----w- C:\Users\DeFragger\AppData\Roaming\SpeedyPC Software
2012-12-10 21:45:52 -------- d-----w- C:\Users\DeFragger\AppData\Roaming\DriverCure
2012-12-10 21:45:46 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-12-09 16:12:45 -------- d-----w- C:\Users\DeFragger\AppData\Local\Vid-Saver
2012-12-09 16:12:44 -------- d-----w- C:\Program Files (x86)\Vid-Saver
2012-12-09 16:12:38 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2012-12-09 16:11:25 -------- d-----w- C:\Program Files (x86)\AVS Video Converter
2012-12-09 15:54:48 -------- d-----w- C:\Program Files (x86)\MPC-HC
2012-12-09 15:52:47 220160 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-12-09 15:52:42 -------- d-----w- C:\Program Files (x86)\Mega Codec Pack
2012-12-09 15:20:03 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-12-09 15:20:03 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-09 15:19:59 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-06 02:07:39 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2012-12-03 23:08:48 -------- d-sh--w- C:\found.000
2012-11-25 13:59:06 -------- d-----w- C:\Program Files\Ventrilo
2012-11-25 13:58:47 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-11-24 11:34:13 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-11-24 11:34:13 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-11-24 11:34:13 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-11-24 11:34:13 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-11-24 11:34:13 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-11-23 22:36:51 -------- d-----w- C:\Program Files (x86)\Activision
2012-11-19 09:40:46 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-11-15 09:44:20 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-15 09:44:20 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 09:44:20 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 09:44:20 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 09:40:36 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-15 09:40:36 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-15 09:40:36 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-15 09:40:36 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-15 09:40:35 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-15 09:40:35 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 09:40:35 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
.
==================== Find3M ====================
.
2012-11-22 12:48:01 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-22 12:48:01 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-08 11:06:06 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-10-22 18:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 08:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-11 02:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-10-11 02:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-10-11 02:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-10-11 02:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-10-11 02:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-10-11 02:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-10-11 02:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-11 02:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 19:11:05 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22  173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-05 08:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-02 18:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-10-02 07:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-21 07:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 07:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-14 07:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 20:08:51.32 ===============


----------



## Gizzy (Aug 2, 2005)

Hello Defragger and Welcome to *Tech Support Guy*! 
My name is *Gizzy* and I'll be glad to help you with your malware problems.

*Please note the following while we work:*

The fixes are specific to your problem and should only be used for this issue on this computer.
Perform all actions in the order given.
If you don't know or understand something *stop and ask!* Don't keep going on.
Please *DO NOT* uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
Please *DO NOT* run any tools or scans unless I ask you to.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use, Be assured, any links I give are safe.
The process is not instant, Please continue to respond to this thread until I give you the All Clean!. *Absence of symptoms does not mean that everything is clear*.
Topics not replied to within 3 days will be removed from my Subscribed Threads List.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

*Because of this, I advise you to backup any personal files and folders before you start.*
*Backup your data - windows 7*

I am checking your logs and will reply with further instructions soon.


----------



## Defragger (Dec 13, 2012)

Thanks so much Gizzy! Your help is greatly appreciated.


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,

*Your logs show signs of a Remote Access Infection on your computer.*



> LSP: mswsock.dll


These indicate you are infected with Zero Access.



> http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/Sirefef.AC


Please take time to carefully read *THIS* topic, then let me know how you want to proceed.


----------



## Defragger (Dec 13, 2012)

Thanks Gizzy, but the link didn't help any. Can't enable the firewall and Windows Updates will not work. AVG tells me that; 

"Virus identified Win64/Patched.A, C:\Windows\System32\services.exe";"Cannot be cleaned
Remove manually"

and it keeps trying to install these; 

"Trojan horse Generic28.CBQW, c:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\U\[email protected]";"Infected"

"Found Luhe.Sirefef.A, c:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\U\[email protected]";"Infected"

"Found Luhe.Sirefef.A, c:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\U\[email protected]";"Infected"

I have no idea what to do next. I guess I'm on bent knee asking for your help...lmao. I would like to try and clean this machine until I can get a recovery disk from IBuyPower and repave. Thanks so much in advance.


----------



## Gizzy (Aug 2, 2005)

No problem, Please continue with the following. 
If you don't have a flash drive let me know and we can try something else, Though this way is preferred.

Also when you ran DDS it should have created 2 files *DDS.txt* and *Attach.txt*, Please post *Attach.txt*

*FRST*

Download *FRST64* to a USB flash drive.

Plug the USB drive into the infected machine.

*Boot your computer into Recovery Environment*


Restart the computer and press *F8* repeatedly until the *Advanced Options Menu* appears.
Select *Repair your computer*.
Select Language and click *Next*
Enter password (if necessary) and click *OK*, you should now see the screen below ...










Select the *Command Prompt* option.
A command window will open.
Type *notepad* then hit *Enter*.
Notepad will open.
Click *File > Open* then select *Computer*.
Note down the drive letter for your *USB Drive*.
Close Notepad.


Back in the command window ....
Type *e:/frst64.exe* and hit *Enter* (where *e:* is replaced by the drive letter for your USB drive)
*FRST* will start to run.
When the tool opens click Yes to disclaimer.
Press *Scan* button.
When finished scanning it will make a log *FRST.txt* on the flash drive.


*Next*
Type *services.exe;explorer.exe* into the *Search:* box in FRST
Click the *Search Files* button.
FRST will scan your machine once more, this time looking for files.
When finished scanning it will make a log *Search.txt* on the flash drive.

Close the command window.
Boot back into normal mode and post me the *FRST.txt* log and the *Search.txt* log please.

*Please reply with:*

Attach.txt
FRST logs (FRST.txt and Search.txt)


----------



## Defragger (Dec 13, 2012)

Sorry for the delay Gizzy but I had to acquire a flashdrive, prolly could have used my Kindle but didn't want to risk it. Anyway, here are the log files you asked for. Thanks again.

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 4/16/2012 3:45:25 AM
System Uptime: 12/12/2012 5:23:55 PM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8Z68-V LX
Processor: Intel(R) Core(TM) i5-2550K CPU @ 3.40GHz | LGA1155 | 3400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 831.576 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP61: 11/23/2012 5:35:02 PM - Installed Call of Duty(R) 2
RP62: 11/23/2012 5:59:39 PM - Installed Call of Duty(R) 2 Patch 1.3
RP63: 11/25/2012 8:58:57 AM - Installed Ventrilo Client for Windows x64
RP64: 11/29/2012 4:40:40 AM - Windows Update
RP65: 12/5/2012 9:07:14 PM - Windows Update
RP66: 12/9/2012 10:19:44 AM - Installed Java 7 Update 9
RP67: 12/10/2012 5:19:07 PM - Removed Translate Genius
RP68: 12/11/2012 3:17:49 PM - Removed WinZip 15.0
RP69: 12/11/2012 3:19:20 PM - Removed calibre
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Asmedia ASM104x USB 3.0 Host Controller Driver
AVG 2013
AVG Security Toolbar
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Command & Conquer 3
Command & Conquer Red Alert 2
Command & Conquer 3: Kane's Wrath
D3DX10
Diablo III
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel® Trusted Connect Service Client
Java 7 Update 9
Java Auto Updater
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.1.1000
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word Viewer 2003
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 16.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
NVIDIA 3D Vision Controller Driver 295.73
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.3.12.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0209
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Steam
The Elder Scrolls V: Skyrim
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Ventrilo Client for Windows x64
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.0
Westwood Shared Internet Components
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
12/8/2012 11:06:16 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\System32\config\COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
12/5/2012 9:22:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000000403, 0xfffff680000dd0b0, 0x9cd00000380cb867, 0xfffff6fc001c0658). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120512-17281-01.
12/12/2012 6:12:47 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
12/12/2012 6:12:47 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
12/12/2012 3:49:16 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
12/12/2012 3:49:07 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/12/2012 3:49:05 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/12/2012 3:49:05 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
.
==== End Of File ===========================

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012
Ran by SYSTEM at 14-12-2012 16:14:42
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7560296 2011-12-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
HKLM-x32\...\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [856160 2012-09-26] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ===================

2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [947328 2012-04-16] (ASUSTeK Computer Inc.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
2 TomTomHOMEService; "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [92632 2012-08-28] (TomTom)
2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()

==================== Drivers (Whitelisted) =====================

3 Apowersoft_AudioDevice; C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2012-04-16] ()
1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-12-14 12:52 - 2012-12-14 12:52 - 01461033 ____A (Farbar) C:\Users\DeFragger\Desktop\FRST64.exe
2012-12-13 14:17 - 2012-12-13 14:20 - 00000000 ____D C:\Users\All Users\ParetoLogic
2012-12-13 14:17 - 2012-12-13 14:17 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\ParetoLogic
2012-12-12 18:00 - 2012-12-13 14:01 - 00003265 ____A C:\Windows\WindowsUpdate.log
2012-12-12 17:31 - 2012-12-12 17:31 - 00000000 ____D C:\Windows\Sun
2012-12-12 17:14 - 2012-12-12 17:14 - 00509440 ____A (Tech Support Guy System) C:\Users\DeFragger\Desktop\SysInfo.exe
2012-12-12 17:08 - 2012-12-12 17:08 - 00022760 ____A C:\Users\DeFragger\Desktop\dds.txt
2012-12-12 17:08 - 2012-12-12 17:08 - 00006802 ____A C:\Users\DeFragger\Desktop\attach.txt
2012-12-12 17:07 - 2012-12-12 17:07 - 00010514 ____A C:\Users\DeFragger\Desktop\hijackthis.log
2012-12-12 17:04 - 2012-12-12 17:04 - 00688992 ____R (Swearware) C:\Users\DeFragger\Desktop\dds.scr
2012-12-12 17:04 - 2012-12-12 17:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\DeFragger\Desktop\HijackThis.exe
2012-12-10 15:06 - 2012-12-13 16:57 - 00007332 ____A C:\Windows\PFRO.log
2012-12-10 14:28 - 2012-12-10 14:28 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Malwarebytes
2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-10 14:28 - 2012-09-29 16:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-10 14:16 - 2012-12-14 12:50 - 00001522 ____A C:\Windows\setupact.log
2012-12-10 14:16 - 2012-12-10 14:16 - 00000000 ____A C:\Windows\setuperr.log
2012-12-10 14:10 - 2012-12-10 14:10 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\DeFragger\Downloads\mb.exe
2012-12-10 13:45 - 2012-12-10 14:18 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-12-10 13:45 - 2012-12-10 13:45 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\SpeedyPC Software
2012-12-10 13:45 - 2012-12-10 13:45 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\DriverCure
2012-12-09 08:34 - 2012-12-09 08:34 - 00821248 ____A C:\Users\DeFragger\Downloads\FreeISOBurner.exe
2012-12-09 08:12 - 2012-12-10 14:19 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-12-09 08:12 - 2012-12-09 08:12 - 00000000 ____D C:\Users\DeFragger\AppData\Local\Vid-Saver
2012-12-09 08:12 - 2012-12-09 08:12 - 00000000 ____D C:\Program Files (x86)\Vid-Saver
2012-12-09 08:11 - 2012-12-09 08:13 - 00000000 ____D C:\Program Files (x86)\AVS Video Converter
2012-12-09 07:54 - 2012-12-09 08:04 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2012-12-09 07:52 - 2012-12-13 13:31 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-12-09 07:20 - 2012-12-09 07:20 - 00000000 ____D C:\Users\All Users\Sun
2012-12-09 07:20 - 2012-12-09 07:19 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-12-09 07:20 - 2012-12-09 07:19 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-12-09 07:20 - 2012-12-09 07:19 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-12-09 07:19 - 2012-12-09 07:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-12-09 07:19 - 2012-12-09 07:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-12-09 07:19 - 2012-12-09 07:19 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-12-09 07:19 - 2012-12-09 07:19 - 00000000 ____D C:\Users\All Users\McAfee
2012-12-09 07:19 - 2012-12-09 07:19 - 00000000 ____D C:\Program Files (x86)\Java
2012-12-08 06:23 - 2012-12-08 07:12 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink Floyd - full discography
2012-12-08 06:18 - 2012-12-08 06:18 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink Floyd Meddle [Original Recording Remastered] 320 Kbps
2012-12-08 06:17 - 2012-12-08 06:17 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink_Floyd_Greatest_Hits.www.lokotorrents.com
2012-12-06 12:57 - 2012-12-11 12:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-05 18:07 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-12-05 18:07 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-12-05 18:07 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-12-05 18:07 - 2012-08-24 10:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-12-05 18:07 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-12-05 18:07 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-12-05 18:07 - 2012-08-24 08:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-12-05 18:07 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-12-05 18:07 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-12-05 18:07 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2012-12-05 18:07 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2012-12-05 18:07 - 2012-08-23 06:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2012-12-05 18:07 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2012-12-05 18:07 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2012-12-05 18:07 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2012-12-05 18:07 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-12-05 18:07 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-12-05 18:07 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-12-05 18:07 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2012-12-05 18:07 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2012-12-05 18:07 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2012-12-05 18:07 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-12-05 18:07 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2012-12-05 18:07 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2012-12-05 18:07 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2012-12-05 18:07 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2012-12-05 18:07 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2012-12-05 18:07 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2012-12-05 18:07 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2012-12-05 18:07 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2012-12-05 18:07 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-12-05 18:07 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-12-05 18:07 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2012-12-05 18:07 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-12-03 15:08 - 2012-12-03 15:08 - 00000000 __SHD C:\found.000
2012-11-25 05:59 - 2012-12-10 14:04 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Ventrilo
2012-11-25 05:59 - 2012-11-25 05:59 - 00000920 ____A C:\Users\DeFragger\Desktop\Ventrilo.lnk
2012-11-25 05:59 - 2012-11-25 05:59 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2012-11-25 05:59 - 2012-11-25 05:59 - 00000000 ____D C:\Program Files\Ventrilo
2012-11-25 05:58 - 2012-11-25 05:58 - 00000000 ____D C:\Users\DeFragger\Downloads\Ventrilo
2012-11-24 03:30 - 2012-11-24 03:31 - 00000000 ____D C:\Users\DeFragger\Downloads\COD Patch
2012-11-24 03:26 - 2012-11-24 03:28 - 00000000 ____D C:\Users\DeFragger\Downloads\Kindle Books and Software update
2012-11-24 03:22 - 2012-11-24 03:25 - 00000000 ____D C:\Users\DeFragger\Downloads\Red Alert
2012-11-23 14:47 - 2012-11-23 14:47 - 00001882 ____A C:\Users\Public\Desktop\Call of Duty(R) 2 Single Player.lnk
2012-11-23 14:47 - 2012-11-23 14:47 - 00001882 ____A C:\Users\Public\Desktop\Call of Duty(R) 2 Multiplayer.lnk
2012-11-23 14:47 - 2012-11-23 14:47 - 00000293 ____A C:\Windows\game.ini
2012-11-23 14:36 - 2012-11-23 14:36 - 00000000 ____D C:\Program Files (x86)\Activision
2012-11-22 04:48 - 2012-11-22 05:25 - 00000000 ____D C:\Program Files (x86)\Google
2012-11-19 01:40 - 2012-10-02 11:50 - 02557800 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-11-16 17:55 - 2012-11-16 17:55 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\WinRAR
2012-11-15 01:44 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-15 01:44 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-15 01:44 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-15 01:44 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-15 01:41 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-15 01:41 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-15 01:41 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-15 01:41 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-15 01:41 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-15 01:41 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-15 01:41 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-15 01:41 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-15 01:41 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-15 01:41 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-15 01:41 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-15 01:41 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-15 01:41 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-15 01:41 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-15 01:41 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-15 01:41 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-15 01:41 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-15 01:41 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-15 01:41 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-15 01:41 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-15 01:41 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-15 01:41 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-15 01:41 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-15 01:41 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-15 01:41 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-15 01:41 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-15 01:41 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-15 01:41 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-15 01:41 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-15 01:41 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-15 01:41 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-15 01:41 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-15 01:40 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-15 01:40 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-15 01:40 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-15 01:40 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-15 01:40 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 01:40 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-15 01:40 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-15 01:40 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-14 01:48 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-14 01:48 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-14 01:48 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-14 01:48 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-14 01:48 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-14 01:48 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-14 01:48 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-14 01:48 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-14 01:48 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-14 01:48 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-14 01:48 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-14 01:48 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-14 01:48 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-14 01:48 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-14 01:48 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-14 01:48 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-14 01:48 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-14 01:48 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-14 01:48 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

2012-12-14 12:54 - 2009-07-13 21:13 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-14 12:52 - 2012-12-14 12:52 - 01461033 ____A (Farbar) C:\Users\DeFragger\Desktop\FRST64.exe
2012-12-14 12:50 - 2012-12-10 14:16 - 00001522 ____A C:\Windows\setupact.log
2012-12-14 12:50 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-14 12:50 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-14 12:48 - 2012-04-16 00:50 - 00000000 ____D C:\Users\All Users\MFAData
2012-12-14 12:43 - 2012-04-10 06:30 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-12-14 12:43 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-13 16:57 - 2012-12-10 15:06 - 00007332 ____A C:\Windows\PFRO.log
2012-12-13 14:31 - 2012-05-02 15:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-12-13 14:20 - 2012-12-13 14:17 - 00000000 ____D C:\Users\All Users\ParetoLogic
2012-12-13 14:17 - 2012-12-13 14:17 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\ParetoLogic
2012-12-13 14:01 - 2012-12-12 18:00 - 00003265 ____A C:\Windows\WindowsUpdate.log
2012-12-13 13:31 - 2012-12-09 07:52 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-12-12 17:31 - 2012-12-12 17:31 - 00000000 ____D C:\Windows\Sun
2012-12-12 17:14 - 2012-12-12 17:14 - 00509440 ____A (Tech Support Guy System) C:\Users\DeFragger\Desktop\SysInfo.exe
2012-12-12 17:08 - 2012-12-12 17:08 - 00022760 ____A C:\Users\DeFragger\Desktop\dds.txt
2012-12-12 17:08 - 2012-12-12 17:08 - 00006802 ____A C:\Users\DeFragger\Desktop\attach.txt
2012-12-12 17:07 - 2012-12-12 17:07 - 00010514 ____A C:\Users\DeFragger\Desktop\hijackthis.log
2012-12-12 17:04 - 2012-12-12 17:04 - 00688992 ____R (Swearware) C:\Users\DeFragger\Desktop\dds.scr
2012-12-12 17:04 - 2012-12-12 17:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\DeFragger\Desktop\HijackThis.exe
2012-12-11 12:26 - 2012-04-18 15:23 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Winamp
2012-12-11 12:18 - 2012-12-06 12:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-11 12:18 - 2012-09-09 21:23 - 00000000 ____D C:\Users\All Users\WinZip
2012-12-11 12:17 - 2012-06-21 06:23 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\uTorrent
2012-12-10 14:28 - 2012-12-10 14:28 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Malwarebytes
2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-10 14:22 - 2012-09-26 11:31 - 00000000 ____D C:\Users\All Users\AVG2013
2012-12-10 14:19 - 2012-12-09 08:12 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-12-10 14:18 - 2012-12-10 13:45 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-12-10 14:16 - 2012-12-10 14:16 - 00000000 ____A C:\Windows\setuperr.log
2012-12-10 14:10 - 2012-12-10 14:10 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\DeFragger\Downloads\mb.exe
2012-12-10 14:04 - 2012-11-25 05:59 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Ventrilo
2012-12-10 14:04 - 2012-08-26 04:11 - 00000000 ____D C:\Windows\Minidump
2012-12-10 14:04 - 2012-04-19 12:49 - 00000000 ____D C:\Program Files (x86)\Steam
2012-12-10 14:04 - 2012-04-18 11:29 - 00000000 ___DC C:\Users\DeFragger\AppData\Local\MigWiz
2012-12-10 14:04 - 2011-11-21 17:24 - 00000000 ____D C:\Windows\panther
2012-12-10 13:45 - 2012-12-10 13:45 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\SpeedyPC Software
2012-12-10 13:45 - 2012-12-10 13:45 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\DriverCure
2012-12-09 08:34 - 2012-12-09 08:34 - 00821248 ____A C:\Users\DeFragger\Downloads\FreeISOBurner.exe
2012-12-09 08:13 - 2012-12-09 08:11 - 00000000 ____D C:\Program Files (x86)\AVS Video Converter
2012-12-09 08:12 - 2012-12-09 08:12 - 00000000 ____D C:\Users\DeFragger\AppData\Local\Vid-Saver
2012-12-09 08:12 - 2012-12-09 08:12 - 00000000 ____D C:\Program Files (x86)\Vid-Saver
2012-12-09 08:04 - 2012-12-09 07:54 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2012-12-09 07:59 - 2012-09-09 20:49 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\vlc
2012-12-09 07:20 - 2012-12-09 07:20 - 00000000 ____D C:\Users\All Users\Sun
2012-12-09 07:19 - 2012-12-09 07:20 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-12-09 07:19 - 2012-12-09 07:20 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-12-09 07:19 - 2012-12-09 07:20 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-12-09 07:19 - 2012-12-09 07:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-12-09 07:19 - 2012-12-09 07:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-12-09 07:19 - 2012-12-09 07:19 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-12-09 07:19 - 2012-12-09 07:19 - 00000000 ____D C:\Users\All Users\McAfee
2012-12-09 07:19 - 2012-12-09 07:19 - 00000000 ____D C:\Program Files (x86)\Java
2012-12-08 07:45 - 2012-02-09 17:25 - 00000000 ____D C:\My MP3's
2012-12-08 07:12 - 2012-12-08 06:23 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink Floyd - full discography
2012-12-08 06:18 - 2012-12-08 06:18 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink Floyd Meddle [Original Recording Remastered] 320 Kbps
2012-12-08 06:17 - 2012-12-08 06:17 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink_Floyd_Greatest_Hits.www.lokotorrents.com
2012-12-07 01:34 - 2012-05-08 00:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-06 14:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-05 18:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-12-05 17:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2012-12-03 15:08 - 2012-12-03 15:08 - 00000000 __SHD C:\found.000
2012-11-25 05:59 - 2012-11-25 05:59 - 00000920 ____A C:\Users\DeFragger\Desktop\Ventrilo.lnk
2012-11-25 05:59 - 2012-11-25 05:59 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2012-11-25 05:59 - 2012-11-25 05:59 - 00000000 ____D C:\Program Files\Ventrilo
2012-11-25 05:58 - 2012-11-25 05:58 - 00000000 ____D C:\Users\DeFragger\Downloads\Ventrilo
2012-11-24 03:31 - 2012-11-24 03:30 - 00000000 ____D C:\Users\DeFragger\Downloads\COD Patch
2012-11-24 03:28 - 2012-11-24 03:26 - 00000000 ____D C:\Users\DeFragger\Downloads\Kindle Books and Software update
2012-11-24 03:25 - 2012-11-24 03:22 - 00000000 ____D C:\Users\DeFragger\Downloads\Red Alert
2012-11-24 03:09 - 2009-07-13 21:08 - 00032544 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-23 15:00 - 2012-04-04 05:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-11-23 14:47 - 2012-11-23 14:47 - 00001882 ____A C:\Users\Public\Desktop\Call of Duty(R) 2 Single Player.lnk
2012-11-23 14:47 - 2012-11-23 14:47 - 00001882 ____A C:\Users\Public\Desktop\Call of Duty(R) 2 Multiplayer.lnk
2012-11-23 14:47 - 2012-11-23 14:47 - 00000293 ____A C:\Windows\game.ini
2012-11-23 14:36 - 2012-11-23 14:36 - 00000000 ____D C:\Program Files (x86)\Activision
2012-11-23 04:43 - 2012-04-15 23:46 - 00000000 ____D C:\Users\DeFragger\AppData\Local\VirtualStore
2012-11-22 06:43 - 2012-05-18 11:50 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-11-22 05:25 - 2012-11-22 04:48 - 00000000 ____D C:\Program Files (x86)\Google
2012-11-22 05:25 - 2012-04-18 11:09 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\SoftGrid Client
2012-11-22 04:48 - 2012-09-09 20:34 - 00000000 ____D C:\Users\DeFragger\AppData\Local\Google
2012-11-22 04:48 - 2012-05-08 16:17 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-22 04:48 - 2012-04-16 00:17 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-22 04:48 - 2012-04-16 00:17 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-19 01:40 - 2012-04-10 06:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-11-19 01:40 - 2012-04-10 06:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-11-16 17:55 - 2012-11-16 17:55 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\WinRAR
2012-11-15 12:05 - 2012-04-15 23:46 - 00058016 ____A C:\Users\DeFragger\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-15 12:05 - 2009-07-13 20:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-15 01:40 - 2012-04-18 02:02 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-14 17:32 - 2012-04-15 23:49 - 00000000 ____D C:\Users\DeFragger\AppData\Local\Microsoft Games

ZeroAccess:
C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}
C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\@
C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\L
C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\U
C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\L\[email protected]
C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\U\[email protected]
C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\U\[email protected]
C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\U\[email protected]

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-23 14:35:08
Restore point made on: 2012-11-23 14:59:45
Restore point made on: 2012-11-25 05:59:03
Restore point made on: 2012-11-29 01:40:50
Restore point made on: 2012-12-05 18:07:21
Restore point made on: 2012-12-09 07:19:50
Restore point made on: 2012-12-10 14:19:13
Restore point made on: 2012-12-11 12:17:54
Restore point made on: 2012-12-11 12:19:23

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8173.21 MB
Available physical RAM: 7389.67 MB
Total Pagefile: 8171.41 MB
Available Pagefile: 7376.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:831.01 GB) NTFS
3 Drive f: (USB20FD) (Removable) (Total:15.22 GB) (Free:15.22 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 2048 KB 
Disk 1 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 31 KB
Partition 2 Primary 931 GB 103 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 24 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F USB20FD FAT32 Removable 15 GB Healthy

=========================================================

Last Boot: 2012-12-05 14:54

==================== End Of Log =============================

Search.txt

Farbar Recovery Scan Tool (x64) Version: 11-12-2012
Ran by SYSTEM at 2012-12-14 16:16:17
Running from F:\

================== Search: "services.exe;explorer.exe" ===================

C:\Windows\explorer.exe
[2011-11-22 08:35] - [2011-02-24 22:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011-11-22 08:35] - [2011-02-25 21:19] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011-11-22 08:35] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010-11-20 19:24] - [2010-11-20 19:24] - 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011-11-22 08:35] - [2011-02-25 22:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-11-22 08:35] - [2011-02-24 22:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010-11-20 19:24] - [2010-11-20 19:24] - 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24

C:\Windows\SysWOW64\explorer.exe
[2011-11-22 08:35] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,
A few things to remove, But lets start with the main infection.

*FRST Fix*
Click the *fixlist.txt* link under *Attached Files* at the bottom of this post to download the attached file *fixlist.txt* and save it to the flashdrive with FRST.

*Boot into Recovery Environment*


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
Press the *Fix* button once and wait.
FRST will process *fixlist.txt*
When finished, it will produce a log *fixlog.txt* on your USB flashdrive.

*Exit out of Recovery Environment and post me the log please.*

*After running FRST with fixlist.txt, Continue with the following.*

*Download and run Combofix*
This tool is not a toy and not for everyday use.
ComboFix *SHOULD NOT* be used unless requested by a forum helper

Please download ComboFix from the link below:

*Link*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.
If you need help to disable your protection programs see *here*.
Right-click on *ComboFix.exe* and select *Run as administrator* then follow the prompts.
When finished, it will produce a log for you. Please include the *C:\ComboFix.txt* in your next reply

If you need help, see this link:
*http://www.bleepingcomputer.com/combofix/how-to-use-combofix*

*Please reply with:*

FRST log (fixlog.txt)
ComboFix log


----------



## Defragger (Dec 13, 2012)

Okay Gizzy, here are the log files you asked for. Thanks again so much for your help.

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012
Ran by SYSTEM at 2012-12-15 06:35:36 Run:1
Running from F:\

==============================================

C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

ComboFix.txt

ComboFix 12-12-14.01 - DeFragger 12/15/2012 6:40.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.6869 [GMT -5:00]
Running from: c:\users\DeFragger\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Vid-Saver
c:\program files (x86)\Vid-Saver\Vid-Saver.ico
c:\program files (x86)\Vid-Saver\Vid-Saver.ini
c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log
c:\programdata\ReadOnlyInstaller.msi
c:\programdata\uninstaller.exe
c:\users\DeFragger\AppData\Local\Vid-Saver
c:\users\DeFragger\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx
c:\users\DeFragger\AppData\Roaming\Microsoft\~DFKa09e97.tmp
c:\users\DeFragger\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\DeFragger\AppData\Roaming\Microsoft\bass.dll
c:\users\DeFragger\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\DeFragger\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\DeFragger\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\DeFragger\AppData\Roaming\Microsoft\peaadje.dll
c:\users\DeFragger\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\DeFragger\AppData\Roaming\Microsoft\rsaadjd.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-15 to 2012-12-15 )))))))))))))))))))))))))))))))
.
.
2012-12-15 00:14 . 2012-12-15 00:14 -------- d-----w- C:\FRST
2012-12-13 22:17 . 2012-12-13 22:17 -------- d-----w- c:\users\DeFragger\AppData\Roaming\ParetoLogic
2012-12-13 22:17 . 2012-12-13 22:20 -------- d-----w- c:\programdata\ParetoLogic
2012-12-13 20:51 . 2012-12-13 20:52 -------- d-----w- c:\users\DeFragger\AppData\Local\ElevatedDiagnostics
2012-12-13 01:31 . 2012-12-13 01:31 -------- d-----w- c:\windows\Sun
2012-12-10 22:28 . 2012-12-10 22:28 -------- d-----w- c:\users\DeFragger\AppData\Roaming\Malwarebytes
2012-12-10 22:28 . 2012-12-10 22:28 -------- d-----w- c:\programdata\Malwarebytes
2012-12-10 21:45 . 2012-12-10 21:45 -------- d-----w- c:\users\DeFragger\AppData\Roaming\SpeedyPC Software
2012-12-10 21:45 . 2012-12-10 21:45 -------- d-----w- c:\users\DeFragger\AppData\Roaming\DriverCure
2012-12-10 21:45 . 2012-12-10 22:18 -------- d-----w- c:\programdata\SpeedyPC Software
2012-12-09 16:12 . 2012-12-10 22:19 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-12-09 16:11 . 2012-12-09 16:13 -------- d-----w- c:\program files (x86)\AVS Video Converter
2012-12-09 15:54 . 2012-12-09 16:04 -------- d-----w- c:\program files (x86)\MPC-HC
2012-12-09 15:52 . 2012-12-09 15:52 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-12-09 15:52 . 2012-12-13 21:31 -------- d-----w- c:\program files (x86)\Mega Codec Pack
2012-12-09 15:20 . 2012-12-09 15:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-09 15:20 . 2012-12-09 15:19 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-09 15:20 . 2012-12-09 15:19 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-09 15:19 . 2012-12-09 15:19 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-09 15:19 . 2012-12-09 15:19 -------- d-----w- c:\program files (x86)\Java
2012-12-09 15:19 . 2012-12-09 15:19 -------- d-----w- c:\programdata\McAfee
2012-12-03 23:08 . 2012-12-03 23:08 -------- d-----w- C:\found.000
2012-11-25 13:59 . 2012-12-10 22:04 -------- d-----w- c:\users\DeFragger\AppData\Roaming\Ventrilo
2012-11-25 13:59 . 2012-11-25 13:59 -------- d-----w- c:\program files\Ventrilo
2012-11-25 13:58 . 2012-11-25 13:58 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-11-24 11:34 . 2012-04-16 14:08 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-11-24 11:34 . 2001-09-05 09:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-11-24 11:34 . 2001-09-05 09:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-11-24 11:34 . 2001-09-05 09:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-11-24 11:34 . 2001-09-05 09:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-11-23 22:36 . 2012-11-23 22:36 -------- d-----w- c:\program files (x86)\Activision
2012-11-22 12:48 . 2012-11-22 13:25 -------- d-----w- c:\program files (x86)\Google
2012-11-19 09:40 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 12:48 . 2012-04-16 08:17 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-22 12:48 . 2012-04-16 08:17 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-15 09:40 . 2012-04-18 10:02 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-08 11:06 . 2012-09-26 19:31 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-10-30 00:45 . 2012-10-30 00:45 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-18 18:25 . 2012-11-14 09:48 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-10-16 08:38 . 2012-11-28 09:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 09:40 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 09:40 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-11 02:23 . 2012-10-11 02:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-11 02:23 . 2012-10-11 02:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 02:23 . 2012-10-11 02:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 02:23 . 2012-10-11 02:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 02:23 . 2012-10-11 02:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 02:23 . 2012-10-11 02:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 02:23 . 2012-10-11 02:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 02:23 . 2012-10-11 02:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-11 02:23 . 2012-10-11 02:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-11 02:23 . 2012-10-11 02:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 02:23 . 2012-04-10 14:30 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 02:23 . 2012-04-10 14:30 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-11 02:23 . 2012-10-11 02:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 02:23 . 2012-10-11 02:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 02:23 . 2012-10-11 02:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 02:22 . 2012-10-11 02:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 02:22 . 2012-10-11 02:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 02:22 . 2012-04-10 14:30 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 02:22 . 2012-10-11 02:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 02:22 . 2012-10-11 02:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 02:22 . 2012-10-11 02:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 02:22 . 2012-10-11 02:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:22 . 2012-10-11 02:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-09 18:17 . 2012-11-14 09:48 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 09:48 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 09:48 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 09:48 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-08 19:11 . 2012-10-08 19:11 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-08 12:19 . 2012-11-15 09:41 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-10-08 11:42 . 2012-11-15 09:41 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-10-08 11:31 . 2012-11-15 09:41 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 11:24 . 2012-11-15 09:41 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-10-08 11:23 . 2012-11-15 09:41 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 11:22 . 2012-11-15 09:41 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 11:22 . 2012-11-15 09:41 237056 ----a-w- c:\windows\system32\url.dll
2012-10-08 11:20 . 2012-11-15 09:41 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-10-08 11:18 . 2012-11-15 09:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 11:17 . 2012-11-15 09:41 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 11:17 . 2012-11-15 09:41 816640 ----a-w- c:\windows\system32\jscript.dll
2012-10-08 11:15 . 2012-11-15 09:41 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-10-08 11:15 . 2012-11-15 09:41 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-10-08 11:13 . 2012-11-15 09:41 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-10-08 11:13 . 2012-11-15 09:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-08 11:09 . 2012-11-15 09:41 248320 ----a-w- c:\windows\system32\ieui.dll
2012-10-08 07:56 . 2012-11-15 09:41 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-10-08 07:48 . 2012-11-15 09:41 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-10-08 07:47 . 2012-11-15 09:41 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-10-08 07:44 . 2012-11-15 09:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-10-08 07:43 . 2012-11-15 09:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-10-08 07:40 . 2012-11-15 09:41 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-03 17:56 . 2012-11-14 09:48 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 09:48 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 09:48 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 09:48 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 09:48 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 09:48 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 09:48 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 09:48 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 09:48 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 09:48 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 09:48 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 19:51 . 2012-04-10 14:30 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2012-04-10 14:30 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-04-10 14:30 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-04-10 14:30 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-04-10 14:30 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-04-10 14:30 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-10-02 07:30 . 2012-10-02 07:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-25 22:47 . 2012-11-14 09:48 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 09:48 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-21 07:46 . 2012-09-21 07:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 07:46 . 2012-09-21 07:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-08 11:06 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-11-06 15:07 220160 ----a-w- c:\program files (x86)\Mega Codec Pack\Filters\Haali\mmdinfo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-08 997320]
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-26 856160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-17 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-08 30568]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [2012-04-16 947328]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-08 711112]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.searchamong.com/searchview.php?cat=webs&bar=true&query=
FF - ExtSQL: 2012-12-09 11:12; [email protected]; c:\users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636&q=
FF - user.js: extensions.funmoods.id - C860006C8C0D8BCB
FF - user.js: extensions.funmoods.instlDay - 15593
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.221:14
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: security.csp.enable - false
FF - user.js: extensions.autoDisableScopes - 14//Playbryte-fa-ptn
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e2,7b,5c,c5,b0,8f,35,9c,d2,1d,b6,86,e5,10,4b,c1,75,0d,5c,0a,36,8c,64,
f1,30,d4,03,5e,f8,d9,1b,9e,e2,ef,25,5d,10,c2,79,09,f2,13,19,c4,d5,97,b5,0b,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\SecuROM\License information*]
"datasecu"=hex:b1,b0,5a,20,80,a2,91,da,a6,05,8b,36,7a,9b,bb,d8,b3,b3,19,08,ac,
4b,36,74,87,f1,6c,00,3a,79,5c,4a,49,51,d5,62,79,fd,db,96,f6,9b,fc,c7,6a,e8,\
"rkeysecu"=hex:56,c6,0d,e0,20,27,f2,5f,5e,7a,0c,15,6c,01,a7,f3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-12-15 06:46:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-15 11:46
.
Pre-Run: 891,850,424,320 bytes free
Post-Run: 891,317,665,792 bytes free
.
- - End Of File - - DD8EB751B8074C084A7BF64C8C55837A


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,


> Thanks again so much for your help.


You're welcome. 

*COMBOFIX-Script*
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


 Please open *Notepad* (*Start* > *Run* > type *notepad* in the Open field > *OK*) and copy and paste the text present *inside* the code box below:


```
DDS::
uSearch Bar = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
uSearch Page = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true

Firefox::
FF - ProfilePath - c:\users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\
FF - prefs.js: keyword.URL - hxxp://www.searchamong.com/searchview.php?cat=webs&bar=true&query=
FF - ExtSQL: 2012-12-09 11:12; [email protected]; c:\users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636&q=
FF - user.js: extensions.funmoods.id - C860006C8C0D8BCB
FF - user.js: extensions.funmoods.instlDay - 15593
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.221:14
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: security.csp.enable - false
FF - user.js: extensions.autoDisableScopes - 14//Playbryte-fa-ptn

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
```

Save this as *CFScript.txt* and change the "*Save as type*" to "*All Files*" and place it on your desktop.










*Very Important!* Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
If you need help to disable your protection programs see *here*.
Referring to the screenshot above, *drag CFScript.txt into ComboFix.exe.* 
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

*aswMBR*
Please download *aswMBR* and save it to your Desktop.

Right-click *aswMBR.exe* & choose *Run as Administrator* to run it.
Click *Yes* to the prompt to download *Avast! virus definitions*.
(Please be patient whilst the virus definitions download)
With the *AV scan* set to *Quick Scan*, click the *Scan* button.
(Please be patient whilst your computer is scanned.)
After a while when the scan reports *"Scan finished successfully"*, click *Save log* & save the log to your *desktop*.
Click *OK* > *Exit.*
*Note:* Do not attempt to fix anything at this stage!
Two files will be created,* aswMBR.txt* & a file named* MBR.dat*.
*MBR.dat* is a backup of the MBR(master boot record), do not delete it.
Copy & Paste the contents of *aswMBR.txt* into your next reply.

*Please reply with:*

New combofix log
aswMBR log


----------



## Defragger (Dec 13, 2012)

Well Gizzy, the infected machine can no longer connect to the web so I am swapping files to wife's machine with the flashdrive. That happened after the first round of ComboFix and FRST64. When it rebooted, it ran Windows Update and installed some updates and when I rebooted later last night I could no longer connect it.
I ran ComboFix with the script with no problem but aswMBR could not download the updated virus definitions. And here are the logs.

ComboFix

ComboFix 12-12-14.01 - DeFragger 12/16/2012 6:54.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.6610 [GMT -5:00]
Running from: c:\users\DeFragger\Desktop\ComboFix.exe
Command switches used :: c:\users\DeFragger\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-16 to 2012-12-16 )))))))))))))))))))))))))))))))
.
.
2012-12-16 11:56 . 2012-12-16 11:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-16 11:56 . 2012-12-16 11:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-15 11:54 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-15 00:14 . 2012-12-15 00:14 -------- d-----w- C:\FRST
2012-12-13 22:17 . 2012-12-13 22:17 -------- d-----w- c:\users\DeFragger\AppData\Roaming\ParetoLogic
2012-12-13 22:17 . 2012-12-13 22:20 -------- d-----w- c:\programdata\ParetoLogic
2012-12-13 20:51 . 2012-12-15 16:10 -------- d-----w- c:\users\DeFragger\AppData\Local\ElevatedDiagnostics
2012-12-13 01:31 . 2012-12-13 01:31 -------- d-----w- c:\windows\Sun
2012-12-10 22:28 . 2012-12-10 22:28 -------- d-----w- c:\users\DeFragger\AppData\Roaming\Malwarebytes
2012-12-10 22:28 . 2012-12-10 22:28 -------- d-----w- c:\programdata\Malwarebytes
2012-12-10 21:45 . 2012-12-10 21:45 -------- d-----w- c:\users\DeFragger\AppData\Roaming\SpeedyPC Software
2012-12-10 21:45 . 2012-12-10 21:45 -------- d-----w- c:\users\DeFragger\AppData\Roaming\DriverCure
2012-12-10 21:45 . 2012-12-10 22:18 -------- d-----w- c:\programdata\SpeedyPC Software
2012-12-09 16:12 . 2012-12-10 22:19 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-12-09 16:11 . 2012-12-09 16:13 -------- d-----w- c:\program files (x86)\AVS Video Converter
2012-12-09 15:54 . 2012-12-09 16:04 -------- d-----w- c:\program files (x86)\MPC-HC
2012-12-09 15:52 . 2012-12-09 15:52 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-12-09 15:52 . 2012-12-13 21:31 -------- d-----w- c:\program files (x86)\Mega Codec Pack
2012-12-09 15:20 . 2012-12-09 15:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-09 15:20 . 2012-12-09 15:19 821736  ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-09 15:20 . 2012-12-09 15:19 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-09 15:19 . 2012-12-09 15:19 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-09 15:19 . 2012-12-09 15:19 -------- d-----w- c:\program files (x86)\Java
2012-12-09 15:19 . 2012-12-09 15:19 -------- d-----w- c:\programdata\McAfee
2012-12-03 23:08 . 2012-12-03 23:08 -------- d-----w- C:\found.000
2012-11-25 13:59 . 2012-12-10 22:04 -------- d-----w- c:\users\DeFragger\AppData\Roaming\Ventrilo
2012-11-25 13:59 . 2012-11-25 13:59 -------- d-----w- c:\program files\Ventrilo
2012-11-25 13:58 . 2012-11-25 13:58 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-11-24 11:34 . 2012-04-16 14:08 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-11-24 11:34 . 2001-09-05 09:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-11-24 11:34 . 2001-09-05 09:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-11-24 11:34 . 2001-09-05 09:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-11-24 11:34 . 2001-09-05 09:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-11-23 22:36 . 2012-11-23 22:36 -------- d-----w- c:\program files (x86)\Activision
2012-11-22 12:48 . 2012-11-22 13:25 -------- d-----w- c:\program files (x86)\Google
2012-11-19 09:40 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 15:38 . 2012-04-18 10:02 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-15 11:48 . 2012-04-17 08:47 22368 ----a-w- c:\windows\system32\drivers\AFD.SYS
2012-12-15 11:48 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
2012-11-22 12:48 . 2012-04-16 08:17 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-22 12:48 . 2012-04-16 08:17 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-08 11:06 . 2012-09-26 19:31 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-10-30 00:45 . 2012-10-30 00:45 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 09:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 09:40 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 09:40 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-11 02:23 . 2012-10-11 02:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-11 02:23 . 2012-10-11 02:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 02:23 . 2012-10-11 02:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 02:23 . 2012-10-11 02:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 02:23 . 2012-10-11 02:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 02:23 . 2012-10-11 02:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 02:23 . 2012-10-11 02:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 02:23 . 2012-10-11 02:23  831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-11 02:23 . 2012-10-11 02:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-11 02:23 . 2012-10-11 02:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 02:23 . 2012-04-10 14:30 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 02:23 . 2012-04-10 14:30 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-11 02:23 . 2012-10-11 02:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 02:23 . 2012-10-11 02:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 02:23 . 2012-10-11 02:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 02:22 . 2012-10-11 02:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 02:22 . 2012-10-11 02:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 02:22 . 2012-04-10 14:30 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 02:22 . 2012-10-11 02:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 02:22 . 2012-10-11 02:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 02:22 . 2012-10-11 02:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 02:22 . 2012-10-11 02:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:22 . 2012-10-11 02:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-09 18:17 . 2012-11-14 09:48 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 09:48 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 09:48 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 09:48 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-08 19:11 . 2012-10-08 19:11 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-04 16:40 . 2012-12-15 11:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 09:48 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 09:48 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 09:48 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 09:48 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 09:48 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 09:48 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 09:48 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 09:48 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 09:48 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 09:48 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 09:48 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 19:51 . 2012-04-10 14:30 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2012-04-10 14:30 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-04-10 14:30 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-04-10 14:30 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-04-10 14:30 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-04-10 14:30 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-10-02 07:30 . 2012-10-02 07:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-25 22:47 . 2012-11-14 09:48 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 09:48 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-21 07:46 . 2012-09-21 07:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 07:46 . 2012-09-21 07:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-08 11:06 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-11-06 15:07 220160 ----a-w- c:\program files (x86)\Mega Codec Pack\Filters\Haali\mmdinfo.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-17 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-08 30568]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [2012-04-16 947328]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-08 711112]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uSearch Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-09 11:12; [email protected]; c:\users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636&q=
FF - user.js: extensions.funmoods.id - C860006C8C0D8BCB
FF - user.js: extensions.funmoods.instlDay - 15593
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.221:14
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: security.csp.enable - false
FF - user.js: extensions.autoDisableScopes - 14//Playbryte-fa-ptn
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\1394ohci]
"ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI]
"ImagePath"="system32\drivers\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AcpiPmi]
"ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeARMservice]
"ImagePath"="\"c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adp94xx]
"ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpahci]
"ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpu320]
"ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adsi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aliide]
"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdide]
"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdK8]
"ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdPPM]
"ImagePath"="\SystemRoot\system32\drivers\amdppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsata]
"ImagePath"="\SystemRoot\system32\drivers\amdsata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsbs]
"ImagePath"="\SystemRoot\system32\drivers\amdsbs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdxata]
"ImagePath"="system32\drivers\amdxata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Apowersoft_AudioDevice]
"ImagePath"="system32\drivers\Apowersoft_AudioDevice.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppID]
"ImagePath"="\SystemRoot\system32\drivers\appid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc]
"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arc]
"ImagePath"="\SystemRoot\system32\drivers\arc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arcsas]
"ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\asHmComSvc]
"ImagePath"="c:\program files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AsIO]
"ImagePath"="SysWow64\drivers\AsIO.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\asmthub3]
"ImagePath"="system32\DRIVERS\asmthub3.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\asmtxhci]
"ImagePath"="system32\DRIVERS\asmtxhci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgloga]
"ImagePath"="system32\DRIVERS\avgloga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgtp]
"ImagePath"="\??\c:\windows\system32\drivers\avgtpx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV]
"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b06bdrv]
"ImagePath"="\SystemRoot\system32\drivers\bxvbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b57nd60a]
"ImagePath"="system32\DRIVERS\b57nd60a.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC]
"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Beep]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\blbdrive]
"ImagePath"="system32\DRIVERS\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\drivers\BrFiltLo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\drivers\BrFiltUp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BridgeMP]
"ImagePath"="system32\DRIVERS\bridge.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Brserid]
"ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrSerWdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbMdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbSer]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv]
"ServiceDll"="%SystemRoot%\system32\bthserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\catchme]
"ImagePath"="\??\c:\combofix\catchme.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\circlass]
"ImagePath"="\SystemRoot\system32\drivers\circlass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_64]
"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmBatt]
"ImagePath"="\SystemRoot\system32\drivers\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdide]
"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CNG]
"ImagePath"="System32\Drivers\cng.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Compbatt]
"ImagePath"="\SystemRoot\system32\drivers\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CompositeBus]
"ImagePath"="system32\DRIVERS\CompositeBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crcdisk]
"ImagePath"="\SystemRoot\system32\drivers\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cvhsvc]
"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DCLocator]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\defragsvc]
"ServiceDll"="%Systemroot%\System32\defragsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\discache]
"ImagePath"="System32\drivers\discache.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk]
"ImagePath"="system32\drivers\disk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ebdrv]
"ImagePath"="\SystemRoot\system32\drivers\evbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\elxstor]
"ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ESENT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\exfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fastfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdc]
"ImagePath"="\SystemRoot\system32\drivers\fdc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\flpydisk]
"ImagePath"="\SystemRoot\system32\drivers\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FsDepends]
"ImagePath"="System32\drivers\FsDepends.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fssfltr]
"ImagePath"="system32\DRIVERS\fssfltr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fsssvc]
"ImagePath"="\"c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fvevol]
"ImagePath"="System32\DRIVERS\fvevol.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gagp30kx]
"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hcw85cir]
"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBatt]
"ImagePath"="\SystemRoot\system32\drivers\HidBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBth]
"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidIr]
"ImagePath"="\SystemRoot\system32\drivers\hidir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener]
"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider]
"ServiceDll"="%SystemRoot%\system32\provsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HpSAMD]
"ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwpolicy]
"ImagePath"="System32\drivers\hwpolicy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStor]
"ImagePath"="system32\DRIVERS\iaStor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IAStorDataMgrSvc]
"ImagePath"="\"c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iirsp]
"ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\inetaccs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RTKVHD64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Intel(R) Capability Licensing Service Interface]
"ImagePath"="\"c:\program files\Intel\iCLS Client\HeciServer.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelide]
"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPNAT]
"ImagePath"="System32\drivers\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\isapnp]
"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iScsiPrt]
"ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\jhi_service]
"ImagePath"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecPkg]
"ImagePath"="System32\Drivers\ksecpkg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ksthunk]
"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ldap]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Lsa]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_FC]
"ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS2]
"ImagePath"="\SystemRoot\system32\drivers\lsi_sas2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MAV Client PerfMon Provider]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\megasas]
"ImagePath"="\SystemRoot\system32\drivers\megasas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MegaSR]
"ImagePath"="\SystemRoot\system32\drivers\MegaSR.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEIx64]
"ImagePath"="system32\DRIVERS\HECIx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mountmgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MozillaMaintenance]
"ImagePath"="c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpio]
"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msahci]
"ImagePath"="system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msdsm]
"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Msfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mshidkmdf]
"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsRPC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTConfig]
"ImagePath"="\SystemRoot\system32\drivers\MTConfig.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisCap]
"ImagePath"="system32\DRIVERS\ndiscap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nfrd960]
"ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Npfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTDS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ntfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Null]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NVHDA]
"ImagePath"="system32\drivers\nvhda64v.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvlddmkm]
"ImagePath"="system32\DRIVERS\nvlddmkm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvraid]
"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvstor]
"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvsvc]
"ImagePath"="c:\windows\system32\nvvsvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvUpdatusService]
"ImagePath"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ohci1394]
"ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ose]
"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\osppsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Parport]
"ImagePath"="\SystemRoot\system32\drivers\parport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pciide]
"ImagePath"="\SystemRoot\system32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcmcia]
"ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcw]
"ImagePath"="System32\drivers\pcw.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfHost]
"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfNet]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfOS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfProc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PortProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Power]
"ServiceDll"="%SystemRoot%\system32\umpo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Processor]
"ImagePath"="\SystemRoot\system32\drivers\processr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Psched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql2300]
"ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql40xx]
"ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAgileVpn]
"ImagePath"="system32\DRIVERS\AgileVpn.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdpbus]
"ImagePath"="\SystemRoot\system32\drivers\rdpbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPNP]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPREFMP]
"ImagePath"="system32\drivers\rdprefmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPUDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RdpVideoMiniport]
"ImagePath"="System32\drivers\rdpvideominiport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPWD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdyboost]
"ImagePath"="System32\drivers\rdyboost.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper]
"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RTL8167]
"ImagePath"="system32\DRIVERS\Rt64win7.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sbp2port]
"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\scfilter]
"ImagePath"="System32\DRIVERS\scfilter.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\secdrv]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc]
"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serenum]
"ImagePath"="\SystemRoot\system32\drivers\serenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serial]
"ImagePath"="\SystemRoot\system32\drivers\serial.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sermouse]
"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sfloppy]
"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftfs]
"ImagePath"="system32\DRIVERS\Sftfslh.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sftlist]
"ImagePath"="\"c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftplay]
"ImagePath"="system32\DRIVERS\Sftplaylh.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftredir]
"ImagePath"="system32\DRIVERS\Sftredirlh.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftvol]
"ImagePath"="system32\DRIVERS\Sftvollh.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sftvsa]
"ImagePath"="\"c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid2]
"ImagePath"="\SystemRoot\system32\drivers\SiSRaid2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid4]
"ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\spldr]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc]
"ImagePath"="%SystemRoot%\system32\sppsvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify]
"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Steam Client Service]
"ImagePath"="c:\program files (x86)\Common Files\Steam\SteamService.exe /RunAsService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Stereo Service]
"ImagePath"="c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stexstor]
"ImagePath"="\SystemRoot\system32\drivers\stexstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6TUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIPTUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Themes]
"ServiceDll"="%SystemRoot%\system32\themeservice.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TomTomHOMEService]
"ImagePath"="\"c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TSDDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TsUsbFlt]
"ImagePath"="system32\drivers\tsusbflt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TsUsbGD]
"ImagePath"="\SystemRoot\system32\drivers\TsUsbGD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uagp35]
"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGatherer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\umbus]
"ImagePath"="system32\DRIVERS\umbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmPass]
"ImagePath"="\SystemRoot\system32\drivers\umpass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbohci]
"ImagePath"="\SystemRoot\system32\drivers\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbprint]
"ImagePath"="\SystemRoot\system32\drivers\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbuhci]
"ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrvroot]
"ImagePath"="system32\drivers\vdrvroot.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vhdmp]
"ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\viaide]
"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vsmraid]
"ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
"ImagePath"="c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]
"ImagePath"="\SystemRoot\System32\drivers\vwifibus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]
"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc]
"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]
"ImagePath"="\"%systemroot%\system32\wbengine.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]
"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]
"ImagePath"="\SystemRoot\system32\drivers\wd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]
"ImagePath"="system32\DRIVERS\wfplwf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]
"ImagePath"="system32\drivers\wimmount.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinUsb]
"ImagePath"="system32\DRIVERS\WinUsb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlcrasvc]
"ImagePath"="\"c:\program files\Windows Live\Mesh\wlcrasvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlidsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]
"ImagePath"="system32\DRIVERS\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]
"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]
"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{F1B89120-180F-4C2A-A43A-1B5E91D75DC6}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e2,7b,5c,c5,b0,8f,35,9c,d2,1d,b6,86,e5,10,4b,c1,75,0d,5c,0a,36,8c,64,
f1,30,d4,03,5e,f8,d9,1b,9e,e2,ef,25,5d,10,c2,79,09,f2,13,19,c4,d5,97,b5,0b,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\SecuROM\License information*]
"datasecu"=hex:b1,b0,5a,20,80,a2,91,da,a6,05,8b,36,7a,9b,bb,d8,b3,b3,19,08,ac,
4b,36,74,87,f1,6c,00,3a,79,5c,4a,49,51,d5,62,79,fd,db,96,f6,9b,fc,c7,6a,e8,\
"rkeysecu"=hex:56,c6,0d,e0,20,27,f2,5f,5e,7a,0c,15,6c,01,a7,f3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2012-12-16 07:03:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-16 12:03
.
Pre-Run: 891,568,533,504 bytes free
Post-Run: 891,193,782,272 bytes free
.
- - End Of File - - A258223468D72CDAE79CDDC4F60F1C8B

aswMBR

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-16 07:53:39
-----------------------------
07:53:39.468 OS Version: Windows x64 6.1.7601 Service Pack 1
07:53:39.468 Number of processors: 4 586 0x2A07
07:53:39.468 ComputerName: KIMS_BEAST UserName: DeFragger
07:54:01.203 Initialize success
07:54:17.968 AVAST engine download error: 0
07:56:09.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:56:09.609 Disk 0 Vendor: ST1000DM CC4C Size: 953869MB BusType: 3
07:56:09.609 Disk 0 MBR read successfully
07:56:09.625 Disk 0 MBR scan
07:56:09.625 Disk 0 Windows 7 default MBR code
07:56:09.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 63
07:56:09.875 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953766 MB offset 211680
07:56:09.921 Disk 0 scanning C:\Windows\system32\drivers
07:56:28.359 Service scanning
07:57:13.125 Modules scanning
07:57:13.140 Disk 0 trace - called modules:
07:57:13.171 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
07:57:13.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009a2a060]
07:57:13.171 3 CLASSPNP.SYS[fffff88001dbe43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007143050]
07:57:13.187 Scan finished successfully
07:58:08.750 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
07:58:08.765 The log file has been saved successfully to "E:\aswMBR.txt"


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,
Internet connection problems are often encountered when removing Zero Access.
Please run FRST again like the first time to get a new log leaving out the search portion, Instructions below if needed.

*FRST*

Plug the USB drive into the infected machine.
*Boot your computer into Recovery Environment*


Restart the computer and press *F8* repeatedly until the *Advanced Options Menu* appears.
Select *Repair your computer*.
Select Language and click *Next*
Enter password (if necessary) and click *OK*
Select the *Command Prompt* option.
A command window will open.
Type *notepad* then hit *Enter*.
Notepad will open.
Click *File > Open* then select *Computer*.
Note down the drive letter for your *USB Drive*.
Close Notepad.


Back in the command window ....
Type *e:/frst64.exe* and hit *Enter* (where *e:* is replaced by the drive letter for your USB drive)
*FRST* will start to run.
When the tool opens click Yes to disclaimer.
Press *Scan* button.
When finished scanning it will make a log *FRST.txt* on the flash drive.


Close the command window.
Boot back into normal mode and post me the *FRST.txt* log please.

*Farbar Service Scanner[*
Please download Farbar Service Scanner and run it on the computer with the issue. (Right-click and *Run as administrator*)

Make sure the following options are checked:
*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center*
*Windows Update*
*Windows Defender*

Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

*MiniToolBox*
Please download MiniToolBox, save it to your desktop and run it. (Right-click and *Run as administrator*)

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Devices
List Users, Partitions and Memory size.
Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

*Note:* When using "Reset FF Proxy Settings" option Firefox should be closed.

*Please reply with:*

New FRST log
Farbar Service Scanner log
MiniToolBox log


----------



## Defragger (Dec 13, 2012)

Okay Gizzy, here are the log files requested. I hope I am doing all this correctly, if not, please admonish me. Thank you.

FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 17-12-2012 04:49:12
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7560296 2011-12-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
HKLM-x32\...\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [856160 2012-09-26] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

==================== Services (Whitelisted) ===================

2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [947328 2012-04-16] (ASUSTeK Computer Inc.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
2 TomTomHOMEService; "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [92632 2012-08-28] (TomTom)
2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()

==================== Drivers (Whitelisted) =====================

3 Apowersoft_AudioDevice; C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2012-04-16] ()
1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-12-16 05:24 - 2012-12-16 05:24 - 00003288 ____N C:\bootsqm.dat
2012-12-16 04:03 - 2012-12-16 04:03 - 00073094 ____A C:\ComboFix.txt
2012-12-16 03:54 - 2012-12-16 04:04 - 00000000 ____D C:\ComboFix
2012-12-16 03:49 - 2012-12-16 03:32 - 04732416 ____A (AVAST Software) C:\Users\DeFragger\Desktop\aswMBR.exe
2012-12-15 07:37 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-15 07:37 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-15 07:37 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-15 07:37 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-15 07:37 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-15 07:37 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-15 07:37 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-15 07:37 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-15 07:37 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-15 07:37 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-15 07:37 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-15 07:37 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-15 07:37 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-15 07:37 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-15 07:37 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-15 07:37 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-15 07:37 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-15 07:37 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-15 07:37 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-15 07:37 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-15 07:37 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-15 07:37 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-15 07:37 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-15 07:37 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-15 07:37 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-15 07:37 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-15 07:37 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-15 07:37 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-15 07:37 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-15 07:37 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-15 07:37 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-15 07:37 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-15 03:54 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-15 03:54 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-15 03:54 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-15 03:54 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-15 03:54 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-15 03:54 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-15 03:54 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-15 03:54 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-15 03:54 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-15 03:54 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-15 03:54 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-15 03:54 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-15 03:54 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-15 03:54 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-15 03:54 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-15 03:54 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-15 03:54 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-15 03:54 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-15 03:54 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-15 03:54 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-15 03:39 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-12-15 03:39 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-12-15 03:39 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-12-15 03:39 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-12-15 03:39 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-12-15 03:39 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-12-15 03:39 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-12-15 03:39 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-12-15 03:38 - 2012-12-16 04:03 - 00000000 ____D C:\Qoobox
2012-12-15 03:38 - 2012-12-15 03:45 - 00000000 ____D C:\Windows\erdnt
2012-12-15 03:23 - 2012-12-15 03:23 - 05010912 ____R (Swearware) C:\Users\DeFragger\Desktop\ComboFix.exe
2012-12-14 16:14 - 2012-12-14 16:14 - 00000000 ____D C:\FRST
2012-12-14 12:52 - 2012-12-14 12:52 - 01461033 ____A (Farbar) C:\Users\DeFragger\Desktop\FRST64.exe
2012-12-13 14:17 - 2012-12-13 14:20 - 00000000 ____D C:\Users\All Users\ParetoLogic
2012-12-13 14:17 - 2012-12-13 14:17 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\ParetoLogic
2012-12-12 18:00 - 2012-12-17 01:38 - 00369795 ____A C:\Windows\WindowsUpdate.log
2012-12-12 17:31 - 2012-12-12 17:31 - 00000000 ____D C:\Windows\Sun
2012-12-12 17:14 - 2012-12-12 17:14 - 00509440 ____A (Tech Support Guy System) C:\Users\DeFragger\Desktop\SysInfo.exe
2012-12-12 17:04 - 2012-12-12 17:04 - 00688992 ____R (Swearware) C:\Users\DeFragger\Desktop\dds.scr
2012-12-12 17:04 - 2012-12-12 17:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\DeFragger\Desktop\HijackThis.exe
2012-12-10 15:06 - 2012-12-16 03:57 - 00008436 ____A C:\Windows\PFRO.log
2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Malwarebytes
2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-10 14:16 - 2012-12-17 01:36 - 00002418 ____A C:\Windows\setupact.log
2012-12-10 14:16 - 2012-12-10 14:16 - 00000000 ____A C:\Windows\setuperr.log
2012-12-10 14:10 - 2012-12-10 14:10 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\DeFragger\Downloads\mb.exe
2012-12-10 13:45 - 2012-12-10 14:18 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-12-10 13:45 - 2012-12-10 13:45 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\SpeedyPC Software
2012-12-10 13:45 - 2012-12-10 13:45 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\DriverCure
2012-12-09 08:34 - 2012-12-09 08:34 - 00821248 ____A C:\Users\DeFragger\Downloads\FreeISOBurner.exe
2012-12-09 08:12 - 2012-12-10 14:19 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-12-09 08:11 - 2012-12-09 08:13 - 00000000 ____D C:\Program Files (x86)\AVS Video Converter
2012-12-09 07:54 - 2012-12-09 08:04 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2012-12-09 07:52 - 2012-12-13 13:31 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-12-09 07:20 - 2012-12-09 07:20 - 00000000 ____D C:\Users\All Users\Sun
2012-12-09 07:20 - 2012-12-09 07:19 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-12-09 07:20 - 2012-12-09 07:19 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-12-09 07:20 - 2012-12-09 07:19 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-12-09 07:19 - 2012-12-09 07:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-12-09 07:19 - 2012-12-09 07:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-12-09 07:19 - 2012-12-09 07:19 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-12-09 07:19 - 2012-12-09 07:19 - 00000000 ____D C:\Users\All Users\McAfee
2012-12-09 07:19 - 2012-12-09 07:19 - 00000000 ____D C:\Program Files (x86)\Java
2012-12-08 06:23 - 2012-12-08 07:12 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink Floyd - full discography
2012-12-08 06:18 - 2012-12-08 06:18 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink Floyd Meddle [Original Recording Remastered] 320 Kbps
2012-12-08 06:17 - 2012-12-08 06:17 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink_Floyd_Greatest_Hits.www.lokotorrents.com
2012-12-06 12:57 - 2012-12-11 12:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-05 18:07 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-12-05 18:07 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-12-05 18:07 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-12-05 18:07 - 2012-08-24 10:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-12-05 18:07 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-12-05 18:07 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-12-05 18:07 - 2012-08-24 08:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-12-05 18:07 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-12-05 18:07 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-12-05 18:07 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2012-12-05 18:07 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2012-12-05 18:07 - 2012-08-23 06:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2012-12-05 18:07 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2012-12-05 18:07 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2012-12-05 18:07 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2012-12-05 18:07 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-12-05 18:07 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-12-05 18:07 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-12-05 18:07 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2012-12-05 18:07 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2012-12-05 18:07 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2012-12-05 18:07 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-12-05 18:07 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2012-12-05 18:07 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2012-12-05 18:07 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2012-12-05 18:07 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2012-12-05 18:07 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2012-12-05 18:07 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2012-12-05 18:07 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2012-12-05 18:07 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2012-12-05 18:07 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-12-05 18:07 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-12-05 18:07 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2012-12-05 18:07 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-12-03 15:08 - 2012-12-03 15:08 - 00000000 ____D C:\found.000
2012-11-25 05:59 - 2012-12-10 14:04 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Ventrilo
2012-11-25 05:59 - 2012-11-25 05:59 - 00000920 ____A C:\Users\DeFragger\Desktop\Ventrilo.lnk
2012-11-25 05:59 - 2012-11-25 05:59 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2012-11-25 05:59 - 2012-11-25 05:59 - 00000000 ____D C:\Program Files\Ventrilo
2012-11-25 05:58 - 2012-11-25 05:58 - 00000000 ____D C:\Users\DeFragger\Downloads\Ventrilo
2012-11-24 03:30 - 2012-11-24 03:31 - 00000000 ____D C:\Users\DeFragger\Downloads\COD Patch
2012-11-24 03:26 - 2012-11-24 03:28 - 00000000 ____D C:\Users\DeFragger\Downloads\Kindle Books and Software update
2012-11-24 03:22 - 2012-11-24 03:25 - 00000000 ____D C:\Users\DeFragger\Downloads\Red Alert
2012-11-23 14:47 - 2012-11-23 14:47 - 00001882 ____A C:\Users\Public\Desktop\Call of Duty(R) 2 Single Player.lnk
2012-11-23 14:47 - 2012-11-23 14:47 - 00001882 ____A C:\Users\Public\Desktop\Call of Duty(R) 2 Multiplayer.lnk
2012-11-23 14:47 - 2012-11-23 14:47 - 00000293 ____A C:\Windows\game.ini
2012-11-23 14:36 - 2012-11-23 14:36 - 00000000 ____D C:\Program Files (x86)\Activision
2012-11-22 04:48 - 2012-11-22 05:25 - 00000000 ____D C:\Program Files (x86)\Google
2012-11-19 01:40 - 2012-10-02 11:50 - 02557800 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll

==================== One Month Modified Files and Folders =======

2012-12-17 01:43 - 2009-07-13 21:13 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-17 01:43 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-17 01:43 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-17 01:39 - 2012-04-16 00:50 - 00000000 ____D C:\Users\All Users\MFAData
2012-12-17 01:38 - 2012-12-12 18:00 - 00369795 ____A C:\Windows\WindowsUpdate.log
2012-12-17 01:36 - 2012-12-10 14:16 - 00002418 ____A C:\Windows\setupact.log
2012-12-17 01:36 - 2012-04-10 06:30 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-12-17 01:36 - 2009-07-13 21:08 - 00032544 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-17 01:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-16 05:24 - 2012-12-16 05:24 - 00003288 ____N C:\bootsqm.dat
2012-12-16 04:43 - 2012-04-17 00:47 - 00022368 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\AFD.SYS
2012-12-16 04:43 - 2009-07-13 16:10 - 00022368 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\WS2IFSL.SYS
2012-12-16 04:04 - 2012-12-16 03:54 - 00000000 ____D C:\ComboFix
2012-12-16 04:03 - 2012-12-16 04:03 - 00073094 ____A C:\ComboFix.txt
2012-12-16 04:03 - 2012-12-15 03:38 - 00000000 ____D C:\Qoobox
2012-12-16 04:03 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2012-12-16 03:59 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-12-16 03:57 - 2012-12-10 15:06 - 00008436 ____A C:\Windows\PFRO.log
2012-12-16 03:32 - 2012-12-16 03:49 - 04732416 ____A (AVAST Software) C:\Users\DeFragger\Desktop\aswMBR.exe
2012-12-15 08:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-12-15 07:58 - 2009-07-13 20:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-15 07:38 - 2012-04-18 02:02 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-15 03:45 - 2012-12-15 03:38 - 00000000 ____D C:\Windows\erdnt
2012-12-15 03:23 - 2012-12-15 03:23 - 05010912 ____R (Swearware) C:\Users\DeFragger\Desktop\ComboFix.exe
2012-12-14 16:14 - 2012-12-14 16:14 - 00000000 ____D C:\FRST
2012-12-14 14:10 - 2012-04-04 05:40 - 00028644 ____A C:\Windows\Ascd_tmp.ini
2012-12-14 14:10 - 2012-04-04 05:40 - 00001769 ____A C:\Windows\Language_trs.ini
2012-12-14 12:52 - 2012-12-14 12:52 - 01461033 ____A (Farbar) C:\Users\DeFragger\Desktop\FRST64.exe
2012-12-13 14:31 - 2012-05-02 15:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-12-13 14:20 - 2012-12-13 14:17 - 00000000 ____D C:\Users\All Users\ParetoLogic
2012-12-13 14:17 - 2012-12-13 14:17 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\ParetoLogic
2012-12-13 13:31 - 2012-12-09 07:52 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-12-12 17:31 - 2012-12-12 17:31 - 00000000 ____D C:\Windows\Sun
2012-12-12 17:14 - 2012-12-12 17:14 - 00509440 ____A (Tech Support Guy System) C:\Users\DeFragger\Desktop\SysInfo.exe
2012-12-12 17:04 - 2012-12-12 17:04 - 00688992 ____R (Swearware) C:\Users\DeFragger\Desktop\dds.scr
2012-12-12 17:04 - 2012-12-12 17:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\DeFragger\Desktop\HijackThis.exe
2012-12-11 12:26 - 2012-04-18 15:23 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Winamp
2012-12-11 12:18 - 2012-12-06 12:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-11 12:18 - 2012-09-09 21:23 - 00000000 ____D C:\Users\All Users\WinZip
2012-12-11 12:17 - 2012-06-21 06:23 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\uTorrent
2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Malwarebytes
2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-10 14:22 - 2012-09-26 11:31 - 00000000 ____D C:\Users\All Users\AVG2013
2012-12-10 14:19 - 2012-12-09 08:12 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-12-10 14:18 - 2012-12-10 13:45 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-12-10 14:16 - 2012-12-10 14:16 - 00000000 ____A C:\Windows\setuperr.log
2012-12-10 14:10 - 2012-12-10 14:10 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\DeFragger\Downloads\mb.exe
2012-12-10 14:04 - 2012-11-25 05:59 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Ventrilo
2012-12-10 14:04 - 2012-08-26 04:11 - 00000000 ____D C:\Windows\Minidump
2012-12-10 14:04 - 2012-04-19 12:49 - 00000000 ____D C:\Program Files (x86)\Steam
2012-12-10 14:04 - 2012-04-18 11:29 - 00000000 ___DC C:\Users\DeFragger\AppData\Local\MigWiz
2012-12-10 14:04 - 2011-11-21 17:24 - 00000000 ____D C:\Windows\panther
2012-12-10 13:45 - 2012-12-10 13:45 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\SpeedyPC Software
2012-12-10 13:45 - 2012-12-10 13:45 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\DriverCure
2012-12-09 08:34 - 2012-12-09 08:34 - 00821248 ____A C:\Users\DeFragger\Downloads\FreeISOBurner.exe
2012-12-09 08:13 - 2012-12-09 08:11 - 00000000 ____D C:\Program Files (x86)\AVS Video Converter
2012-12-09 08:04 - 2012-12-09 07:54 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2012-12-09 07:59 - 2012-09-09 20:49 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\vlc
2012-12-09 07:20 - 2012-12-09 07:20 - 00000000 ____D C:\Users\All Users\Sun
2012-12-09 07:19 - 2012-12-09 07:20 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-12-09 07:19 - 2012-12-09 07:20 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-12-09 07:19 - 2012-12-09 07:20 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-12-09 07:19 - 2012-12-09 07:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-12-09 07:19 - 2012-12-09 07:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-12-09 07:19 - 2012-12-09 07:19 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-12-09 07:19 - 2012-12-09 07:19 - 00000000 ____D C:\Users\All Users\McAfee
2012-12-09 07:19 - 2012-12-09 07:19 - 00000000 ____D C:\Program Files (x86)\Java
2012-12-08 07:45 - 2012-02-09 17:25 - 00000000 ____D C:\My MP3's
2012-12-08 07:12 - 2012-12-08 06:23 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink Floyd - full discography
2012-12-08 06:18 - 2012-12-08 06:18 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink Floyd Meddle [Original Recording Remastered] 320 Kbps
2012-12-08 06:17 - 2012-12-08 06:17 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink_Floyd_Greatest_Hits.www.lokotorrents.com
2012-12-07 01:34 - 2012-05-08 00:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-06 14:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-05 18:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-12-05 17:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2012-12-03 15:08 - 2012-12-03 15:08 - 00000000 ____D C:\found.000
2012-11-25 05:59 - 2012-11-25 05:59 - 00000920 ____A C:\Users\DeFragger\Desktop\Ventrilo.lnk
2012-11-25 05:59 - 2012-11-25 05:59 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2012-11-25 05:59 - 2012-11-25 05:59 - 00000000 ____D C:\Program Files\Ventrilo
2012-11-25 05:58 - 2012-11-25 05:58 - 00000000 ____D C:\Users\DeFragger\Downloads\Ventrilo
2012-11-24 03:31 - 2012-11-24 03:30 - 00000000 ____D C:\Users\DeFragger\Downloads\COD Patch
2012-11-24 03:28 - 2012-11-24 03:26 - 00000000 ____D C:\Users\DeFragger\Downloads\Kindle Books and Software update
2012-11-24 03:25 - 2012-11-24 03:22 - 00000000 ____D C:\Users\DeFragger\Downloads\Red Alert
2012-11-23 15:00 - 2012-04-04 05:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-11-23 14:47 - 2012-11-23 14:47 - 00001882 ____A C:\Users\Public\Desktop\Call of Duty(R) 2 Single Player.lnk
2012-11-23 14:47 - 2012-11-23 14:47 - 00001882 ____A C:\Users\Public\Desktop\Call of Duty(R) 2 Multiplayer.lnk
2012-11-23 14:47 - 2012-11-23 14:47 - 00000293 ____A C:\Windows\game.ini
2012-11-23 14:36 - 2012-11-23 14:36 - 00000000 ____D C:\Program Files (x86)\Activision
2012-11-23 04:43 - 2012-04-15 23:46 - 00000000 ____D C:\Users\DeFragger\AppData\Local\VirtualStore
2012-11-22 06:43 - 2012-05-18 11:50 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-11-22 05:25 - 2012-11-22 04:48 - 00000000 ____D C:\Program Files (x86)\Google
2012-11-22 05:25 - 2012-04-18 11:09 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\SoftGrid Client
2012-11-22 04:48 - 2012-09-09 20:34 - 00000000 ____D C:\Users\DeFragger\AppData\Local\Google
2012-11-22 04:48 - 2012-05-08 16:17 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-22 04:48 - 2012-04-16 00:17 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-22 04:48 - 2012-04-16 00:17 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-21 19:26 - 2012-12-15 03:54 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-19 01:40 - 2012-04-10 06:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-11-19 01:40 - 2012-04-10 06:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-29 01:40:50
Restore point made on: 2012-12-05 18:07:21
Restore point made on: 2012-12-09 07:19:50
Restore point made on: 2012-12-10 14:19:13
Restore point made on: 2012-12-11 12:17:54
Restore point made on: 2012-12-11 12:19:23
Restore point made on: 2012-12-15 03:39:37
Restore point made on: 2012-12-15 07:37:21

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8173.21 MB
Available physical RAM: 7389.9 MB
Total Pagefile: 8171.41 MB
Available Pagefile: 7378.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:830.15 GB) NTFS
2 Drive e: (RA2) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
3 Drive f: (USB20FD) (Removable) (Total:15.22 GB) (Free:15.21 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 2048 KB 
Disk 1 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 31 KB
Partition 2 Primary 931 GB 103 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 24 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F USB20FD FAT32 Removable 15 GB Healthy

=========================================================

Last Boot: 2012-12-05 14:54

==================== End Of Log =============================

FSS log

Farbar Service Scanner Version: 10-12-2012
Ran by DeFragger (administrator) on 17-12-2012 at 04:52:42
Running from "E:\"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. 
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Disabled Policy: 
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-04-17 03:47] - [2012-12-16 07:43] - 0022368 ____A (AVG Technologies CZ, s.r.o. ) 42B7E1AA0C7EC54652A50585793F1885

ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

MiniToolBox log

MiniToolBox by Farbar Version: 25-11-2012
Ran by DeFragger (administrator) on 17-12-2012 at 04:58:11
Running from "C:\Users\DeFragger\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Kims_Beast
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : C8-60-00-6C-8C-0D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5cb3:1268:b504:22e9%11(Preferred) 
Autoconfiguration IPv4 Address. . : 169.254.34.233(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{F1B89120-180F-4C2A-A43A-1B5E91D75DC6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...c8 60 00 6c 8c 0d ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.34.233 276
169.254.34.233 255.255.255.255 On-link 169.254.34.233 276
169.254.255.255 255.255.255.255 On-link 169.254.34.233 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.34.233 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.34.233 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::5cb3:1268:b504:22e9/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/17/2012 04:52:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2012 04:51:12 AM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/17/2012 04:38:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2012 04:36:28 AM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/16/2012 11:28:10 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (12/16/2012 11:18:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2012 11:16:28 AM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/16/2012 08:37:18 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (12/16/2012 08:27:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2012 08:25:34 AM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

System errors:
=============
Error: (12/17/2012 04:58:14 AM) (Source: Service Control Manager) (User: )
Description: The HTTP service failed to start due to the following error: 
%%22

Error: (12/17/2012 04:53:29 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147014846

Error: (12/17/2012 04:53:28 AM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error: 
%%22

Error: (12/17/2012 04:53:28 AM) (Source: Service Control Manager) (User: )
Description: The HTTP service failed to start due to the following error: 
%%22

Error: (12/17/2012 04:52:57 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.

Error: (12/17/2012 04:52:57 AM) (Source: Microsoft-Windows-Bits-Client) (User: NT AUTHORITY)
Description: The BITS service failed to start. Error 2147952450.

Error: (12/17/2012 04:51:27 AM) (Source: Service Control Manager) (User: )
Description: The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error: 
%%1068

Error: (12/17/2012 04:51:27 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1068

Error: (12/17/2012 04:51:27 AM) (Source: Service Control Manager) (User: )
Description: The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: 
%%1068

Error: (12/17/2012 04:51:27 AM) (Source: Service Control Manager) (User: )
Description: The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: 
%%1068

Microsoft Office Sessions:
=========================
Error: (12/17/2012 04:52:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2012 04:51:12 AM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/17/2012 04:38:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2012 04:36:28 AM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/16/2012 11:28:10 AM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (12/16/2012 11:18:00 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2012 11:16:28 AM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/16/2012 08:37:18 AM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (12/16/2012 08:27:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2012 08:25:34 AM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

CodeIntegrity Errors:
===================================
Date: 2012-12-15 06:42:38.194
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-15 06:42:38.178
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

========================= Devices: ================================

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HTTP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

========================= Memory info: ===================================

Percentage of memory in use: 16%
Total physical RAM: 8173.21 MB
Available physical RAM: 6789.85 MB
Total Pagefile: 16344.62 MB
Available Pagefile: 14935.52 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.86 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:830.14 GB) NTFS
2 Drive d: (RA2) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
3 Drive e: (USB20FD) (Removable) (Total:15.22 GB) (Free:15.21 GB) FAT32

========================= Users: ========================================

User accounts for \\

Administrator DeFragger Guest 
UpdatusUser

**** End of log ****


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,



> I hope I am doing all this correctly, if not, please admonish me.


You're doing great. 
We need to search for another file.

*Boot into Recovery Environment*


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
Type *afd.sys;WS2IFSL.SYS* into the *Search:* box in FRST
Click the *Search Files* button.
FRST will scan your machine looking for files.
When finished scanning it will make a log *Search.txt* on the flash drive.
Close the command window.
Boot back into normal mode and post me the *Search.txt* log please.

*Please reply with:*

FRST log (Search.txt)


----------



## Defragger (Dec 13, 2012)

Here is the Search Log you requested. And thanks for the encouraging word and all your help.

Farbar Recovery Scan Tool (x64) Version: 11-12-2012
Ran by SYSTEM at 2012-12-18 04:51:51
Running from F:\

================== Search: "afd.sys;WS2IFSL.SYS" ===================

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2012-04-17 00:47] - [2011-12-27 20:01] - 0498176 ____A (Microsoft Corporation) 36A14FD1A23F57046361733B792CA8DB

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011-11-22 08:30] - [2011-04-24 19:09] - 0499200 ____A (Microsoft Corporation) F4AD06143EAC303F55D0E86C40802976

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2012-04-17 00:47] - [2011-12-27 19:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011-11-22 08:30] - [2011-04-24 18:34] - 0499200 ____A (Microsoft Corporation) D5B031C308A409A0A576BFF4CF083D30

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2010-11-20 19:24] - [2010-11-20 19:24] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
[2009-07-13 16:10] - [2009-07-13 16:10] - 0021504 ____A (Microsoft Corporation) 6BCC1D7D2FD2453957C5479A32364E52

C:\Windows\System32\drivers\AFD.SYS
[2012-04-17 00:47] - [2012-12-16 04:43] - 0022368 ____A (AVG Technologies CZ, s.r.o. ) 42B7E1AA0C7EC54652A50585793F1885

C:\Windows\System32\drivers\WS2IFSL.SYS
[2009-07-13 16:10] - [2012-12-16 04:43] - 0022368 ____A (AVG Technologies CZ, s.r.o. ) 42B7E1AA0C7EC54652A50585793F1885

====== End Of Search ======


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,
After running the FRST fix let me know if your internet is working again.

*FRST Fix*
If you still have the old *fixlist.txt* file on your flashdrive please delete it, Then download the new one.
Click the *fixlist.txt* link under *Attached Files* at the bottom of this post to download the attached file *fixlist.txt* and save it to the flashdrive with FRST.

*Boot into Recovery Environment*


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
Press the *Fix* button once and wait.
FRST will process *fixlist.txt*
When finished, it will produce a log *fixlog.txt* on your USB flashdrive.

*Exit out of Recovery Environment and post me the log please.*

*Farbar Service Scanner*

Right-click FSS.exe and select *Run as administrator* to start the program
Make sure the following options are checked:
*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center*
*Windows Update*
*Windows Defender*

Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

*Please reply with:*

FRST log (fixlog.txt)
New Farbar Service Scanner log


----------



## Defragger (Dec 13, 2012)

Sorry Gizzy, no internet connection yet. And here are the log files, as requested.

Frst64

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012
Ran by SYSTEM at 2012-12-18 17:32:21 Run:2
Running from F:\

==============================================

C:\Windows\System32\drivers\AFD.SYS moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys copied successfully to C:\Windows\System32\drivers\AFD.SYS
C:\Windows\System32\drivers\WS2IFSL.SYS moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys copied successfully to C:\Windows\System32\drivers\WS2IFSL.SYS

==== End of Fixlog ====

FSS

Farbar Service Scanner Version: 10-12-2012
Ran by DeFragger (administrator) on 18-12-2012 at 17:36:26
Running from "C:\Users\DeFragger\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. 
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Disabled Policy: 
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,
We're getting there, See if internet works after doing the following.

*Create a New System Restore Point.*

Click Start,
Select *All Programs, Accessories, System Tools* press *System Restore*.
At the *Welcome screen* select *Create a restore point* then press *Next.*
In the description box, type a name to describe this restore point.
System Restore automatically adds (to your description) the current date and time.

Click *Create* to finish creating this restore point.
Click *Close* to exit System Restore.
If you have successfully created a System Restore Point...we can proceed.
*If you have NOT successfully created a System Restore Point STOP! do not go any further!
Please post back so we can determine why it was unsuccessful.*

*Batch file*

Download the Attached zip file *Files.zip* at the bottom of this post
Extract the 2 files (*servicesbatch.bat* and *afdkeys.reg*) onto the infected computer's desktop. *Important:* both files must be on the desktop
Right-click *servicesbatch.bat* on your desktop and select *Run as administrator*. A window will open and close. This is normal.
A file *look.txt* will be created on your desktop, Post the contents in your next reply.

*Farbar Service Scanner*

Right-click FSS.exe and select *Run as administrator* to start the program
Make sure the following options are checked:
*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center*
*Windows Update*
*Windows Defender*

Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

*Please reply with:*

look.txt
New Farbar Service Scanner log


----------



## Defragger (Dec 13, 2012)

A little problem. I couldn't create a restore point the way you suggested. When I went to System Restore there was no option to select 'Create Restore Point'. I could only select 'Next' and then choose a restore point to restore. So I went to 'Control Panel/System and Security/System/System Protection/Create Restore Point' and did it that way. It shows up in 'System Restore' from the start menu so I could select it need be. If this is 'Okay' I will continue with the rest of the steps you described above.


----------



## Gizzy (Aug 2, 2005)

Yes, That way is okay.


----------



## Defragger (Dec 13, 2012)

Sorry, no internet. And here are the log files.

Look.txt

*******************************************************************************
Registrykey: HKEY_LOCAL_MACHINE\SYSTEM\CurrectControlSet\Enum\Root

Object does not exist or user doesn't have enough permissions

----------

Changing permissions to "HKEY_LOCAL_MACHINE\SYSTEM\CurrectControlSet\Enum\Root" was unsuccessful.
Reason:
Object does not exist or user doesn't have enough permissions

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd
BootFlags REG_DWORD 1 (0x1)
DisplayName REG_SZ @%systemroot%\system32\drivers\afd.sys,-1000
Group REG_SZ PNP_TDI
ImagePath REG_EXPAND_SZ \SystemRoot\system32\drivers\afd.sys
Description REG_SZ @%systemroot%\system32\drivers\afd.sys,-1000
ErrorControl REG_DWORD 1 (0x1)
Start REG_DWORD 1 (0x1)
Type REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd\Enum

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd\Parameters

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 (C)

Error: Key: system\currentcontrolset\enum\root\legacy_afd does not exist!

----------

Revoking permissions to "HKEY_LOCAL_MACHINE\SYSTEM\CurrectControlSet\Enum\Root" was unsuccessful.
Reason:
Object does not exist or user doesn't have enough permissions

---------- 
*******************************************************************************
Registrykey: HKEY_LOCAL_MACHINE\SYSTEM\CurrectControlSet\Enum\Root

Object does not exist or user doesn't have enough permissions

---------- 
[SC] ChangeServiceConfig SUCCESS

FSS.txt

Farbar Service Scanner Version: 10-12-2012
Ran by DeFragger (administrator) on 20-12-2012 at 04:43:38
Running from "C:\Users\DeFragger\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.
Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. 
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Disabled Policy: 
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,
The script didn't run as expected, It is better now but not completely, So let's try a different way.

*Batch file*

Download the Attached zip file *afdFiles.zip* at the bottom of this post
Extract the 3 files onto the infected computer's desktop. *Important:* files must be on the desktop
Right-click *afdbatch.bat* on your desktop and select *Run as administrator*. A window will open and close. This is normal.

Then run Farbar Service Scanner once more and post the log.

*Farbar Service Scanner*

Right-click FSS.exe and select *Run as administrator* to start the program
Make sure the following options are checked:
*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center*
*Windows Update*
*Windows Defender*

Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

*Please reply with:*

Farbar Service Scanner


----------



## Defragger (Dec 13, 2012)

Just a note, I received my Win7 disc today, in case it's needed. K, here is the log file.

FSS.txt

Farbar Service Scanner Version: 10-12-2012
Ran by DeFragger (administrator) on 20-12-2012 at 17:15:35
Running from "C:\Users\DeFragger\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.
Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. 
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Disabled Policy: 
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## Gizzy (Aug 2, 2005)

Hi Defraggler,
Apologies for the delay.



Defragger said:


> Just a note, I received my Win7 disc today, in case it's needed. K, here is the log file.


Good. :up:
Though you said earlier


> I would like to try and clean this machine until I can get a recovery disk from IBuyPower and repave.


Would you like to continue or repave your computer? 

If you would like to continue then try the new attached files with the instructions below, But if you want to repave please let me know.
It's your choice, Keeping in mind the link I sent you earlier.

*Batch file*

Download the Attached zip file at the bottom of this post
Extract the 2 files onto the infected computer's desktop. *Important:* both files must be on the desktop
Right-click *legacyafdkeys.bat* on your desktop and select *Run as administrator*. A window will open and close. This is normal.
A file *look2.txt* will be created on your desktop, Post the contents in your next reply.

Please Reply With:

Answer to question and/or look2.txt


----------



## Defragger (Dec 13, 2012)

No problem with a delay, I appreciate greatly the help. And as for the the Win7 disc, I would like to repair, NOT repave this machine. That is, unless you feel it is in our best interest to do that. And with that said, here is the Look log.

Ownerchange for "HKEY_LOCAL_MACHINE\SYSTEM\CurrectControlSet\Enum\Root" to Administrators group was successful
----------

Changing permissions to "HKEY_LOCAL_MACHINE\SYSTEM\CurrectControlSet\Enum\Root" was unsuccessful.
Reason:
Object does not exist or user doesn't have enough permissions

----------

Changing permissions to "HKEY_LOCAL_MACHINE\SYSTEM\CurrectControlSet\Enum\Root" was unsuccessful.
Reason:
Object does not exist or user doesn't have enough permissions

---------- 
*******************************************************************************
Registrykey: HKEY_LOCAL_MACHINE\SYSTEM\CurrectControlSet\Enum\Root

Object does not exist or user doesn't have enough permissions

----------

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 (C)

Error: Key: system\currentcontrolset\enum\root\legacy_afd does not exist!

----------

Revoking permissions to "HKEY_LOCAL_MACHINE\SYSTEM\CurrectControlSet\Enum\Root" was unsuccessful.
Reason:
Object does not exist or user doesn't have enough permissions

----------

Revoking permissions to "HKEY_LOCAL_MACHINE\SYSTEM\CurrectControlSet\Enum\Root" was unsuccessful.
Reason:
Object does not exist or user doesn't have enough permissions

---------- 
*******************************************************************************
Registrykey: HKEY_LOCAL_MACHINE\SYSTEM\CurrectControlSet\Enum\Root

Object does not exist or user doesn't have enough permissions


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,
Stubborn registry key, Let's try the manual way, Before following the instructions below please create a new restore point as you did before.

Download the Attached zip file at the bottom of this post and extract the file (Legacy_afd.reg) to the infected computer's desktop.


Click *Start*
Type *regedit* then right-click *regedit* and select *Run as Administrator* from the matching program list.
Allow any UAC prompts.
In the left pane, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\*Root*
Right-click *Root* in the left pane and select *Permissions*
Click *Everyone* to highlight it in the Group or Usernames section
While *Everyone* is selected put a check mark in the box under *Allow* next to *Full Control*
Click *Apply* and *OK*.
Now double-click *Legacy_afd.reg* and confirm any prompts. Please inform me if you get any error
Please go back to the the *Root* key again while *Everyone* is selected remove check mark in the box under *Allow* next to *Full Control* and close the registry
Restart the computer.

*Farbar Service Scanner*

Right-click FSS.exe and select *Run as administrator* to start the program
Make sure the following options are checked:
*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center*
*Windows Update*
*Windows Defender*

Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

*Please reply with:*

New Farbar Service Scanner log


----------



## Defragger (Dec 13, 2012)

Sorry Gizzy, another problem. When I tried steps 7 and 8 I had a Windows Security pop-up that said; Unable to save permission changes on Root. Access is denied. Awaiting your instructions to proceed.


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,

Download *PsExec.exe* and place the file on the infected computer's desktop.


Go to Start > Run (alternatively use Windows key+R), enter the contents of the code box below. and click *OK*

```
[b]"%userprofile%\desktop\psexec" -i -s /accepteula c:\windows\regedit.exe[/b]
```

First try clicking in the menu at the top *File* > *Import...* then navigate to the *Legacy_afd.reg* file.
Select it then click the *Open* button.
If successful, Restart the computer and reply with a new Farbar Service Scanner log.

If you get any errors try doing the following using the open regedit window (if it's closed, open it again using the command above)

In the left pane, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\*Root*
Right-click *Root* in the left pane and select *Permissions*
Click *Everyone* to highlight it in the Group or Usernames section
While *Everyone* is selected put a check mark in the box under *Allow* next to *Full Control*
Click *Apply* and *OK*.
In the menu at the top click *File* > *Import...* then navigate to the *Legacy_afd.reg* file.
Select it then click the *Open* button.
Please go back to the the *Root* key again while *Everyone* is selected remove check mark in the box under *Allow* next to *Full Control* and close the registry
If successful, Restart the computer and reply with a new Farbar Service Scanner log.

Also in the Group or Usernames section there should only be listed *Everyone* and *System* Let me know if there's anything else listed, And ensure there aren't any boxes checked under *Deny* for either of them.

If you're able to import the reg file without any problems please post a new Farbar Service Scanner log, If not please let me know.


----------



## Defragger (Dec 13, 2012)

Sorry again Gizzy. With PsExec.exe on the desktop and using that command line in the Run box, RegEdit would not open. I can open it manually but still cannot change the permissions. I get the same message: Unable to save permission changes on Root. Access is denied


----------



## Gizzy (Aug 2, 2005)

Try running this new command from the command prompt instead.

Go to Start > Run (alternatively use Windows key+R), type *cmd* and click *OK*
Enter the contents of the code box below into the command prompt

```
"%userprofile%\desktop\psexec.exe" -i -s "c:\windows\regedit.exe"
```

If a window pops up click *Agree*
If regedit opens successfully with the command now then attempt the instructions in my last post, if not let me know.


----------



## Defragger (Dec 13, 2012)

Sorry again Gizzy. Another roadblock. This is what I got when I typed in your command line:

PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Couldn't install PsExec service:
Access is denied.


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,
Apologies for the delay again, Let's try this.


Download the Attached zip file at the bottom of this post
Extract the 2 files onto the infected computer at *C:\*. *Important:* both files must be located in *C:\*
*C:\AFD.bat*
*C:\AFD_LEGACY.reg*

Don't run them yet, They need to be run in the Recovery Environment.

*Boot your computer into Recovery Environment*

Restart the computer and press *F8* repeatedly until the *Advanced Options Menu* appears.
Select *Repair your computer*.
Select Language and click *Next*
Enter password (if necessary) and click *OK*, you should now see the screen below ...
Note the drive letter assigned to the operating system as shown in the image below
If the Operating system disk is *not* *C:* then click the *Restart* button, boot back into Normal mode and report back with the letter designation for the Operating system drive.
If the Operating system disk is *C:* then continue with the instructions









Select the *Command Prompt* option.
A command window will open.
Type *cd C:\* and hit *Enter*.
Then type *AFD.bat* and hit *Enter*.
Wait until you see the message *Done!*, Then close the command window.
Boot back into normal mode and post a new Farbar Service Scanner log

*Please Reply With:*

New Farbar Service Scanner log


----------



## Defragger (Dec 13, 2012)

Sorry Gizzy but it reports the OS is on D: Thanks Kim


----------



## Gizzy (Aug 2, 2005)

No problem, The files and instructions just need to be adjusted.
So please delete the files from the last post and download the new ones below, And ignore the instructions in my last post.
Ensure the drive letter assigned to the operating system is still *D:\* once in recovery console, If not let me know.


Download the Attached zip file at the bottom of this post
Extract the 2 files onto the infected computer at *C:\*. *Important:* both files must be located in *C:\*
*C:\AFD2.bat*
*C:\AFD_LEGACY2.reg*

Don't run them yet, They need to be run in the Recovery Environment.

*Boot your computer into Recovery Environment*

Restart the computer and press *F8* repeatedly until the *Advanced Options Menu* appears.
Select *Repair your computer*.
Select Language and click *Next*
Enter password (if necessary) and click *OK*, you should now see the screen below ...








Select the *Command Prompt* option.
A command window will open.
Type *D:\AFD2.bat* and hit *Enter*.
Wait until you see the message *Done!*, Then close the command window.
Boot back into normal mode and post a new Farbar Service Scanner log


----------



## Defragger (Dec 13, 2012)

Okay Gizzy, here is the FSS log. Thanks again and Happy New Year! Kim

Farbar Service Scanner Version: 10-12-2012
Ran by DeFragger (administrator) on 29-12-2012 at 06:13:54
Running from "C:\Users\DeFragger\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.
Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. 
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Disabled Policy: 
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,
Thanks, Happy New Year. 

Please download MiniRegTool64.zip and unzip it to the infected computer's desktop.
Right-click *MiniRegTool64.exe* and select *Run as administrator* to start the program.
Copy and paste the following into the edit box:


```
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD
```

Check the *List Permissions* radio button.
Press *Go* button and post the result.

*Please reply with:*

MiniRegTool log


----------



## Defragger (Dec 13, 2012)

here is the Result.txt log Thanks again Gizzy!

MiniRegTool by Farbar Version:29-11-2012
Ran by DeFragger (administrator) on 2012-12-30 at 07:52:42

===============================================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum

Owner: BUILTIN\Administrators

DACL(protected):
NT AUTHORITY\SYSTEM FULL ALLOW (CI)
OWNER RIGHTS KEY_EXECUTE+KEY_READ+KEY_WRITE+READ_CONTROL ALLOW (CI)
Everyone READ ALLOW (CI)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

Owner: BUILTIN\Administrators

DACL(not_protected):
NT AUTHORITY\SYSTEM FULL ALLOW (PI)(CI)
OWNER RIGHTS KEY_EXECUTE+KEY_READ+KEY_WRITE+READ_CONTROL ALLOW (PI)(CI)
Everyone READ ALLOW (PI)(CI)

ERROR: Parsing the SD of <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD> failed with: The system cannot find the key specified.


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,
We're going to try something again, This time we'll temporarily disable UAC first.
You will need both PsExec.exe and Legacy_afd.reg on your desktop, If you don't still have them on your desktop you can download PsExec *Here* and Legacy_afd.reg *Here*

*Disable UAC*

Click the *Start* button and type *UAC*
Click *Change User Account Control settings*
In the window that opens, Drag the slider down to the bottom and click *OK*
Allow the prompt
Restart your computer

*Import Registry File*

Go to Start > Run (alternatively use Windows key+R), type *cmd* and click *OK*
Enter the contents of the code box below into the command prompt

```
"%userprofile%\desktop\psexec.exe" -i -s "c:\windows\regedit.exe"
```

If a window pops up click *Agree*
In the menu at the top click *File* > *Import...* then navigate to the *Legacy_afd.reg* file.
Select it then click the *Open* button.
If successful, Restart the computer and reply with a new Farbar Service Scanner log, If not let me know.


----------



## Defragger (Dec 13, 2012)

Okay Gizzy here is what transpired... When Regedit came up and I went to import the Legacy_afd.reg file, I got a popup window with this message in it:

Location is not available

C:\Windows\system32\config\systemprofile\Desktop refers to a location that is unaviable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the Internet or your network, and then try again. If it still cannot be located, the information might have been moved to a different location.

I could not see the Desktop stuff. I could see C: and C:\Windows and the other stuff so I copied Legacy_afd.reg to C: and imported it that way. Hope that was OK and here is the FSS log file.

Farbar Service Scanner Version: 10-12-2012
Ran by DeFragger (administrator) on 31-12-2012 at 08:07:11
Running from "C:\Users\DeFragger\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. 
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Disabled Policy: 
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,


> I could not see the Desktop stuff. I could see C: and C:\Windows and the other stuff so I copied Legacy_afd.reg to C: and imported it that way. Hope that was OK and here is the FSS log file.


Yes, Very good. :up:

Have you tried connecting to the internet? Is it working now?


----------



## Defragger (Dec 13, 2012)

Sorry Gizzy, no internet connection.


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,

*TCP/IP stack repair*

Go to Start > Run (alternatively use Windows key+R), type *cmd* and click *OK*
Type the following command in the command prompt and press Enter.

*netsh winsock reset catalog*

Then type the following command and press enter.

*netsh int ipv4 reset reset.log*

Finally type the following command and press Enter

*netsh int ipv6 reset reset.log*

Reboot the computer, Then check if you can connect to the internet, Let me know.


----------



## Defragger (Dec 13, 2012)

Happy New Year Gizzy! I carefully typed in all three commands and they seemed to be successful, but after restarting I still have no internet connection.


----------



## Gizzy (Aug 2, 2005)

Happy New Year Defragger! 

*TDSSKiller Scan*

Please download *TDSSKiller* and save it to your Desktop.
Right-click on *TDSSKiller.exe* and select *Run as administrator* to launch it.
Click on *Start Scan*, The scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to *Cure* and select *Skip*
Now click on *Report* to open the log file created by TDSSKiller in your root directory *C:\*
To find the log go to *Start* > *Computer* > *C:*
Post the contents of that log in your next reply please.
*DO NOT TRY TO FIX ANYTHING AT THIS POINT*

*Download and run OTL*

Download *OTL* to your desktop.
Right-click on *OTL.exe* and select *Run as administrator* to run it. Make sure all other windows are closed and let it run uninterrupted.
Check the box beside *Scan All Users*
Ensure *Use SafeList* is selected under Extra Registry
Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy (*Edit* > *Select All* -- *Edit* > *Copy*) the contents of these files, one at a time, and post them with your next reply.

*Please reply with:*

TDSSKiller log
OTL logs (OTL.txt and Extras.txt)


----------



## Defragger (Dec 13, 2012)

Good Morning Gizzy, here's the log files you asked for:

TDSSKiller.txt

04:43:19.0703 3192 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
04:43:19.0718 3192 ============================================================
04:43:19.0718 3192 Current date / time: 2013/01/02 04:43:19.0718
04:43:19.0718 3192 SystemInfo:
04:43:19.0718 3192 
04:43:19.0718 3192 OS Version: 6.1.7601 ServicePack: 1.0
04:43:19.0718 3192 Product type: Workstation
04:43:19.0718 3192 ComputerName: KIMS_BEAST
04:43:19.0718 3192 UserName: DeFragger
04:43:19.0718 3192 Windows directory: C:\Windows
04:43:19.0718 3192 System windows directory: C:\Windows
04:43:19.0718 3192 Running under WOW64
04:43:19.0718 3192 Processor architecture: Intel x64
04:43:19.0718 3192 Number of processors: 4
04:43:19.0718 3192 Page size: 0x1000
04:43:19.0718 3192 Boot type: Normal boot
04:43:19.0718 3192 ============================================================
04:43:20.0734 3192 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:43:20.0734 3192 Drive \Device\Harddisk1\DR1 - Size: 0x3CF0F0000 (15.24 Gb), SectorSize: 0x200, Cylinders: 0x7C4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
04:43:20.0734 3192 ============================================================
04:43:20.0734 3192 \Device\Harddisk0\DR0:
04:43:20.0734 3192 MBR partitions:
04:43:20.0734 3192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x32000
04:43:20.0734 3192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x33AE0, BlocksNum 0x746D32D0
04:43:20.0734 3192 \Device\Harddisk1\DR1:
04:43:20.0734 3192 MBR partitions:
04:43:20.0734 3192 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x1E78750
04:43:20.0734 3192 ============================================================
04:43:20.0796 3192 C: <-> \Device\Harddisk0\DR0\Partition2
04:43:20.0796 3192 ============================================================
04:43:20.0796 3192 Initialize success
04:43:20.0796 3192 ============================================================
04:43:30.0546 1408 ============================================================
04:43:30.0546 1408 Scan started
04:43:30.0546 1408 Mode: Manual; 
04:43:30.0546 1408 ============================================================
04:43:31.0421 1408 ================ Scan system memory ========================
04:43:31.0421 1408 System memory - ok
04:43:31.0421 1408  ================ Scan services =============================
04:43:32.0359 1408 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
04:43:32.0359 1408 1394ohci - ok
04:43:32.0390 1408 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
04:43:32.0390 1408 ACPI - ok
04:43:32.0390 1408 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
04:43:32.0390 1408 AcpiPmi - ok
04:43:32.0484 1408 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
04:43:32.0484 1408 AdobeARMservice - ok
04:43:32.0515 1408 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
04:43:32.0531 1408 adp94xx - ok
04:43:32.0546 1408 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
04:43:32.0546 1408 adpahci - ok
04:43:32.0562 1408 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
04:43:32.0578 1408 adpu320 - ok
04:43:32.0578 1408 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
04:43:32.0578 1408 AeLookupSvc - ok
04:43:32.0671 1408 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
04:43:32.0671 1408 AFD - ok
04:43:32.0671 1408 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
04:43:32.0671 1408 agp440 - ok
04:43:32.0687 1408 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
04:43:32.0687 1408 ALG - ok
04:43:32.0718 1408 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
04:43:32.0718 1408 aliide - ok
04:43:32.0734 1408 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
04:43:32.0734 1408 amdide - ok
04:43:32.0750 1408 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
04:43:32.0750 1408 AmdK8 - ok
04:43:32.0750 1408 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
04:43:32.0750 1408 AmdPPM - ok
04:43:32.0765 1408 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
04:43:32.0765 1408 amdsata - ok
04:43:32.0781 1408 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
04:43:32.0781 1408 amdsbs - ok
04:43:32.0781 1408 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
04:43:32.0781 1408 amdxata - ok
04:43:32.0812 1408 [ AD12F5C7251BB8D575D560894E73CBBA ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
04:43:32.0828 1408 Apowersoft_AudioDevice - ok
04:43:32.0828 1408 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
04:43:32.0843 1408 AppID - ok
04:43:32.0843 1408 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
04:43:32.0843 1408 AppIDSvc - ok
04:43:32.0859 1408 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
04:43:32.0875 1408 Appinfo - ok
04:43:32.0937 1408 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
04:43:32.0937 1408 arc - ok
04:43:32.0937 1408 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
04:43:32.0937 1408 arcsas - ok
04:43:33.0000 1408 [ C82B647772F47A0DB7A819E2B9B737EC ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe
04:43:33.0000 1408 asHmComSvc - ok
04:43:33.0062 1408 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO  C:\Windows\syswow64\drivers\AsIO.sys
04:43:33.0062 1408 AsIO - ok
04:43:33.0109 1408 [ 22842362DF890F5492F85AA60916A697 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
04:43:33.0109 1408 asmthub3 - ok
04:43:33.0125 1408 [ 08E2D77766CC05E75A0707207D9FC684 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
04:43:33.0125 1408 asmtxhci - ok
04:43:33.0156 1408 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
04:43:33.0156 1408 AsyncMac - ok
04:43:33.0171 1408 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
04:43:33.0171 1408 atapi - ok
04:43:33.0187 1408 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
04:43:33.0187 1408 AudioEndpointBuilder - ok
04:43:33.0187 1408 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
04:43:33.0187 1408 AudioSrv - ok
04:43:33.0281 1408 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
04:43:33.0312 1408 AVGIDSAgent - ok
04:43:33.0328 1408 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
04:43:33.0328 1408 AVGIDSDriver - ok
04:43:33.0343 1408 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
04:43:33.0343 1408 AVGIDSHA - ok
04:43:33.0359 1408 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
04:43:33.0359 1408 Avgldx64 - ok
04:43:33.0406 1408 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
04:43:33.0406 1408 Avgloga - ok
04:43:33.0421 1408 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
04:43:33.0421 1408 Avgmfx64 - ok
04:43:33.0437 1408 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
04:43:33.0437 1408 Avgrkx64 - ok
04:43:33.0453 1408 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
04:43:33.0453 1408 Avgtdia - ok
04:43:33.0484 1408 [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
04:43:33.0484 1408 avgtp - ok
04:43:33.0500 1408 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
04:43:33.0500 1408 avgwd - ok
04:43:33.0578 1408 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
04:43:33.0578 1408 AxInstSV - ok
04:43:33.0625 1408 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
04:43:33.0625 1408 b06bdrv - ok
04:43:33.0640 1408 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
04:43:33.0640 1408 b57nd60a - ok
04:43:33.0656 1408 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
04:43:33.0656 1408 BDESVC - ok
04:43:33.0671 1408 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
04:43:33.0671 1408 Beep - ok
04:43:33.0734 1408 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
04:43:33.0734 1408 BFE - ok
04:43:33.0765 1408 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
04:43:33.0796 1408 BITS - ok
04:43:33.0812 1408 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
04:43:33.0812 1408 blbdrive - ok
04:43:33.0859 1408 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
04:43:33.0859 1408 bowser - ok
04:43:33.0875 1408 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
04:43:33.0890 1408 BrFiltLo - ok
04:43:33.0890 1408 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
04:43:33.0890 1408 BrFiltUp - ok
04:43:33.0953 1408 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
04:43:33.0953 1408 BridgeMP - ok
04:43:33.0984 1408 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
04:43:33.0984 1408 Browser - ok
04:43:33.0984 1408 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
04:43:33.0984 1408 Brserid - ok
04:43:34.0000 1408 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
04:43:34.0000 1408 BrSerWdm - ok
04:43:34.0000 1408 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
04:43:34.0015 1408 BrUsbMdm - ok
04:43:34.0015 1408 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
04:43:34.0015 1408 BrUsbSer - ok
04:43:34.0031 1408 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
04:43:34.0031 1408 BTHMODEM - ok
04:43:34.0046 1408 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
04:43:34.0046 1408 bthserv - ok
04:43:34.0062 1408 catchme - ok
04:43:34.0078 1408 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
04:43:34.0078 1408 cdfs - ok
04:43:34.0109 1408 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
04:43:34.0109 1408 cdrom - ok
04:43:34.0140 1408 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
04:43:34.0140 1408 CertPropSvc - ok
04:43:34.0156 1408 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
04:43:34.0156 1408 circlass - ok
04:43:34.0171 1408 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
04:43:34.0171 1408 CLFS - ok
04:43:34.0203 1408 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:43:34.0218 1408 clr_optimization_v2.0.50727_32 - ok
04:43:34.0234 1408 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:43:34.0250 1408 clr_optimization_v2.0.50727_64 - ok
04:43:34.0281 1408 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:43:34.0312 1408 clr_optimization_v4.0.30319_32 - ok
04:43:34.0328 1408 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:43:34.0328 1408 clr_optimization_v4.0.30319_64 - ok
04:43:34.0343 1408 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
04:43:34.0343 1408 CmBatt - ok
04:43:34.0343 1408 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
04:43:34.0343 1408 cmdide - ok
04:43:34.0390 1408 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
04:43:34.0390 1408 CNG - ok
04:43:34.0406 1408 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
04:43:34.0406 1408 Compbatt - ok
04:43:34.0437 1408 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
04:43:34.0437 1408 CompositeBus - ok
04:43:34.0437 1408 COMSysApp - ok
04:43:34.0453 1408 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
04:43:34.0453 1408 crcdisk - ok
04:43:34.0484 1408 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
04:43:34.0484 1408 CryptSvc - ok
04:43:34.0531 1408 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
04:43:34.0531 1408 cvhsvc - ok
04:43:34.0562 1408 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
04:43:34.0562 1408 DcomLaunch - ok
04:43:34.0593 1408 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
04:43:34.0593 1408 defragsvc - ok
04:43:34.0609 1408 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
04:43:34.0609 1408 DfsC - ok
04:43:34.0640 1408 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
04:43:34.0640 1408 Dhcp - ok
04:43:34.0656 1408 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
04:43:34.0656 1408 discache - ok
04:43:34.0687 1408 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
04:43:34.0687 1408 Disk - ok
04:43:34.0718 1408 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
04:43:34.0718 1408 Dnscache - ok
04:43:34.0734 1408 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
04:43:34.0734 1408 dot3svc - ok
04:43:34.0734 1408 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
04:43:34.0734 1408 DPS - ok
04:43:34.0750 1408 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
04:43:34.0750 1408 drmkaud - ok
04:43:34.0765 1408 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
04:43:34.0781 1408 DXGKrnl - ok
04:43:34.0781 1408 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
04:43:34.0796 1408 EapHost - ok
04:43:34.0828 1408 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
04:43:34.0890 1408 ebdrv - ok
04:43:34.0906 1408 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
04:43:34.0906 1408 EFS - ok
04:43:34.0937 1408 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
04:43:34.0937 1408 ehRecvr - ok
04:43:34.0968 1408 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
04:43:34.0968 1408 ehSched - ok
04:43:34.0984 1408 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
04:43:34.0984 1408 elxstor - ok
04:43:35.0000 1408 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
04:43:35.0000 1408 ErrDev - ok
04:43:35.0015 1408 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
04:43:35.0015 1408 EventSystem - ok
04:43:35.0031 1408 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
04:43:35.0031 1408 exfat - ok
04:43:35.0046 1408 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
04:43:35.0046 1408 fastfat - ok
04:43:35.0062 1408 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
04:43:35.0062 1408 Fax - ok
04:43:35.0078 1408 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
04:43:35.0078 1408 fdc - ok
04:43:35.0093 1408 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
04:43:35.0093 1408 fdPHost - ok
04:43:35.0093 1408 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
04:43:35.0093 1408 FDResPub - ok
04:43:35.0109 1408 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
04:43:35.0109 1408 FileInfo - ok
04:43:35.0109 1408 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
04:43:35.0109 1408 Filetrace - ok
04:43:35.0109 1408 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
04:43:35.0125 1408 flpydisk - ok
04:43:35.0125 1408 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
04:43:35.0125 1408 FltMgr - ok
04:43:35.0140 1408 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
04:43:35.0156 1408 FontCache - ok
04:43:35.0187 1408 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:43:35.0187 1408 FontCache3.0.0.0 - ok
04:43:35.0203 1408 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
04:43:35.0203 1408 FsDepends - ok
04:43:35.0234 1408 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
04:43:35.0234 1408 fssfltr - ok
04:43:35.0265 1408 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
04:43:35.0296 1408 fsssvc - ok
04:43:35.0312 1408 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
04:43:35.0312 1408 Fs_Rec - ok
04:43:35.0343 1408 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
04:43:35.0343 1408 fvevol - ok
04:43:35.0343 1408 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
04:43:35.0359 1408 gagp30kx - ok
04:43:35.0359 1408 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
04:43:35.0375 1408 gpsvc - ok
04:43:35.0390 1408 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
04:43:35.0390 1408 hcw85cir - ok
04:43:35.0406 1408 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
04:43:35.0421 1408 HdAudAddService - ok
04:43:35.0421 1408 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
04:43:35.0437 1408 HDAudBus - ok
04:43:35.0437 1408 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
04:43:35.0437 1408 HidBatt - ok
04:43:35.0453 1408 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
04:43:35.0453 1408 HidBth - ok
04:43:35.0468 1408 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
04:43:35.0468 1408 HidIr - ok
04:43:35.0468 1408 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
04:43:35.0468 1408 hidserv - ok
04:43:35.0500 1408 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
04:43:35.0500 1408 HidUsb - ok
04:43:35.0515 1408 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
04:43:35.0515 1408 hkmsvc - ok
04:43:35.0531 1408 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
04:43:35.0531 1408 HomeGroupListener - ok
04:43:35.0546 1408 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
04:43:35.0546 1408 HomeGroupProvider - ok
04:43:35.0562 1408 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
04:43:35.0562 1408 HpSAMD - ok
04:43:35.0578 1408 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
04:43:35.0578 1408 HTTP - ok
04:43:35.0578 1408 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
04:43:35.0578 1408 hwpolicy - ok
04:43:35.0593 1408 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
04:43:35.0593 1408 i8042prt - ok
04:43:35.0625 1408 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
04:43:35.0625 1408 iaStor - ok
04:43:35.0656 1408 [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
04:43:35.0656 1408 IAStorDataMgrSvc - ok
04:43:35.0671 1408 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
04:43:35.0671 1408 iaStorV - ok
04:43:35.0703 1408 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:43:35.0703 1408 idsvc - ok
04:43:35.0718 1408 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
04:43:35.0718 1408 iirsp - ok
04:43:35.0734 1408 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
04:43:35.0750 1408 IKEEXT - ok
04:43:35.0812 1408 [ 150AC23F21DBDBF8488408BA944B0D65 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
04:43:35.0828 1408 IntcAzAudAddService - ok
04:43:35.0890 1408 [ 2D66067C7A8A0112156BCD1C0BAA7042 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
04:43:35.0890 1408 Intel(R) Capability Licensing Service Interface - ok
04:43:35.0890 1408 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
04:43:35.0890 1408 intelide - ok
04:43:35.0906 1408 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
04:43:35.0906 1408 intelppm - ok
04:43:35.0906 1408 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
04:43:35.0921 1408 IPBusEnum - ok
04:43:35.0921 1408 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:43:35.0921 1408 IpFilterDriver - ok
04:43:35.0968 1408 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
04:43:35.0968 1408 iphlpsvc - ok
04:43:35.0984 1408 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
04:43:35.0984 1408 IPMIDRV - ok
04:43:36.0015 1408 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
04:43:36.0015 1408 IPNAT - ok
04:43:36.0031 1408 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
04:43:36.0031 1408 IRENUM - ok
04:43:36.0046 1408 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
04:43:36.0046 1408 isapnp - ok
04:43:36.0046 1408 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
04:43:36.0062 1408 iScsiPrt - ok
04:43:36.0078 1408 [ 166FC0B36842135BC2D3C32DF70ED0D6 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
04:43:36.0078 1408 jhi_service - ok
04:43:36.0078 1408 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
04:43:36.0078 1408 kbdclass - ok
04:43:36.0093 1408 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
04:43:36.0093 1408 kbdhid - ok
04:43:36.0109 1408 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
04:43:36.0125 1408 KeyIso - ok
04:43:36.0140 1408 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
04:43:36.0140 1408 KSecDD - ok
04:43:36.0156 1408 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
04:43:36.0171 1408 KSecPkg - ok
04:43:36.0171 1408 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
04:43:36.0171 1408 ksthunk - ok
04:43:36.0187 1408 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
04:43:36.0187 1408 KtmRm - ok
04:43:36.0218 1408 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
04:43:36.0218 1408 LanmanServer - ok
04:43:36.0234 1408 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
04:43:36.0234 1408 LanmanWorkstation - ok
04:43:36.0265 1408 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
04:43:36.0265 1408 lltdio - ok
04:43:36.0281 1408 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
04:43:36.0296 1408 lltdsvc - ok
04:43:36.0296 1408 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
04:43:36.0296 1408 lmhosts - ok
04:43:36.0328 1408 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
04:43:36.0328 1408 LSI_FC - ok
04:43:36.0343 1408 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
04:43:36.0343 1408 LSI_SAS - ok
04:43:36.0359 1408 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
04:43:36.0375 1408 LSI_SAS2 - ok
04:43:36.0406 1408 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
04:43:36.0406 1408 LSI_SCSI - ok
04:43:36.0421 1408 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
04:43:36.0421 1408 luafv - ok
04:43:36.0437 1408 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
04:43:36.0437 1408 Mcx2Svc - ok
04:43:36.0453 1408 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
04:43:36.0453 1408 megasas - ok
04:43:36.0468 1408 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
04:43:36.0468 1408 MegaSR - ok
04:43:36.0484 1408 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
04:43:36.0484 1408 MEIx64 - ok
04:43:36.0484 1408 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
04:43:36.0500 1408 MMCSS - ok
04:43:36.0500 1408 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
04:43:36.0500 1408 Modem - ok
04:43:36.0515 1408 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
04:43:36.0515 1408 monitor - ok
04:43:36.0531 1408 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
04:43:36.0531 1408 mouclass - ok
04:43:36.0531 1408 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
04:43:36.0546 1408 mouhid - ok
04:43:36.0546 1408 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
04:43:36.0546 1408 mountmgr - ok
04:43:36.0593 1408 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
04:43:36.0593 1408 MozillaMaintenance - ok
04:43:36.0593 1408 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
04:43:36.0609 1408 mpio - ok
04:43:36.0609 1408 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
04:43:36.0609 1408 mpsdrv - ok
04:43:36.0703 1408 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc  C:\Windows\system32\mpssvc.dll
04:43:36.0703 1408 MpsSvc - ok
04:43:36.0718 1408 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
04:43:36.0718 1408 MRxDAV - ok
04:43:36.0734 1408 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
04:43:36.0734 1408 mrxsmb - ok
04:43:36.0750 1408 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:43:36.0750 1408 mrxsmb10 - ok
04:43:36.0765 1408 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:43:36.0765 1408 mrxsmb20 - ok
04:43:36.0765 1408 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
04:43:36.0765 1408 msahci - ok
04:43:36.0781 1408 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
04:43:36.0781 1408 msdsm - ok
04:43:36.0796 1408 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
04:43:36.0796 1408 MSDTC - ok
04:43:36.0796 1408 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
04:43:36.0796 1408 Msfs - ok
04:43:36.0812 1408 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
04:43:36.0812 1408 mshidkmdf - ok
04:43:36.0812 1408 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
04:43:36.0812 1408 msisadrv - ok
04:43:36.0812 1408 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
04:43:36.0812 1408 MSiSCSI - ok
04:43:36.0828 1408 msiserver - ok
04:43:36.0828 1408 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
04:43:36.0843 1408 MSKSSRV - ok
04:43:36.0843 1408 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
04:43:36.0859 1408 MSPCLOCK - ok
04:43:36.0859 1408 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
04:43:36.0859 1408 MSPQM - ok
04:43:36.0875 1408 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
04:43:36.0875 1408 MsRPC - ok
04:43:36.0875 1408 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
04:43:36.0875 1408 mssmbios - ok
04:43:36.0890 1408 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
04:43:36.0890 1408 MSTEE - ok
04:43:36.0906 1408 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
04:43:36.0906 1408 MTConfig - ok
04:43:36.0906 1408 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
04:43:36.0921 1408 Mup - ok
04:43:36.0921 1408 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
04:43:36.0937 1408 napagent - ok
04:43:36.0953 1408 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
04:43:36.0953 1408 NativeWifiP - ok
04:43:36.0984 1408 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
04:43:36.0984 1408 NDIS - ok
04:43:37.0000 1408 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
04:43:37.0000 1408 NdisCap - ok
04:43:37.0031 1408 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
04:43:37.0031 1408 NdisTapi - ok
04:43:37.0046 1408 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
04:43:37.0046 1408 Ndisuio - ok
04:43:37.0046 1408 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
04:43:37.0062 1408 NdisWan - ok
04:43:37.0062 1408 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
04:43:37.0062 1408 NDProxy - ok
04:43:37.0078 1408 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
04:43:37.0078 1408 NetBIOS - ok
04:43:37.0093 1408 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
04:43:37.0093 1408 NetBT - ok
04:43:37.0093 1408 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
04:43:37.0093 1408 Netlogon - ok
04:43:37.0125 1408 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
04:43:37.0125 1408 Netman - ok
04:43:37.0140 1408 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
04:43:37.0140 1408 netprofm - ok
04:43:37.0156 1408 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:43:37.0156 1408 NetTcpPortSharing - ok
04:43:37.0171 1408 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
04:43:37.0171 1408 nfrd960 - ok
04:43:37.0218 1408 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
04:43:37.0218 1408 NlaSvc - ok
04:43:37.0218 1408 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
04:43:37.0218 1408 Npfs - ok
04:43:37.0234 1408 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
04:43:37.0234 1408 nsi - ok
04:43:37.0234 1408 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
04:43:37.0234 1408 nsiproxy - ok
04:43:37.0265 1408 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
04:43:37.0281 1408 Ntfs - ok
04:43:37.0281 1408 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
04:43:37.0281 1408 Null - ok
04:43:37.0312 1408 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
04:43:37.0312 1408 NVHDA - ok
04:43:37.0453 1408 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
04:43:37.0500 1408 nvlddmkm - ok
04:43:37.0531 1408 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
04:43:37.0531 1408 nvraid - ok
04:43:37.0546 1408 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
04:43:37.0546 1408 nvstor - ok
04:43:37.0562 1408 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
04:43:37.0562 1408 nvsvc - ok
04:43:37.0593 1408 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
04:43:37.0609 1408 nvUpdatusService - ok
04:43:37.0625 1408 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
04:43:37.0625 1408 nv_agp - ok
04:43:37.0640 1408 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
04:43:37.0640 1408 ohci1394 - ok
04:43:37.0656 1408 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:43:37.0671 1408 ose - ok
04:43:37.0734 1408 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
04:43:37.0781 1408 osppsvc - ok
04:43:37.0796 1408 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
04:43:37.0796 1408 p2pimsvc - ok
04:43:37.0812 1408 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
04:43:37.0812 1408 p2psvc - ok
04:43:37.0828 1408 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
04:43:37.0828 1408 Parport - ok
04:43:37.0843 1408 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
04:43:37.0843 1408 partmgr - ok
04:43:37.0859 1408 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
04:43:37.0859 1408 PcaSvc - ok
04:43:37.0859 1408 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
04:43:37.0859 1408 pci - ok
04:43:37.0875 1408 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
04:43:37.0875 1408 pciide - ok
04:43:37.0890 1408 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
04:43:37.0890 1408 pcmcia - ok
04:43:37.0890 1408 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
04:43:37.0890 1408 pcw - ok
04:43:37.0906 1408 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
04:43:37.0906 1408 PEAUTH - ok
04:43:37.0968 1408 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
04:43:37.0968 1408 PerfHost - ok
04:43:37.0984 1408 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
04:43:38.0015 1408 pla - ok
04:43:38.0031 1408 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
04:43:38.0031 1408 PlugPlay - ok
04:43:38.0046 1408 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
04:43:38.0046 1408 PNRPAutoReg - ok
04:43:38.0046 1408 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
04:43:38.0046 1408 PNRPsvc - ok
04:43:38.0062 1408 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
04:43:38.0062 1408 PolicyAgent - ok
04:43:38.0078 1408 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
04:43:38.0078 1408 Power - ok
04:43:38.0093 1408 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
04:43:38.0093 1408 PptpMiniport - ok
04:43:38.0093 1408 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
04:43:38.0109 1408 Processor - ok
04:43:38.0125 1408 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
04:43:38.0125 1408 ProfSvc - ok
04:43:38.0140 1408 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
04:43:38.0140 1408 ProtectedStorage - ok
04:43:38.0156 1408 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
04:43:38.0156 1408 Psched - ok
04:43:38.0187 1408 [ A283E768FA12EF33087F07B01F82D6DD ] PSEXESVC C:\Windows\PSEXESVC.EXE
04:43:38.0187 1408 PSEXESVC - ok
04:43:38.0203 1408 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
04:43:38.0234 1408 ql2300 - ok
04:43:38.0234 1408 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
04:43:38.0234 1408 ql40xx - ok
04:43:38.0250 1408 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
04:43:38.0250 1408 QWAVE - ok
04:43:38.0250 1408 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
04:43:38.0250 1408 QWAVEdrv - ok
04:43:38.0265 1408 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
04:43:38.0265 1408 RasAcd - ok
04:43:38.0281 1408 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
04:43:38.0281 1408 RasAgileVpn - ok
04:43:38.0296 1408 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
04:43:38.0296 1408 RasAuto - ok
04:43:38.0312 1408 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
04:43:38.0312 1408 Rasl2tp - ok
04:43:38.0312 1408 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
04:43:38.0328 1408 RasMan - ok
04:43:38.0328 1408 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
04:43:38.0328 1408 RasPppoe - ok
04:43:38.0328 1408 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
04:43:38.0343 1408 RasSstp - ok
04:43:38.0343 1408 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
04:43:38.0343 1408 rdbss - ok
04:43:38.0359 1408 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
04:43:38.0359 1408 rdpbus - ok
04:43:38.0359 1408 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
04:43:38.0359 1408 RDPCDD - ok
04:43:38.0390 1408 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
04:43:38.0390 1408 RDPENCDD - ok
04:43:38.0390 1408 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
04:43:38.0390 1408 RDPREFMP - ok
04:43:38.0468 1408 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
04:43:38.0468 1408 RdpVideoMiniport - ok
04:43:38.0500 1408 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
04:43:38.0500 1408 RDPWD - ok
04:43:38.0515 1408 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
04:43:38.0515 1408 rdyboost - ok
04:43:38.0562 1408 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
04:43:38.0562 1408 RemoteAccess - ok
04:43:38.0562 1408 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
04:43:38.0562 1408 RemoteRegistry - ok
04:43:38.0578 1408 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
04:43:38.0578 1408 RpcEptMapper - ok
04:43:38.0578 1408 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
04:43:38.0593 1408 RpcLocator - ok
04:43:38.0593 1408 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
04:43:38.0609 1408 RpcSs - ok
04:43:38.0609 1408 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
04:43:38.0609 1408 rspndr - ok
04:43:38.0640 1408 [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
04:43:38.0640 1408 RTL8167 - ok
04:43:38.0640 1408 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
04:43:38.0640 1408 SamSs - ok
04:43:38.0656 1408 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
04:43:38.0656 1408 sbp2port - ok
04:43:38.0656 1408 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
04:43:38.0656 1408 SCardSvr - ok
04:43:38.0671 1408 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
04:43:38.0671 1408 scfilter - ok
04:43:38.0687 1408 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
04:43:38.0687 1408 Schedule - ok
04:43:38.0703 1408 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
04:43:38.0703 1408 SCPolicySvc - ok
04:43:38.0718 1408 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
04:43:38.0718 1408 SDRSVC - ok
04:43:38.0734 1408 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
04:43:38.0734 1408 secdrv - ok
04:43:38.0734 1408 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
04:43:38.0734 1408 seclogon - ok
04:43:38.0750 1408 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
04:43:38.0750 1408 SENS - ok
04:43:38.0765 1408 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
04:43:38.0765 1408 SensrSvc - ok
04:43:38.0781 1408 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
04:43:38.0781 1408 Serenum - ok
04:43:38.0796 1408 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
04:43:38.0796 1408 Serial - ok
04:43:38.0828 1408 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
04:43:38.0828 1408 sermouse - ok
04:43:38.0828 1408 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
04:43:38.0828 1408 SessionEnv - ok
04:43:38.0843 1408 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
04:43:38.0843 1408 sffdisk - ok
04:43:38.0843 1408 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
04:43:38.0843 1408 sffp_mmc - ok
04:43:38.0859 1408 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
04:43:38.0859 1408 sffp_sd - ok
04:43:38.0859 1408 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
04:43:38.0859 1408 sfloppy - ok
04:43:38.0906 1408 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
04:43:38.0906 1408 Sftfs - ok
04:43:38.0921 1408 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
04:43:38.0937 1408 sftlist - ok
04:43:38.0937 1408 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
04:43:38.0937 1408 Sftplay - ok
04:43:38.0953 1408 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
04:43:38.0953 1408 Sftredir - ok
04:43:38.0953 1408 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
04:43:38.0953 1408 Sftvol - ok
04:43:38.0968 1408 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
04:43:38.0968 1408 sftvsa - ok
04:43:39.0031 1408 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
04:43:39.0031 1408 SharedAccess - ok
04:43:39.0046 1408 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
04:43:39.0046 1408 ShellHWDetection - ok
04:43:39.0046 1408 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
04:43:39.0046 1408 SiSRaid2 - ok
04:43:39.0046 1408 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
04:43:39.0062 1408 SiSRaid4 - ok
04:43:39.0062 1408 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
04:43:39.0078 1408 Smb - ok
04:43:39.0093 1408 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
04:43:39.0093 1408 SNMPTRAP - ok
04:43:39.0093 1408 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
04:43:39.0093 1408 spldr - ok
04:43:39.0125 1408 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
04:43:39.0125 1408 Spooler - ok
04:43:39.0171 1408 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
04:43:39.0203 1408 sppsvc - ok
04:43:39.0203 1408 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
04:43:39.0203 1408 sppuinotify - ok
04:43:39.0218 1408 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
04:43:39.0218 1408 srv - ok
04:43:39.0234 1408 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
04:43:39.0234 1408 srv2 - ok
04:43:39.0234 1408 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
04:43:39.0234 1408 srvnet - ok
04:43:39.0250 1408 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
04:43:39.0265 1408 SSDPSRV - ok
04:43:39.0265 1408 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
04:43:39.0265 1408 SstpSvc - ok
04:43:39.0281 1408 Steam Client Service - ok
04:43:39.0328 1408 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
04:43:39.0328 1408 Stereo Service - ok
04:43:39.0343 1408 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
04:43:39.0343 1408 stexstor - ok
04:43:39.0375 1408 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
04:43:39.0390 1408 stisvc - ok
04:43:39.0390 1408 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
04:43:39.0390 1408 swenum - ok
04:43:39.0406 1408 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
04:43:39.0406 1408 swprv - ok
04:43:39.0421 1408 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
04:43:39.0437 1408 SysMain - ok
04:43:39.0437 1408 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
04:43:39.0437 1408 TabletInputService - ok
04:43:39.0453 1408 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
04:43:39.0453 1408 TapiSrv - ok
04:43:39.0468 1408 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
04:43:39.0468 1408 TBS - ok
04:43:39.0500 1408 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
04:43:39.0515 1408 Tcpip - ok
04:43:39.0546 1408 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
04:43:39.0546 1408 TCPIP6 - ok
04:43:39.0546 1408 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
04:43:39.0546 1408 tcpipreg - ok
04:43:39.0562 1408 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
04:43:39.0562 1408 TDPIPE - ok
04:43:39.0593 1408 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
04:43:39.0593 1408 TDTCP - ok
04:43:39.0593 1408 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
04:43:39.0593 1408 tdx - ok
04:43:39.0609 1408 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
04:43:39.0609 1408 TermDD - ok
04:43:39.0625 1408 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
04:43:39.0625 1408 TermService - ok
04:43:39.0640 1408 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
04:43:39.0640 1408 Themes - ok
04:43:39.0640 1408 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
04:43:39.0640 1408 THREADORDER - ok
04:43:39.0671 1408 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
04:43:39.0671 1408 TomTomHOMEService - ok
04:43:39.0671 1408 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
04:43:39.0671 1408 TrkWks - ok
04:43:39.0703 1408 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
04:43:39.0703 1408 TrustedInstaller - ok
04:43:39.0718 1408 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
04:43:39.0718 1408 tssecsrv - ok
04:43:39.0734 1408 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
04:43:39.0734 1408 TsUsbFlt - ok
04:43:39.0750 1408 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
04:43:39.0750 1408 TsUsbGD - ok
04:43:39.0765 1408 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
04:43:39.0765 1408 tunnel - ok
04:43:39.0781 1408 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
04:43:39.0781 1408 uagp35 - ok
04:43:39.0781 1408 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
04:43:39.0781 1408 udfs - ok
04:43:39.0796 1408 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
04:43:39.0796 1408 UI0Detect - ok
04:43:39.0812 1408 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
04:43:39.0812 1408 uliagpkx - ok
04:43:39.0828 1408 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
04:43:39.0828 1408 umbus - ok
04:43:39.0828 1408 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
04:43:39.0843 1408 UmPass - ok
04:43:39.0843 1408 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
04:43:39.0859 1408 upnphost - ok
04:43:39.0859 1408 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
04:43:39.0859 1408 usbccgp - ok
04:43:39.0875 1408 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
04:43:39.0875 1408 usbcir - ok
04:43:39.0890 1408 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
04:43:39.0890 1408 usbehci - ok
04:43:39.0906 1408 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
04:43:39.0906 1408 usbhub - ok
04:43:39.0906 1408 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
04:43:39.0921 1408 usbohci - ok
04:43:39.0921 1408 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
04:43:39.0921 1408 usbprint - ok
04:43:39.0937 1408 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:43:39.0937 1408 USBSTOR - ok
04:43:39.0937 1408 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
04:43:39.0937 1408 usbuhci - ok
04:43:39.0937 1408 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
04:43:39.0953 1408 UxSms - ok
04:43:39.0953 1408 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
04:43:39.0953 1408 VaultSvc - ok
04:43:39.0953 1408 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
04:43:39.0968 1408 vdrvroot - ok
04:43:39.0984 1408 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
04:43:39.0984 1408 vds - ok
04:43:40.0000 1408 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
04:43:40.0000 1408 vga - ok
04:43:40.0000 1408 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
04:43:40.0000 1408 VgaSave - ok
04:43:40.0015 1408 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
04:43:40.0015 1408 vhdmp - ok
04:43:40.0031 1408 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
04:43:40.0031 1408 viaide - ok
04:43:40.0046 1408 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
04:43:40.0046 1408 volmgr - ok
04:43:40.0046 1408 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
04:43:40.0046 1408 volmgrx - ok
04:43:40.0078 1408 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
04:43:40.0078 1408 volsnap - ok
04:43:40.0093 1408 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
04:43:40.0109 1408 vsmraid - ok
04:43:40.0125 1408 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
04:43:40.0156 1408 VSS - ok
04:43:40.0203 1408 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
04:43:40.0218 1408 vToolbarUpdater13.2.0 - ok
04:43:40.0218 1408 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
04:43:40.0218 1408 vwifibus - ok
04:43:40.0234 1408 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
04:43:40.0234 1408 W32Time - ok
04:43:40.0250 1408 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
04:43:40.0250 1408 WacomPen - ok
04:43:40.0281 1408 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
04:43:40.0281 1408 WANARP - ok
04:43:40.0281 1408 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
04:43:40.0281 1408 Wanarpv6 - ok
04:43:40.0328 1408 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
04:43:40.0343 1408 WatAdminSvc - ok
04:43:40.0375 1408 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
04:43:40.0390 1408 wbengine - ok
04:43:40.0390 1408 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
04:43:40.0390 1408 WbioSrvc - ok
04:43:40.0406 1408 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
04:43:40.0406 1408 wcncsvc - ok
04:43:40.0406 1408 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
04:43:40.0406 1408 WcsPlugInService - ok
04:43:40.0421 1408 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
04:43:40.0421 1408 Wd - ok
04:43:40.0437 1408 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
04:43:40.0453 1408 Wdf01000 - ok
04:43:40.0453 1408 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
04:43:40.0468 1408 WdiServiceHost - ok
04:43:40.0468 1408 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
04:43:40.0468 1408 WdiSystemHost - ok
04:43:40.0468 1408 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
04:43:40.0468 1408 WebClient - ok
04:43:40.0484 1408 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
04:43:40.0484 1408 Wecsvc - ok
04:43:40.0500 1408 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
04:43:40.0500 1408 wercplsupport - ok
04:43:40.0515 1408 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
04:43:40.0515 1408 WerSvc - ok
04:43:40.0546 1408 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
04:43:40.0546 1408 WfpLwf - ok
04:43:40.0546 1408 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
04:43:40.0546 1408 WIMMount - ok
04:43:40.0593 1408 WinDefend - ok
04:43:40.0593 1408 WinHttpAutoProxySvc - ok
04:43:40.0640 1408 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
04:43:40.0640 1408 Winmgmt - ok
04:43:40.0656 1408 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
04:43:40.0687 1408 WinRM - ok
04:43:40.0718 1408 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
04:43:40.0718 1408 WinUsb - ok
04:43:40.0734 1408 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
04:43:40.0750 1408 Wlansvc - ok
04:43:40.0796 1408 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
04:43:40.0796 1408 wlcrasvc - ok
04:43:40.0828 1408 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:43:40.0859 1408 wlidsvc - ok
04:43:40.0875 1408 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
04:43:40.0875 1408 WmiAcpi - ok
04:43:40.0890 1408 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
04:43:40.0890 1408 wmiApSrv - ok
04:43:40.0890 1408 WMPNetworkSvc - ok
04:43:40.0906 1408 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
04:43:40.0906 1408 WPCSvc - ok
04:43:40.0906 1408 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
04:43:40.0906 1408 WPDBusEnum - ok
04:43:40.0953 1408 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
04:43:40.0953 1408 wscsvc - ok
04:43:40.0953 1408 WSearch - ok
04:43:40.0984 1408 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
04:43:41.0015 1408 wuauserv - ok
04:43:41.0031 1408 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
04:43:41.0031 1408 WudfPf - ok
04:43:41.0046 1408 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
04:43:41.0046 1408 WUDFRd - ok
04:43:41.0062 1408 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
04:43:41.0062 1408 wudfsvc - ok
04:43:41.0078 1408 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
04:43:41.0093 1408 WwanSvc - ok
04:43:41.0093 1408 ================ Scan global ===============================
04:43:41.0125 1408 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
04:43:41.0140 1408 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
04:43:41.0156 1408 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
04:43:41.0171 1408 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
04:43:41.0171 1408 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
04:43:41.0171 1408 [Global] - ok
04:43:41.0171 1408 ================ Scan MBR ==================================
04:43:41.0187 1408 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
04:43:41.0234 1408 \Device\Harddisk0\DR0 - ok
04:43:41.0234 1408 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
04:43:42.0640 1408 \Device\Harddisk1\DR1 - ok
04:43:42.0640 1408 ================ Scan VBR ==================================
04:43:42.0640 1408 [ 9D18C1A2082BF39014FA097FA7B3DE59 ] \Device\Harddisk0\DR0\Partition1
04:43:42.0640 1408 \Device\Harddisk0\DR0\Partition1 - ok
04:43:42.0640 1408 [ B729A6FF3C89A0C499890808DBA65522 ] \Device\Harddisk0\DR0\Partition2
04:43:42.0640 1408 \Device\Harddisk0\DR0\Partition2 - ok
04:43:42.0640 1408 [ 191623F3D5BFE6E97CE3110C1FFC1CF8 ] \Device\Harddisk1\DR1\Partition1
04:43:42.0640 1408 \Device\Harddisk1\DR1\Partition1 - ok
04:43:42.0640 1408 ============================================================
04:43:42.0640 1408 Scan finished
04:43:42.0640 1408 ============================================================
04:43:42.0640 1868 Detected object count: 0
04:43:42.0640 1868 Actual detected object count: 0
04:43:52.0953 3224 Deinitialize success

OTL

OTL logfile created on: 1/2/2013 4:50:27 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DeFragger\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.63 Gb Available Physical Memory | 83.06% Memory free
15.96 Gb Paging File | 14.58 Gb Available in Paging File | 91.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 833.86 Gb Free Space | 89.53% Space Free | Partition Type: NTFS
Drive D: | 607.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 15.22 Gb Total Space | 15.21 Gb Free Space | 99.95% Space Free | Partition Type: FAT32

Computer Name: KIMS_BEAST | User Name: DeFragger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/02 04:41:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DeFragger\Desktop\OTL.exe
PRC - [2012/11/08 06:06:06 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/11/08 06:06:06 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/28 06:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/04/16 09:08:07 | 000,947,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe
PRC - [2011/12/16 13:02:56 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/04/30 02:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/15 16:24:05 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\089236f41e5accbc3654fb51ce25277f\IAStorUtil.ni.dll
MOD - [2012/11/15 16:24:05 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\cb5acf4c838ef0dec864065683d5d38b\IAStorCommon.ni.dll
MOD - [2012/11/15 15:08:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/15 15:08:31 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/15 15:08:26 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/15 15:08:18 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/15 15:08:14 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/15 15:08:12 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/15 15:08:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/15 15:08:08 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/11/08 06:06:06 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/11/08 06:06:06 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/08 06:06:06 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2011/12/08 18:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:*64bit:* - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/31 08:06:09 | 000,181,064 | ---- | M] (Sysinternals) [On_Demand | Stopped] -- C:\Windows\PSEXESVC.EXE -- (PSEXESVC)
SRV - [2012/12/06 15:57:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/08 06:06:06 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/08 06:11:37 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/28 06:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/16 09:08:07 | 000,947,328 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe -- (asHmComSvc)
SRV - [2011/12/16 13:02:56 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/11/08 06:06:06 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:*64bit:* - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:*64bit:* - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:*64bit:* - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:*64bit:* - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:*64bit:* - [2011/11/10 03:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:*64bit:* - [2011/11/03 13:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:*64bit:* - [2011/11/03 13:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:*64bit:* - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:*64bit:* - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:*64bit:* - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:*64bit:* - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:*64bit:* - [2011/09/29 04:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2011/04/26 13:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2010/12/24 10:43:40 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:*64bit:* - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {154d339e-ccaa-49a5-9b38-6878ad4220bc}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
IE - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
IE - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
IE - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\..\SearchScopes\{314DD054-C820-4497-8691-F997B4F7B890}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={2644FB48-08D4-4AAA-A83F-AA61F8EC628F}&mid=c9f2ac8db9a047d0a0161929468865fe-0e416d6b4862ec6a92804bbe1e67238aa3165aae&lang=en&ds=AVG&pr=fr&d=2012-09-26 15:31:55&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\..\SearchScopes\{BA7B5EEA-EEB4-475C-A94F-9F94A1DFFA8F}: "URL" = http://www.mysearchresults.com/search?&c=4501&t=14&q={searchTerms}
IE - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledAddons: crossriderapp3491%40crossrider.com:0.86.60
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/08 06:06:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/06 15:57:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/06 15:57:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/17 06:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/06 15:57:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/06 15:57:56 | 000,000,000 | ---D | M]

[2012/09/23 08:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DeFragger\AppData\Roaming\Mozilla\Extensions
[2012/09/23 08:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DeFragger\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/12/12 18:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions
[2012/12/12 18:13:43 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]
[2012/12/12 18:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]\chrome\content\extensionCode
[2012/12/11 15:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/06 15:57:58 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/11/08 06:06:06 | 000,003,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/10/12 18:10:34 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/12 18:10:34 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - Extension: Funmoods = C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
CHR - Extension: YouTube = C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Wajam = C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: AVG Secure Search = C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: AVG Secure Search = C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
CHR - Extension: Gmail = C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/16 06:57:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O4:*64bit:* - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000/09/20 19:55:56 | 000,827,392 | R--- | M] () - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2000/09/24 18:34:44 | 000,000,135 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/02 04:41:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DeFragger\Desktop\OTL.exe
[2013/01/02 04:40:55 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\DeFragger\Desktop\tdsskiller.exe
[2012/12/31 07:47:45 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/12/24 20:02:49 | 000,381,816 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\DeFragger\Desktop\psexec.exe
[2012/12/18 17:35:38 | 000,697,869 | ---- | C] (Farbar) -- C:\Users\DeFragger\Desktop\FSS.exe
[2012/12/17 04:56:08 | 000,752,213 | ---- | C] (Farbar) -- C:\Users\DeFragger\Desktop\MiniToolBox.exe
[2012/12/16 07:03:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/16 06:57:57 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/12/16 06:54:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/12/16 06:49:13 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\DeFragger\Desktop\aswMBR.exe
[2012/12/15 10:37:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/15 10:37:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/15 10:37:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/15 10:37:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/15 10:37:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/15 10:37:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/15 10:37:28 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/15 10:37:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/15 10:37:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/15 10:37:28 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/15 10:37:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/15 10:37:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/15 10:37:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/15 10:37:27 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/15 10:37:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/15 06:54:23 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/15 06:54:23 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/15 06:54:22 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/15 06:54:22 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/15 06:54:21 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/15 06:54:21 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/15 06:54:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/15 06:54:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/15 06:54:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/15 06:54:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/15 06:54:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/15 06:54:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/15 06:54:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/15 06:54:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/15 06:54:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/15 06:54:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/15 06:54:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/15 06:54:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/15 06:54:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/15 06:54:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/15 06:54:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/15 06:54:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/15 06:54:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/15 06:54:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/15 06:54:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/15 06:54:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/15 06:54:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/15 06:54:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/15 06:54:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/15 06:54:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/15 06:54:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/15 06:54:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/15 06:54:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/15 06:54:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/15 06:54:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/15 06:54:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/15 06:54:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/15 06:54:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/15 06:54:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/15 06:54:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/15 06:54:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/15 06:54:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/15 06:54:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/15 06:54:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/15 06:54:14 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/15 06:54:14 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/15 06:39:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/15 06:39:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/15 06:39:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/15 06:38:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/15 06:38:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/15 06:23:20 | 005,010,912 | R--- | C] (Swearware) -- C:\Users\DeFragger\Desktop\ComboFix.exe
[2012/12/14 19:14:40 | 000,000,000 | ---D | C] -- C:\FRST
[2012/12/14 15:52:12 | 001,461,033 | ---- | C] (Farbar) -- C:\Users\DeFragger\Desktop\FRST64.exe
[2012/12/13 17:17:21 | 000,000,000 | ---D | C] -- C:\Users\DeFragger\AppData\Roaming\ParetoLogic
[2012/12/13 17:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012/12/13 15:51:18 | 000,000,000 | ---D | C] -- C:\Users\DeFragger\AppData\Local\ElevatedDiagnostics
[2012/12/12 20:31:40 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/12/12 20:14:01 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Users\DeFragger\Desktop\SysInfo.exe
[2012/12/12 20:04:51 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\DeFragger\Desktop\dds.scr
[2012/12/12 20:04:27 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\DeFragger\Desktop\HijackThis.exe
[2012/12/10 17:28:44 | 000,000,000 | ---D | C] -- C:\Users\DeFragger\AppData\Roaming\Malwarebytes
[2012/12/10 17:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/10 16:45:52 | 000,000,000 | ---D | C] -- C:\Users\DeFragger\AppData\Roaming\SpeedyPC Software
[2012/12/10 16:45:52 | 000,000,000 | ---D | C] -- C:\Users\DeFragger\AppData\Roaming\DriverCure
[2012/12/10 16:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/12/10 04:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/12/09 11:12:38 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012/12/09 11:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS Video Converter
[2012/12/09 10:54:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MPC-HC
[2012/12/09 10:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Codec Pack
[2012/12/09 10:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/12/09 10:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/12/09 10:20:03 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/12/09 10:20:03 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/12/09 10:20:03 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/12/09 10:19:59 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/12/09 10:19:58 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/12/09 10:19:58 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/12/09 10:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/12/09 10:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/12/08 10:40:36 | 000,000,000 | ---D | C] -- C:\Users\DeFragger\Desktop\Mom's Music
[2012/12/06 15:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/05 21:07:39 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/12/05 21:07:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/12/05 21:07:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/12/05 21:07:38 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/12/05 21:07:38 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2012/12/05 21:07:38 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/12/05 21:07:36 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/12/05 21:07:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/12/05 21:07:36 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/12/05 21:07:35 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/12/05 21:07:35 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/12/05 21:07:35 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/12/05 21:07:35 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/12/05 21:07:35 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/12/05 21:07:35 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/12/05 21:07:35 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/12/05 21:07:35 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/12/05 21:07:35 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/12/05 21:07:35 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/12/05 21:07:35 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/12/05 21:07:35 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/12/05 21:07:35 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/12/05 21:07:35 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/12/05 21:07:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/12/05 21:07:35 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/12/05 21:07:11 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/12/05 21:07:11 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/12/03 18:08:48 | 000,000,000 | ---D | C] -- C:\found.000
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/02 04:43:05 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/02 04:43:05 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/02 04:42:47 | 000,727,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/02 04:42:47 | 000,624,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/02 04:42:47 | 000,106,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/02 04:41:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DeFragger\Desktop\OTL.exe
[2013/01/02 04:40:48 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\DeFragger\Desktop\tdsskiller.exe
[2013/01/02 04:35:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/02 04:35:49 | 2132,709,375 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/31 08:06:09 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/12/28 23:45:50 | 000,000,158 | ---- | M] () -- C:\AFD2.bat
[2012/12/28 11:07:56 | 000,001,136 | ---- | M] () -- C:\AFD_LEGACY2.reg
[2012/12/24 20:02:24 | 000,381,816 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\DeFragger\Desktop\psexec.exe
[2012/12/17 04:44:34 | 000,697,869 | ---- | M] (Farbar) -- C:\Users\DeFragger\Desktop\FSS.exe
[2012/12/17 04:44:08 | 000,752,213 | ---- | M] (Farbar) -- C:\Users\DeFragger\Desktop\MiniToolBox.exe
[2012/12/16 08:24:44 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/12/16 06:57:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/16 06:32:38 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\DeFragger\Desktop\aswMBR.exe
[2012/12/15 10:58:32 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/15 06:23:20 | 005,010,912 | R--- | M] (Swearware) -- C:\Users\DeFragger\Desktop\ComboFix.exe
[2012/12/14 17:10:55 | 000,028,644 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012/12/14 17:10:45 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012/12/14 15:52:12 | 001,461,033 | ---- | M] (Farbar) -- C:\Users\DeFragger\Desktop\FRST64.exe
[2012/12/12 20:14:01 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Users\DeFragger\Desktop\SysInfo.exe
[2012/12/12 20:04:51 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\DeFragger\Desktop\dds.scr
[2012/12/12 20:04:27 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\DeFragger\Desktop\HijackThis.exe
[2012/12/09 10:19:53 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/12/09 10:19:53 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/12/09 10:19:53 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/12/09 10:19:53 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/12/09 10:19:53 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/12/09 10:19:53 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/31 08:02:01 | 000,001,136 | ---- | C] () -- C:\Legacy_afd.reg
[2012/12/28 23:45:50 | 000,000,158 | ---- | C] () -- C:\AFD2.bat
[2012/12/28 11:07:56 | 000,001,136 | ---- | C] () -- C:\AFD_LEGACY2.reg
[2012/12/16 08:24:44 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/12/15 06:39:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/15 06:39:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/15 06:39:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/15 06:39:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/15 06:39:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/25 08:59:05 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/11/23 17:47:34 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2012/04/18 14:08:42 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/16 09:08:33 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/04/16 09:08:30 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/04/16 09:08:30 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012/04/04 08:42:02 | 000,045,497 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/04/04 08:40:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/04/04 08:40:20 | 000,028,644 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/12/08 18:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Extras

OTL Extras logfile created on: 1/2/2013 4:50:27 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DeFragger\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.63 Gb Available Physical Memory | 83.06% Memory free
15.96 Gb Paging File | 14.58 Gb Available in Paging File | 91.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 833.86 Gb Free Space | 89.53% Space Free | Partition Type: NTFS
Drive D: | 607.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 15.22 Gb Total Space | 15.21 Gb Free Space | 99.95% Space Free | Partition Type: FAT32

Computer Name: KIMS_BEAST | User Name: DeFragger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1DB1A317-7842-4DDA-8F38-7737CB76DD6F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{245CB269-E46A-4EED-8AA7-0B62224B9943}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{32EF19D1-86A1-4286-8E59-44E5A20C269D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{56172DE2-B1F3-4851-BD67-01C6BEC92008}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A4B4B6AB-4262-49C2-A3E1-0F3C027EA0A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A8649BA2-4A94-434E-A8BF-BECF6AB62840}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{ADB2579C-56B9-4130-BDEC-8F893BE28BD2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E7CFD54D-7FDC-4255-87AD-B1913A0C6EF9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EF0D87B0-BFBE-44FC-ADE4-056E7E3CB6C3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FDF76255-9F9E-4BB2-88B1-897A1FBC8CA7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62A4DA44-7303-448F-9DA7-E09C98729CB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer 3: Kane's Wrath
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"Diablo III" = Diablo III
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"Mozilla Thunderbird 16.0.1 (x86 en-US)" = Mozilla Thunderbird 16.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Red Alert 2" = Command & Conquer Red Alert 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"VLC media player" = VLC media player 2.0.0
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WOLAPI" = Westwood Shared Internet Components
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/22/2012 7:34:56 AM | Computer Name = Kims_Beast | Source = Schedule | ID = 0
Description =

Error - 12/22/2012 7:36:35 AM | Computer Name = Kims_Beast | Source = WinMgmt | ID = 10
Description =

Error - 12/22/2012 7:47:05 AM | Computer Name = Kims_Beast | Source = CVHSVC | ID = 100
Description = Information only. Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error - 12/23/2012 8:35:51 AM | Computer Name = Kims_Beast | Source = Schedule | ID = 0
Description =

Error - 12/23/2012 8:37:31 AM | Computer Name = Kims_Beast | Source = WinMgmt | ID = 10
Description =

Error - 12/23/2012 8:47:59 AM | Computer Name = Kims_Beast | Source = CVHSVC | ID = 100
Description = Information only. Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error - 12/23/2012 8:45:07 PM | Computer Name = Kims_Beast | Source = Schedule | ID = 0
Description =

Error - 12/23/2012 8:46:45 PM | Computer Name = Kims_Beast | Source = WinMgmt | ID = 10
Description =

Error - 12/23/2012 8:57:20 PM | Computer Name = Kims_Beast | Source = CVHSVC | ID = 100
Description = Information only. Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error - 12/24/2012 7:22:17 AM | Computer Name = Kims_Beast | Source = Schedule | ID = 0
Description =

[ System Events ]
Error - 1/2/2013 5:46:27 AM | Computer Name = Kims_Beast | Source = DCOM | ID = 10010
Description =

Error - 1/2/2013 5:46:27 AM | Computer Name = Kims_Beast | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = The BITS service failed to start. Error 2147952450.

Error - 1/2/2013 5:46:27 AM | Computer Name = Kims_Beast | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error %%-2147014846.

Error - 1/2/2013 5:46:57 AM | Computer Name = Kims_Beast | Source = DCOM | ID = 10010
Description =

Error - 1/2/2013 5:46:57 AM | Computer Name = Kims_Beast | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = The BITS service failed to start. Error 2147952450.

Error - 1/2/2013 5:46:57 AM | Computer Name = Kims_Beast | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error %%-2147014846.

Error - 1/2/2013 5:47:27 AM | Computer Name = Kims_Beast | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = The BITS service failed to start. Error 2147952450.

Error - 1/2/2013 5:47:27 AM | Computer Name = Kims_Beast | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error %%-2147014846.

Error - 1/2/2013 5:47:57 AM | Computer Name = Kims_Beast | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = The BITS service failed to start. Error 2147952450.

Error - 1/2/2013 5:47:57 AM | Computer Name = Kims_Beast | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error %%-2147014846.

< End of report >


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,

Click the link at the bottom of this post to download the attached file *Fix.txt* and save it to the infected computer's desktop.


Right-click *OTL.exe* and select *Run as administrator* to start the program
Click the *Run Fix* button at the top.
You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on *OK*
When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named *Fix.txt* and click *Open*
Some text will appear in the Custom scans/Fixes box.
Click the *Run Fix* button.
Let the program run unhindered, and click to allow the Reboot when it is done.
When the computer Reboots, and you start your usual account, a Notepad text file will appear.
Copy the contents of that file and post it in your next reply. The file will also be available as
*C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log*

Also please run minitoolbox again using the instructions below.

*MiniToolBox*
If it's not still on the computer re-download it from the link below,
MiniToolBox, save it to your desktop and run it. (Right-click and *Run as administrator*)

Checkmark the following checkboxes:

Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Devices
Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

*Note:* When using "Reset FF Proxy Settings" option Firefox should be closed.

*Please reply with:*

OTL log
MiniToolBox log


----------



## Defragger (Dec 13, 2012)

Good Morning Gizzy, here are the requested log files, Thanks again for all your help, Kim.

OTL Log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{154d339e-ccaa-49a5-9b38-6878ad4220bc}\ not found.
HKU\S-1-5-21-175869551-1456407368-2275875465-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-175869551-1456407368-2275875465-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\Internet Explorer\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{154d339e-ccaa-49a5-9b38-6878ad4220bc}\ not found.
Registry key HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BA7B5EEA-EEB4-475C-A94F-9F94A1DFFA8F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA7B5EEA-EEB4-475C-A94F-9F94A1DFFA8F}\ not found.
Prefs.js: crossriderapp3491%40crossrider.com:0.86.60 removed from extensions.enabledAddons
C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]\skin folder moved successfully.
C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]\chrome\content\lib folder moved successfully.
C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]\chrome\content\extensionCode folder moved successfully.
C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected] folder moved successfully.
Folder C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]\chrome\content\extensionCode\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ not found.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Legacy_afd.reg moved successfully.
C:\AFD2.bat moved successfully.
C:\AFD_LEGACY2.reg moved successfully.
========== FILES ==========
< netsh winsock reset catalog /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\DeFragger\Desktop\cmd.bat deleted successfully.
C:\Users\DeFragger\Desktop\cmd.txt deleted successfully.
< netsh int ipv4 reset reset.log /c >
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\DeFragger\Desktop\cmd.bat deleted successfully.
C:\Users\DeFragger\Desktop\cmd.txt deleted successfully.
< netsh int ipv6 reset reset.log /c >
There's no user specified settings to be reset.
C:\Users\DeFragger\Desktop\cmd.bat deleted successfully.
C:\Users\DeFragger\Desktop\cmd.txt deleted successfully.
< netsh int ip reset reset.log /c >
There's no user specified settings to be reset.
C:\Users\DeFragger\Desktop\cmd.bat deleted successfully.
C:\Users\DeFragger\Desktop\cmd.txt deleted successfully.
< sc start Dhcp /c >
[SC] StartService FAILED 1068:
The dependency service or group failed to start.
C:\Users\DeFragger\Desktop\cmd.bat deleted successfully.
C:\Users\DeFragger\Desktop\cmd.txt deleted successfully.
< sc start afd /c >
[SC] StartService FAILED 123:
The filename, directory name, or volume label syntax is incorrect.
C:\Users\DeFragger\Desktop\cmd.bat deleted successfully.
C:\Users\DeFragger\Desktop\cmd.txt deleted successfully.
< sc start wuauserv /c >
SERVICE_NAME: wuauserv 
TYPE : 20 WIN32_SHARE_PROCESS 
STATE : 2 START_PENDING 
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x7d0
PID : 1244
FLAGS : 
C:\Users\DeFragger\Desktop\cmd.bat deleted successfully.
C:\Users\DeFragger\Desktop\cmd.txt deleted successfully.
< sc start BITS /c >
SERVICE_NAME: BITS 
TYPE : 20 WIN32_SHARE_PROCESS 
STATE : 2 START_PENDING 
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x7d0
PID : 1244
FLAGS : 
C:\Users\DeFragger\Desktop\cmd.bat deleted successfully.
C:\Users\DeFragger\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\DeFragger\Desktop\cmd.bat deleted successfully.
C:\Users\DeFragger\Desktop\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
An error occurred while releasing interface Local Area Connection : The RPC server is unavailable.
C:\Users\DeFragger\Desktop\cmd.bat deleted successfully.
C:\Users\DeFragger\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
An error occurred while renewing interface Local Area Connection : The RPC server is unavailable.

C:\Users\DeFragger\Desktop\cmd.bat deleted successfully.
C:\Users\DeFragger\Desktop\cmd.txt deleted successfully.
< sc query Dhcp /c >
SERVICE_NAME: Dhcp 
TYPE : 20 WIN32_SHARE_PROCESS 
STATE : 1 STOPPED 
WIN32_EXIT_CODE : 1068 (0x42c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Users\DeFragger\Desktop\cmd.bat deleted successfully.
C:\Users\DeFragger\Desktop\cmd.txt deleted successfully.
< sc query afd /c >
SERVICE_NAME: afd 
TYPE : 1 KERNEL_DRIVER 
STATE : 1 STOPPED 
WIN32_EXIT_CODE : 31 (0x1f)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Users\DeFragger\Desktop\cmd.bat deleted successfully.
C:\Users\DeFragger\Desktop\cmd.txt deleted successfully.
< sc query wuauserv /c >
SERVICE_NAME: wuauserv 
TYPE : 20 WIN32_SHARE_PROCESS 
STATE : 1 STOPPED 
WIN32_EXIT_CODE : -2147014846 (0x80072742)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Users\DeFragger\Desktop\cmd.bat deleted successfully.
C:\Users\DeFragger\Desktop\cmd.txt deleted successfully.
< sc query BITS /c >
SERVICE_NAME: BITS 
TYPE : 20 WIN32_SHARE_PROCESS 
STATE : 1 STOPPED 
WIN32_EXIT_CODE : 1066 (0x42a)
SERVICE_EXIT_CODE : -2147014846 (0x80072742)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Users\DeFragger\Desktop\cmd.bat deleted successfully.
C:\Users\DeFragger\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DeFragger
->Temp folder emptied: 3457549 bytes
->Temporary Internet Files folder emptied: 434075 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 304858149 bytes
->Google Chrome cache emptied: 6926643 bytes
->Flash cache emptied: 4177 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 428857 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 302.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01032013_044306

Files\Folders moved on Reboot...
C:\Users\DeFragger\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

MiniToolBox

MiniToolBox by Farbar Version: 25-11-2012
Ran by DeFragger (administrator) on 03-01-2013 at 04:52:39
Running from "C:\Users\DeFragger\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Kims_Beast
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : C8-60-00-6C-8C-0D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5cb3:1268:b504:22e9%11(Preferred) 
Autoconfiguration IPv4 Address. . : 169.254.34.233(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{F1B89120-180F-4C2A-A43A-1B5E91D75DC6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...c8 60 00 6c 8c 0d ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.34.233 276
169.254.34.233 255.255.255.255 On-link 169.254.34.233 276
169.254.255.255 255.255.255.255 On-link 169.254.34.233 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.34.233 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.34.233 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::5cb3:1268:b504:22e9/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/03/2013 04:47:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/03/2013 04:46:22 AM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/03/2013 04:37:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/03/2013 04:35:52 AM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/02/2013 05:58:42 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (01/02/2013 05:48:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2013 05:46:32 PM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/02/2013 03:57:16 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (01/02/2013 03:46:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2013 03:45:07 PM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

System errors:
=============
Error: (01/03/2013 04:52:43 AM) (Source: Service Control Manager) (User: )
Description: The HTTP service failed to start due to the following error: 
%%22

Error: (01/03/2013 04:48:42 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147014846

Error: (01/03/2013 04:48:41 AM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error: 
%%22

Error: (01/03/2013 04:48:41 AM) (Source: Service Control Manager) (User: )
Description: The HTTP service failed to start due to the following error: 
%%22

Error: (01/03/2013 04:48:41 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069

Error: (01/03/2013 04:48:41 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/03/2013 04:46:44 AM) (Source: Service Control Manager) (User: )
Description: The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error: 
%%1068

Error: (01/03/2013 04:46:44 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1068

Error: (01/03/2013 04:46:44 AM) (Source: Service Control Manager) (User: )
Description: The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: 
%%1068

Error: (01/03/2013 04:46:44 AM) (Source: Service Control Manager) (User: )
Description: The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: 
%%1068

Microsoft Office Sessions:
=========================
Error: (01/03/2013 04:47:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/03/2013 04:46:22 AM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/03/2013 04:37:32 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/03/2013 04:35:52 AM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/02/2013 05:58:42 PM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (01/02/2013 05:48:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2013 05:46:32 PM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/02/2013 03:57:16 PM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (01/02/2013 03:46:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2013 03:45:07 PM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

CodeIntegrity Errors:
===================================
Date: 2012-12-15 06:42:38.194
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-15 06:42:38.178
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

========================= Devices: ================================

Name: Ancillary Function Driver for Winsock
Description: Ancillary Function Driver for Winsock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AFD
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HTTP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

**** End of log ****


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,

*SystemLook*
Please download *SystemLook* from one of the links below and save it to the infected computer's *Desktop*.
*Download Mirror #1
Download Mirror #2*


Right-click *SystemLook.exe* and select *Run as administrator* to run it.
Copy and paste the *content* of the following codebox into the main textfield:

```
:service
Dhcp
afd
http
wuauserv
BITS

:filefind
afd.*
http.*

:Regfind
afd

:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTP /s
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP /s
```

Click the *Look* button to start the scan.
Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## Defragger (Dec 13, 2012)

Good morning Gizzy, here's the SystemLook log file as requested.  Have a great weekend, Kim

SystemLook 30.07.11 by jpshortstuff
Log created at 04:46 on 04/01/2013 by DeFragger
Administrator - Elevation successful

========== service ==========

Dhcp
DHCP Client
"Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start."
Current Status: Stopped
Startup Type: Automatic
Error Control: Severe
Binary: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Group: TDI
SafeBoot: Network Network(Group)
Dependencies:
->NSI
->Tdx
->Afd
Dependant Services:
->WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) (Stopped)

afd
Ancillary Function Driver for Winsock
"Ancillary Function Driver for Winsock"
Current Status: Stopped
Startup Type: System
Error Control: Normal
Binary: \SystemRoot\system32\drivers\afd.sys
Group: PNP_TDI
SafeBoot: Network Network(Group)
Dependencies:
(none)
Dependant Services:
->TCP/IP NetBIOS Helper (lmhosts) (Stopped)
->WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) (Stopped)
->DHCP Client (Dhcp) (Stopped)

http
HTTP
"This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start."
Current Status: Stopped
Startup Type: Demand
Error Control: Critical
Binary: system32\drivers\HTTP.sys
Group: (none)
SafeBoot:
Dependencies:
(none)
Dependant Services:
->Windows Media Player Network Sharing Service (WMPNetworkSvc) (Stopped)
->Windows Remote Management (WS-Management) (WinRM) (Stopped)
->Windows Event Collector (Wecsvc) (Stopped)
->UPnP Device Host (upnphost) (Stopped)
->Media Center Extender Service (Mcx2Svc) (Stopped)
->SSDP Discovery (SSDPSRV) (Stopped)
->Fax (Fax) (Stopped)
->Print Spooler (Spooler) (Stopped)
->Routing and Remote Access (RemoteAccess) (Stopped)
->HomeGroup Provider (HomeGroupProvider) (Stopped)
->Function Discovery Resource Publication (FDResPub) (Stopped)
->PnP-X IP Bus Enumerator (IPBusEnum) (Stopped)
->Function Discovery Provider Host (fdPHost) (Stopped)

wuauserv
Windows Update
"Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API."
Current Status: Stopped
Startup Type: Automatic
Error Control: Severe
Binary: C:\Windows\system32\svchost.exe -k netsvcs
Group: (none)
SafeBoot:
Dependencies:
->rpcss
Dependant Services:
(none)

BITS
Background Intelligent Transfer Service
"Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information."
Current Status: Stopped
Startup Type: Automatic
Error Control: Severe
Binary: C:\Windows\System32\svchost.exe -k netsvcs
Group: (none)
SafeBoot:
Dependencies:
->RpcSs
->EventSystem
Dependant Services:
(none)

========== filefind ==========

Searching for "afd.*"
C:\FRST\Quarantine\AFD.SYS --a---- 22368 bytes [08:47 17/04/2012] [12:43 16/12/2012] 42B7E1AA0C7EC54652A50585793F1885
C:\Windows\System32\drivers\AFD.SYS --a---- 498688 bytes [08:47 17/04/2012] [03:59 28/12/2011] 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\System32\drivers\en-US\afd.sys.mui --a---- 14848 bytes [07:06 21/11/2010] [07:06 21/11/2010] E6A5E6AD9C6F4F30061068F321C0EC5A
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a7ddb2029817a18e\afd.sys.mui --a---- 14848 bytes [07:06 21/11/2010] [07:06 21/11/2010] E6A5E6AD9C6F4F30061068F321C0EC5A
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys --a---- 499712 bytes [03:24 21/11/2010] [03:24 21/11/2010] D31DC7A16DEA4A9BAF179F3D6FBDB38C
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys --a---- 499200 bytes [16:30 22/11/2011] [02:34 25/04/2011] D5B031C308A409A0A576BFF4CF083D30
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys --a---- 498688 bytes [08:47 17/04/2012] [03:59 28/12/2011] 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys --a---- 499200 bytes [16:30 22/11/2011] [03:09 25/04/2011] F4AD06143EAC303F55D0E86C40802976
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys --a---- 498176 bytes [08:47 17/04/2012] [04:01 28/12/2011] 36A14FD1A23F57046361733B792CA8DB

Searching for "http.*"
C:\Program Files (x86)\VideoLAN\VLC\lua\intf\http.luac --a---- 12708 bytes [18:11 17/02/2012] [18:11 17/02/2012] F6FE5573D974034268DDC423E0D77FDD
C:\Windows\System32\drivers\http.sys --a---- 753664 bytes [03:23 21/11/2010] [03:23 21/11/2010] 0EA7DE1ACB728DD5A369FD742D6EEE28
C:\Windows\System32\drivers\en-US\http.sys.mui --a---- 32256 bytes [07:06 21/11/2010] [07:06 21/11/2010] E7385B794486432C74CA8CBEAE1E957C
C:\Windows\winsxs\amd64_microsoft-windows-http.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6eea4a6ceff69d5a\http.sys.mui --a---- 32256 bytes [07:06 21/11/2010] [07:06 21/11/2010] E7385B794486432C74CA8CBEAE1E957C
C:\Windows\winsxs\amd64_microsoft-windows-http_31bf3856ad364e35_6.1.7601.17514_none_0ae701b82f7a7759\http.sys --a---- 753664 bytes [03:23 21/11/2010] [03:23 21/11/2010] 0EA7DE1ACB728DD5A369FD742D6EEE28
C:\Windows\winsxs\amd64_microsoft-windows-snmp-mib-files_31bf3856ad364e35_6.1.7600.16385_none_6b1c9d28fd950bf2\http.mib --a---- 21271 bytes [00:10 14/07/2009] [21:00 10/06/2009] 8FCC09B868D074AA553433554AA7FB56
C:\Windows\winsxs\x86_microsoft-windows-snmp-mib-files_31bf3856ad364e35_6.1.7600.16385_none_0efe01a545379abc\http.mib --a---- 21271 bytes [23:55 13/07/2009] [21:39 10/06/2009] 8FCC09B868D074AA553433554AA7FB56

========== Regfind ==========

Searching for "afd"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\17IMA ADPCM]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\1PCM]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\2Microsoft ADPCM]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\49GSM 6.10]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\654Messenger Audio Codec]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\6CCITT A-Law]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\7CCITT u-Law]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\85MPEG Layer-3]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device]
"CLSID"="{07B65360-C445-11CE-AFDE-00AA006C14F4}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Realtek Digital Output (Realtek High Definition Audio)]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Realtek Digital Output(Optical) (Realtek High Definition Audio)]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Speakers (Apowersoft_AudioDevice)]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Speakers (Realtek High Definition Audio)]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum 64-bit\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\17IMA ADPCM]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum 64-bit\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\1PCM]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum 64-bit\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\2Microsoft ADPCM]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum 64-bit\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\49GSM 6.10]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum 64-bit\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\6CCITT A-Law]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum 64-bit\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\7CCITT u-Law]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum 64-bit\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\85MPEG Layer-3]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device]
"CLSID"="{07B65360-C445-11CE-AFDE-00AA006C14F4}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Realtek Digital Output (Realtek High Definition Audio)]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Realtek Digital Output(Optical) (Realtek High Definition Audio)]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Speakers (Apowersoft_AudioDevice)]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Speakers (Realtek High Definition Audio)]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail]
"Default LDAP Account"="account{34ADAE98-F0FF-44CB-BFD6-070AFD152817}.oeaccount"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\13D\52C64B7E]
"@%systemroot%\system32\drivers\afd.sys,-1000"="Ancillary Function Driver for Winsock"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.URL\ShellEx\{CABB0DA0-DA57-11CF-9974-0020AFD79762}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADSystemInfo\Clsid]
@="{50B6327F-AFD1-11d2-9CB9-0000F87A369E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0B15AFD8-3A99-4A6E-9975-30D66F70BD94}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a4c31131-ff70-4984-afd6-0609ced53ad6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F370E41B-AFAD-4B49-AFD4-0FEF3FC1375D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{C5BB45D1-B0C8-4907-AFDA-05A099F4CFDD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f3ed1f2-afdd-4b0c-b6d9-229c1bc58a08}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15eae92e-f17a-4431-9f28-805e482dafd4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E1DAECB-F640-416d-96A3-2BC8AFDF6059}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{636B9F10-0C7D-11D1-95B2-0020AFDC7421}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66182EC4-AFD1-11d2-9CB9-0000F87A369E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E3D2E94-E6D8-4afd-AFDE-ABD26CA88BF5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{896664F7-12E1-490f-8782-C0835AFD98FC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90F18417-F0F1-484E-9D3C-59DCEEE5DBD8}]
"AppID"="{0B15AFD8-3A99-4A6E-9975-30D66F70BD94}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9264B7DC-A82F-4AFD-89C8-4F399DA7B028}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ecf51f8-cfb1-458d-9485-f5a231afd22f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FE63AFD-59CF-4419-9775-ABCC3849F861}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4c31131-ff70-4984-afd6-0609ced53ad6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4c31131-ff70-4984-afd6-0609ced53ad6}]
"AppId"="{a4c31131-ff70-4984-afd6-0609ced53ad6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE8AFD54-5B57-4961-8A9B-12ADF23B696A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFD7F94B-1627-436c-80C8-B464AA21CAD3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFD8EA5A-2B6E-4504-B681-C6E8BAD64BB6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B091E540-83E3-11CF-A713-0020AFD79762}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}]
"AppID"="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5BB45D1-B0C8-4907-AFDA-05A099F4CFDD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6EBC66B-8921-4193-AFDD-A1789FB7FF57}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DAFD8210-5711-4B91-9FE3-F75B7AE279BF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafd0-7f19-11d2-978e-0000f8757e2a}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECABAFD1-7F19-11D2-978E-0000F8757E2A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafd3-7f19-11d2-978e-0000f8757e2a}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F37AFD4F-E736-4980-8650-A486B1F2DF25}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7AFD75B-BF8C-4a11-BDB9-04AD66182F84}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DfsShell.DfsShellAdmin\CLSID]
@="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DfsShell.DfsShellAdmin.1\CLSID]
@="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DirectShow\MediaObjects\Categories\f3602b3f-0592-48df-a4cd-674721e7ebeb\dafd8210-5711-4b91-9fe3-f75b7ae279bf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DirectShow\MediaObjects\dafd8210-5711-4b91-9fe3-f75b7ae279bf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DTSOUTPUTLFXAPO.DTSOUTPUTLFX\CLSID]
@="{C5BB45D1-B0C8-4907-AFDA-05A099F4CFDD}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DTSOUTPUTLFXAPO.DTSOUTPUTLFX.1\CLSID]
@="{C5BB45D1-B0C8-4907-AFDA-05A099F4CFDD}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EhSched.EhEPGdatEventsMediator\CLSID]
@="{AFD8EA5A-2B6E-4504-B681-C6E8BAD64BB6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EhSched.EhEPGdatEventsMediator.1\CLSID]
@="{AFD8EA5A-2B6E-4504-B681-C6E8BAD64BB6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FaultrepDataCollectionInProc\CLSID]
@="{6E3D2E94-E6D8-4afd-AFDE-ABD26CA88BF5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\7828AFD463AE964399EF5F86EF8C6135]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DFC90B5F2B0FFA63D84FD16F6BF37C4B\Patches]
"7828AFD463AE964399EF5F86EF8C6135"=":RTM.1.1;:#RTM.1.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DFC90B5F2B0FFA63D84FD16F6BF37C4B\Patches]
"Patches"="79EB7C9295ED2A736A78A2DD351249A8 10DA027E5D39E8E3BBD84EFEA54F5EDD 18A997D716659513FB29571416EC6D6E 086118FFECEA53F39AC8B1486B0E1986 A28754D59901E713BACCFF365D2B3168 7828AFD463AE964399EF5F86EF8C6135 E26C6FA6D3E4FB335A19E9D435DB2FF2 4712B95E429EF1135894DA17C44166D4 A15A28B7B867B7A3DAAF7F7790A70897 E1F31DDFB6C9E1130A9D6D1E27CF82FF 4A48104E16A4E2D30953BCE6E116E070 5E2C63AD43B6A6A3C9A0D7C11C5C7A86 989E63749D2319B3097D6C88841E81AC F2E6961F3084F2637A65563B3684F36E"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{01AFD447-60CA-3B67-803A-E57B727F3A5B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04E32E89-3918-4AFD-B1F9-C9AF04B07DD9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07EC23DA-EF73-4BDE-A40F-F269E0B7AFD6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{18A4E900-E0AE-11D2-AFDD-00105A2799B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{19ADBAFD-1C5F-4FC7-94EE-846702DFB58B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1E1DAECB-F640-416d-96A3-2BC8AFDF6059}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1E1DAECB-F640-416d-96A3-2BC8AFDF6059}\ProxyStubClsid32]
@="{1E1DAECB-F640-416d-96A3-2BC8AFDF6059}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28C7F1D0-DE25-11D2-AFDD-00105A2799B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A439AB0-155F-470A-86A6-9EA54AFD6EAF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{404FAFDD-1E3F-3602-BFF6-755C00613ED8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}\TypeLib]
@="{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51372AFD-CAE7-11CF-BE81-00AA00A2FA25}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57DBE1A0-DE25-11D2-AFDD-00105A2799B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{583F34D0-DE25-11D2-AFDD-00105A2799B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5AFDC228-7896-31E9-AAB5-F01F6F07D5F0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5BB11929-AFD1-11d2-9CB9-0000F87A369E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6C6D65DC-AFD1-11d2-9CB9-0000F87A369E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71AF87C9-66C5-49E4-A602-B9012115AFD5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B9CEE5B-BC27-4480-92F8-65222AFD2BF9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A6E098B5-BA1D-4889-AFD6-81B2240718B6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE8AFD54-5B57-4961-8A9B-12ADF23B696A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE8AFD54-5B57-4961-8A9B-12ADF23B696A}\ProxyStubClsid32]
@="{AE8AFD54-5B57-4961-8A9B-12ADF23B696A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AFD1F242-7EFD-45EE-BA4E-407A25C9A77A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AFD77847-E2B2-4E73-AD83-11B4F4BE6D2A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AFD971E0-C870-11D0-A3A5-00C04FD706EC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AFDBA726-047A-4B83-B8C7-D812FE9CAA5C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C14342B8-BAFD-322A-BB71-62C672DA284E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C17A2AFD-2CE0-4BFE-9322-8BD55521E235}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C27990BB-3CFD-3D29-8DC0-BBE5FBADEAFD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC6DCAFD-0185-308A-891C-83812FE574E7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CEE3DEF2-3808-414D-BE66-FAFD472210BC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D318E959-22AB-4EEA-9A06-962B11AFDC29}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D5331D95-FFF2-358F-AFD5-588F469FF2E4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D625AFD0-8FD9-3113-A900-43912A54C421}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D6EBC66B-8921-4193-AFDD-A1789FB7FF57}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D6EBC66B-8921-4193-AFDD-A1789FB7FF57}\ProxyStubClsid32]
@="{D6EBC66B-8921-4193-AFDD-A1789FB7FF57}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DC2601D7-059E-42FC-A09D-2AFD21B6D5F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3AFD7BF-BC1C-4318-A170-140548044563}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ECABAFD2-7F19-11D2-978E-0000F8757E2A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{eff1f00b-488a-466d-afd9-a401c5f9eef5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.DirectMusic\CLSID]
@="{636B9F10-0C7D-11D1-95B2-0020AFDC7421}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.DirectMusic.1\CLSID]
@="{636B9F10-0C7D-11D1-95B2-0020AFDC7421}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.DirectSoundGargleDMO\CLSID]
@="{DAFD8210-5711-4B91-9FE3-F75B7AE279BF}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.DirectSoundGargleDMO.1\CLSID]
@="{DAFD8210-5711-4B91-9FE3-F75B7AE279BF}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSVidCtl.MSVidStreamBufferRecordingControl\CLSID]
@="{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSVidCtl.MSVidStreamBufferRecordingControl.1\CLSID]
@="{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.OutlookToolbar\CLSID]
@="{F37AFD4F-E736-4980-8650-A486B1F2DF25}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.OutlookToolbar.1\CLSID]
@="{F37AFD4F-E736-4980-8650-A486B1F2DF25}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.EnterpriseServices.Internal.ClrObjectFactory\CLSID]
@="{ECABAFD1-7F19-11D2-978E-0000F8757E2A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B45A4A80-86DA-11D1-B706-00A024DDAFD1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinNTSystemInfo\Clsid]
@="{66182EC4-AFD1-11d2-9CB9-0000F87A369E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0180E49C-13BF-46DB-9AFD-9F52292E1C22}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0f3ed1f2-afdd-4b0c-b6d9-229c1bc58a08}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1440AD10-6AA8-11D1-B6F9-00A024DDAFD1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{15eae92e-f17a-4431-9f28-805e482dafd4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1DAECB-F640-416d-96A3-2BC8AFDF6059}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{636B9F10-0C7D-11D1-95B2-0020AFDC7421}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66182EC4-AFD1-11d2-9CB9-0000F87A369E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E3D2E94-E6D8-4afd-AFDE-ABD26CA88BF5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{896664F7-12E1-490f-8782-C0835AFD98FC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9264B7DC-A82F-4AFD-89C8-4F399DA7B028}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9ecf51f8-cfb1-458d-9485-f5a231afd22f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{a4c31131-ff70-4984-afd6-0609ced53ad6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{a4c31131-ff70-4984-afd6-0609ced53ad6}]
"AppId"="{a4c31131-ff70-4984-afd6-0609ced53ad6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A9C8F210-55EB-4849-8807-EC49C5389A79}]
"AppID"="{F370E41B-AFAD-4B49-AFD4-0FEF3FC1375D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A9C8F210-55EB-4849-8807-EC49C5389A79}\TypeLib]
@="{F370E41B-AFAD-4B49-AFD4-0FEF3FC1375D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AE8AFD54-5B57-4961-8A9B-12ADF23B696A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFD7F94B-1627-436c-80C8-B464AA21CAD3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B091E540-83E3-11CF-A713-0020AFD79762}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B45A4A81-86DA-11D1-B706-00A024DDAFD1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B45A4A81-86DA-11D1-B706-00A024DDAFD1}\Typelib]
@="{B45A4A80-86DA-11D1-B706-00A024DDAFD1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\TypeLib]
@="{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}]
"AppID"="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D6EBC66B-8921-4193-AFDD-A1789FB7FF57}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DAFD8210-5711-4B91-9FE3-F75B7AE279BF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ecabafd0-7f19-11d2-978e-0000f8757e2a}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ECABAFD1-7F19-11D2-978E-0000F8757E2A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ecabafd3-7f19-11d2-978e-0000f8757e2a}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F37AFD4F-E736-4980-8650-A486B1F2DF25}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7AFD75B-BF8C-4a11-BDB9-04AD66182F84}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\DirectShow\MediaObjects\Categories\f3602b3f-0592-48df-a4cd-674721e7ebeb\dafd8210-5711-4b91-9fe3-f75b7ae279bf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\DirectShow\MediaObjects\dafd8210-5711-4b91-9fe3-f75b7ae279bf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{01AFD447-60CA-3B67-803A-E57B727F3A5B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{04E32E89-3918-4AFD-B1F9-C9AF04B07DD9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{07EC23DA-EF73-4BDE-A40F-F269E0B7AFD6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{18A4E900-E0AE-11D2-AFDD-00105A2799B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{19ADBAFD-1C5F-4FC7-94EE-846702DFB58B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1DAECB-F640-416d-96A3-2BC8AFDF6059}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1DAECB-F640-416d-96A3-2BC8AFDF6059}\ProxyStubClsid32]
@="{1E1DAECB-F640-416d-96A3-2BC8AFDF6059}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28C7F1D0-DE25-11D2-AFDD-00105A2799B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3A439AB0-155F-470A-86A6-9EA54AFD6EAF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{404FAFDD-1E3F-3602-BFF6-755C00613ED8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}\TypeLib]
@="{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{51372AFD-CAE7-11CF-BE81-00AA00A2FA25}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{57DBE1A0-DE25-11D2-AFDD-00105A2799B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{583F34D0-DE25-11D2-AFDD-00105A2799B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5BB11929-AFD1-11d2-9CB9-0000F87A369E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6C6D65DC-AFD1-11d2-9CB9-0000F87A369E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71AF87C9-66C5-49E4-A602-B9012115AFD5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7B9CEE5B-BC27-4480-92F8-65222AFD2BF9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A6E098B5-BA1D-4889-AFD6-81B2240718B6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AE8AFD54-5B57-4961-8A9B-12ADF23B696A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AE8AFD54-5B57-4961-8A9B-12ADF23B696A}\ProxyStubClsid32]
@="{AE8AFD54-5B57-4961-8A9B-12ADF23B696A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AFD1F242-7EFD-45EE-BA4E-407A25C9A77A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AFD77847-E2B2-4E73-AD83-11B4F4BE6D2A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AFD971E0-C870-11D0-A3A5-00C04FD706EC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AFDBA726-047A-4B83-B8C7-D812FE9CAA5C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C14342B8-BAFD-322A-BB71-62C672DA284E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C17A2AFD-2CE0-4BFE-9322-8BD55521E235}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C27990BB-3CFD-3D29-8DC0-BBE5FBADEAFD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CC6DCAFD-0185-308A-891C-83812FE574E7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CEE3DEF2-3808-414D-BE66-FAFD472210BC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D318E959-22AB-4EEA-9A06-962B11AFDC29}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D5331D95-FFF2-358F-AFD5-588F469FF2E4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D625AFD0-8FD9-3113-A900-43912A54C421}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D6EBC66B-8921-4193-AFDD-A1789FB7FF57}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D6EBC66B-8921-4193-AFDD-A1789FB7FF57}\ProxyStubClsid32]
@="{D6EBC66B-8921-4193-AFDD-A1789FB7FF57}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DC2601D7-059E-42FC-A09D-2AFD21B6D5F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{ECABAFD2-7F19-11D2-978E-0000F8757E2A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{eff1f00b-488a-466d-afd9-a401c5f9eef5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{0B15AFD8-3A99-4A6E-9975-30D66F70BD94}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{a4c31131-ff70-4984-afd6-0609ced53ad6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{F370E41B-AFAD-4B49-AFD4-0FEF3FC1375D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B45A4A80-86DA-11D1-B706-00A024DDAFD1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WW.TiberianSun\CLSID]
@="{B45A4A81-86DA-11D1-B706-00A024DDAFD1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WW.TiberianSun.1\CLSID]
@="{B45A4A81-86DA-11D1-B706-00A024DDAFD1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\712ad40\372afd06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\21fb6652\4e2f2502\5a\InvertDependencies]
"7821eafd\21fb6652\5d"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\712ad40\372afd06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\7\InvertDependencies]
"7821eafd\21fb6652\5d"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\7821eafd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{41D2B841-7692-4C83-AFD3-F60E845341AF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8e26bfc1-afd6-11cf-bffc-00aa003cfdfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CEFB7B49-9652-464F-8AFD-A577C0500F39}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-ieframe_31bf3856ad364e35_0.0.0.0_none_e49afdd0aea6b6b5]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2506928~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Windows\SoftwareDistribution\Download\9881bceacf5afdb1bf7c67c691f08a0e\inst\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2506928_SP1~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Windows\SoftwareDistribution\Download\9881bceacf5afdb1bf7c67c691f08a0e\inst\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2506928~31bf3856ad364e35~amd64~~6.1.2.0]
"InstallLocation"="\\?\C:\Windows\SoftwareDistribution\Download\9881bceacf5afdb1bf7c67c691f08a0e\inst\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DPX\Assets\458D2C4CFA4CAFD7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{9FE63AFD-59CF-4419-9775-ABCC3849F861}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}]
"ParsingName"="shell:::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{15eae92e-f17a-4431-9f28-805e482dafd4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{7F2F5B96-FF74-41da-AFD8-1C78A5F3AEA2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{921C636D-9FC8-40d7-899E-0845DCD03010}]
"Parent"="{7F2F5B96-FF74-41da-AFD8-1C78A5F3AEA2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersLibraries\NameSpace\DelegateFolders]
"StorageDelegate"="{896664F7-12E1-490f-8782-C0835AFD98FC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UsersLibraries\NameSpace\DelegateFolders\{896664F7-12E1-490f-8782-C0835AFD98FC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{1FE520E6-95FE-48a6-9956-D7FBC347A472}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1"><Rating ratingID="{7A53B0BE-B92D-4e8a-A11F-8E6F9F3C575B}" ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ><Descriptor descriptorID="{E04AAEE8-950C-43c4-B75C-D87736A7FAFD}" /></Rating ><Rating ratingID="{56DAFE1F-E267-476d-8E69-CB56652CC3D8}" ratingSystemID="{B305AB16-9FF2-40f5-A658-C014566500DE}" /><Rating ratingID="{24D81953-37B6-4e5e-B7DF-2B7D7AA6E53B}" ratingSystemID="{30d34abd-c6b3-4802-924e-f0c9fc65022b}" /><Rating ratingID="{BB63F1DB-83FB-4790-ABE5-920E0AC864BD}" ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" /><Rating ratingID="{464299D0-6D57-47e8-AA53-A849CBEA12CB}" ratingSystemID="{7F2A4D3A-23A8-4123-90E7-D986BF1D9718}" /><Rating ratingID="{464299D0-6D57-47e8-AA53-A849CBEA12CB}" ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" /><Rating ratingID="{FCC61B08-1352-4e5b-9D96-986EAB2FC503}" 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{3022722E-3A23-4839-AA85-348FC79C7686}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1"><Rating ratingID="{7A53B0BE-B92D-4e8a-A11F-8E6F9F3C575B}" ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ><Descriptor descriptorID="{E04AAEE8-950C-43c4-B75C-D87736A7FAFD}" /></Rating ><Rating ratingID="{56DAFE1F-E267-476d-8E69-CB56652CC3D8}" ratingSystemID="{B305AB16-9FF2-40f5-A658-C014566500DE}" /><Rating ratingID="{24D81953-37B6-4e5e-B7DF-2B7D7AA6E53B}" ratingSystemID="{30d34abd-c6b3-4802-924e-f0c9fc65022b}" /><Rating ratingID="{BB63F1DB-83FB-4790-ABE5-920E0AC864BD}" ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" /><Rating ratingID="{464299D0-6D57-47e8-AA53-A849CBEA12CB}" ratingSystemID="{7F2A4D3A-23A8-4123-90E7-D986BF1D9718}" /><Rating ratingID="{464299D0-6D57-47e8-AA53-A849CBEA12CB}" ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" /><Rating ratingID="{FCC61B08-1352-4e5b-9D96-986EAB2FC503}" 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{5FA410C1-1DD5-4238-833E-4DF9974FBC9C}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1"><Rating ratingID="{7A53B0BE-B92D-4e8a-A11F-8E6F9F3C575B}" ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ><Descriptor descriptorID="{E04AAEE8-950C-43c4-B75C-D87736A7FAFD}" /></Rating ><Rating ratingID="{56DAFE1F-E267-476d-8E69-CB56652CC3D8}" ratingSystemID="{B305AB16-9FF2-40f5-A658-C014566500DE}" /><Rating ratingID="{24D81953-37B6-4e5e-B7DF-2B7D7AA6E53B}" ratingSystemID="{30d34abd-c6b3-4802-924e-f0c9fc65022b}" /><Rating ratingID="{BB63F1DB-83FB-4790-ABE5-920E0AC864BD}" ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" /><Rating ratingID="{464299D0-6D57-47e8-AA53-A849CBEA12CB}" ratingSystemID="{7F2A4D3A-23A8-4123-90E7-D986BF1D9718}" /><Rating ratingID="{464299D0-6D57-47e8-AA53-A849CBEA12CB}" ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" /><Rating ratingID="{FCC61B08-1352-4e5b-9D96-986EAB2FC503}" 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C4CEA143AC3E3D43AFDC681B1FAF9D2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\252DAFDE79B4F234C8220B2EE52164C9]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2800ACC42731D8F4AB1AFD56EF13488D]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E9C7713ACB9014458218A76C8A3FAFD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A09D9AFDA0F7E6458D7B540A5043012]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4AFD0B837CA832F30B225B9DB2729612]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4BE992C1F8AFD614EB43D27CAB1CE42F]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\52AAFD69654C07446983ADA1256FC7A9]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\541FFB52AFDF086439FFB62DD9F6C41B]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\55C048AFD20A0D54893949EBCB96693D]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\632BD632C73077A48B4AFD6FB345A765]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DAFDFB976BE4B010BF18C3B9B1A1EE8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DAFDFB976BE4B010CF18C3B9B1A1EE8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\77BAFDA90BBCD9A4D80881D74D2F0106]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8206966AFD023DF409A61D094B233756]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8613DAFDB8A0784499AE731B59E20E65]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B847D878603511B40B3E0DF286AFDD4D]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD59FA061AFD9F48909FD6D453FAB81]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C34BC051623BECF428AFD21C26317C5A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC87B70DF35F0A148A25EE8BBAFDF4E9]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CDDFD054EC309EB4A8451E76BAFD6E30]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0124F7F9EA200246B4746AFDA62ACE7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Patches\7828AFD463AE964399EF5F86EF8C6135]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8DB08D9B4F6CC7647971A0AB6948AD92\Features]
"fea_Base"="v0DU&[email protected][D}?.09P*a=OtQ^l.+[}a2.DjMX&Ex8J11_sptCV_HBWhKGQl[9R8&Mg4{`4]5=k3zY[}o=`4'KV73dx=9_XeA6ycR?tL]k2kwvm,,[email protected]?}s(12hQOco`]Lz!K`_3A=cA8v1qCY9,MQss*nl*[email protected]_+4^.SWl?r=7*+B(cw2Eq4%gWC+b]L9XPjLil6Mz%`wh)][email protected]$w1r-lp7h=SS)qe8$HMuQGhh_+)e!EUcn.v88ZVv0wrZ(nNP8&@FNLF=_WQ)!KAf.Yu^Gv0CiSZ9xNp&sstk9oAZc^Syn&[email protected]?WPBAS&QbsEH*([email protected]%nelDFh3bze!YvbcdAh?hi5d.hZCMdl89+BLZ8f8l~ATU!T,ROy5xuzcV^M?EoNq)[email protected]!YQ*[email protected]{Ly([email protected]@cY?-%Gn7K^[`R{~'ErZCjY?eiVxV,{7-TVN0^odXM,=LW=AF[}H^`hK,q=V,fc?rfcy7b9((Od'7z.8Gh%=.J^(VB'@fPSK$2oZk[[email protected]^V-'&0'[email protected])M6jsJD3gKRU*=ZQow_9!p&Q%MQ,@9ML1f]!n?]?&cwB`&?*oNy62D7sf)y?'AugBXd9_Z=rMFe6Wd49-*pAym}ikNzH~%,[email protected]@Ut^YHY!=e1iAXAU[{KqW,f-JLbK4I^F3h8y.f'(NV*sQsH?(j}[email protected]_F[-h`U=*EK[&_IH-,9lcWP6V.l9=%[email protected]`yD,J,2^18j^V^?)LN}05QaBHf-8l8dJZI?nNrFkt.T)zx2)aG[0%5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DFC90B5F2B0FFA63D84FD16F6BF37C4B\Patches]
"AllPatches"="79EB7C9295ED2A736A78A2DD351249A8 10DA027E5D39E8E3BBD84EFEA54F5EDD 18A997D716659513FB29571416EC6D6E 086118FFECEA53F39AC8B1486B0E1986 A28754D59901E713BACCFF365D2B3168 7828AFD463AE964399EF5F86EF8C6135 E26C6FA6D3E4FB335A19E9D435DB2FF2 4712B95E429EF1135894DA17C44166D4 A15A28B7B867B7A3DAAF7F7790A70897 E1F31DDFB6C9E1130A9D6D1E27CF82FF 4A48104E16A4E2D30953BCE6E116E070 5E2C63AD43B6A6A3C9A0D7C11C5C7A86 989E63749D2319B3097D6C88841E81AC F2E6961F3084F2637A65563B3684F36E"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DFC90B5F2B0FFA63D84FD16F6BF37C4B\Patches\7828AFD463AE964399EF5F86EF8C6135]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_1ce2ba81e355d5d83354c235afdf790a_31bf3856ad364e35_none_f589c4ad7b154a2f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_7491b7286afdc44850a724498ea65dca_31bf3856ad364e35_none_bd54480a26234242]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_7c8862a148d8e42fc11eeafd8e17667d_31bf3856ad364e35_none_d90c71b9d0585098]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_7edbb983ff3bd8e12a7b524917afde91_31bf3856ad364e35_none_32b9e807d91b4a88]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_b6fcb1eb7b69f038c6504ca3095efcaa_31bf3856ad364e35_none_e0debf3efeacafd2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_hpoa1nd.inf-languagepack_31bf3856ad364e35_en-us_f748b78bd15afdab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_mdmcrtix.inf_31bf3856ad364e35_none_f6cafddec6488a3f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-b..t-strings.resources_31bf3856ad364e35_en-us_93d1522180afd329]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_9afd56f432219a2e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-desk_31bf3856ad364e35_none_cdafd322cc700197]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-disk_31bf3856ad364e35_none_cdafdabacc6ff633]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-f..ruetype-iskoolapota_31bf3856ad364e35_none_0db025bafd68d647]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-help-access_31bf3856ad364e35_none_bfafda45a5e7d96a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-help-oobeoptindetails_31bf3856ad364e35_none_afdb5a5799ba8b49]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-ime-korean-migration_31bf3856ad364e35_none_c5f6afd067a586d7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-l..se-oem-professional_31bf3856ad364e35_none_6dafd1bcfb4751e3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_pl-pl_afd81eea32a9614f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-peertopeerbase_31bf3856ad364e35_none_62c5b5a2cafd2dba]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-raschap.resources_31bf3856ad364e35_en-us_c273e55b5afdabaf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-remoteassistance_31bf3856ad364e35_none_0f7d7f27afd6f3a4]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-sqlliteoledb_31bf3856ad364e35_none_afd733864f1f4a18]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-t..omponents.resources_31bf3856ad364e35_en-us_134985f1088cafd2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-win32k.resources_31bf3856ad364e35_en-us_aa4c6e5afda1ae29]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-winsock-legacy-afd_31bf3856ad364e35_none_8d216bdb49713de0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft.windows.h...sdhost-driverclass_31bf3856ad364e35_none_02eafd2147318e29]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_en-us_956f26d2afd35ec1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_netfx-redist_config_files_b03f5f7f11d50a3a_none_51afdbd078dd9bd4]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-netsh_31bf3856ad364e35_none_a00aafd0803fc097]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_prngt002.inf.resources_31bf3856ad364e35_en-us_1c66afda8445fde2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_server-help-chm.sys_srv_31bf3856ad364e35_none_6026be1f2afd59ea]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_wdmaudio.inf_31bf3856ad364e35_none_5e040f8fafdd5167]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\msil_system.data.datasetextensions.resources_b77a5c561934e089_en-us_c4ab2bafd5ba37c2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\msil_system.management.i..mentation.resources_b77a5c561934e089_en-us_4f07afd6966fc5fb]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\msil_wsatconfig.resources_b03f5f7f11d50a3a_en-us_0471dd94f03a5afd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\wow64_microsoft-windows-netbt-full_31bf3856ad364e35_none_27404bafd5e8f20a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\wow64_microsoft-windows-systemrestore-main_31bf3856ad364e35_none_80afd9fa45025f3a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\wow64_microsoft-windows-w..tworksharingservice_31bf3856ad364e35_none_ef35705afdd27d0e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-c..er-office.resources_31bf3856ad364e35_en-us_0df0afddbd0910fe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-class_ss_31bf3856ad364e35_none_1c89bd96cafd719b]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-d..derapplet.resources_31bf3856ad364e35_en-us_896f9643afdbe296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-i..tional-codepage-850_31bf3856ad364e35_none_bfdd2863059afd8f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-i..tional-codepage-869_31bf3856ad364e35_none_bfdd22b1059afd8f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-m..-cpxl-dll.resources_31bf3856ad364e35_en-us_afd304c8a2c0565d]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-rasserver.resources_31bf3856ad364e35_en-us_2d7a8d64c90bafda]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-winsock-legacy-afd_31bf3856ad364e35_none_3102d0579113ccaa]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_wwf-ngenpriorities_31bf3856ad364e35_none_335afdde804253ce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-DPS/Analytic]
"OwningPublisher"="{6bba3851-2c7e-4dea-8f54-31e5afd029e3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-DPS/Debug]
"OwningPublisher"="{6bba3851-2c7e-4dea-8f54-31e5afd029e3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-DPS/Operational]
"OwningPublisher"="{6bba3851-2c7e-4dea-8f54-31e5afd029e3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Winsock-AFD/Operational]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{093da50c-0bb9-4d7d-b95c-3bb9fcda5ee8}]
"ResourceFileName"="%SystemRoot%\system32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{6bba3851-2c7e-4dea-8f54-31e5afd029e3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{9b307223-4e4d-4bf5-9be8-995cd8e7420b}]
"ResourceFileName"="%SystemRoot%\system32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e53c6823-7bb8-44bb-90dc-3f86090d48a6}]
@="Microsoft-Windows-Winsock-AFD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e53c6823-7bb8-44bb-90dc-3f86090d48a6}]
"ResourceFileName"="%SystemRoot%\system32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e53c6823-7bb8-44bb-90dc-3f86090d48a6}\ChannelReferences\0]
@="Microsoft-Windows-Winsock-AFD/Operational"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\XWizards\Components\{9264B7DC-A82F-4AFD-89C8-4F399DA7B028}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\Platform\EVR\{5C67A112-A4C9-483f-B4A7-1D473BECAFDC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{383487a6-3676-4870-a4e7-d45b30c35629}\{ed83b00b-6afd-4063-9420-16fe0fa3b36f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\DVD_NTSC\Video]
"{DE1AFD15-9ABA-45AD-B3DB-C0B4B4C127FA}"="0x0000004b"
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\DVD_NTSC\Video]
"{AFD5F567-5C1B-4ADC-BDAF-735610381436}"="0x00000000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\DVD_PAL\Video]
"{DE1AFD15-9ABA-45AD-B3DB-C0B4B4C127FA}"="0x0000004b"
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\DVD_PAL\Video]
"{AFD5F567-5C1B-4ADC-BDAF-735610381436}"="0x00000000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{41D2B841-7692-4C83-AFD3-F60E845341AF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8e26bfc1-afd6-11cf-bffc-00aa003cfdfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}]
"ParsingName"="shell:::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{15eae92e-f17a-4431-9f28-805e482dafd4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{7F2F5B96-FF74-41da-AFD8-1C78A5F3AEA2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{921C636D-9FC8-40d7-899E-0845DCD03010}]
"Parent"="{7F2F5B96-FF74-41da-AFD8-1C78A5F3AEA2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\UsersLibraries\NameSpace\DelegateFolders]
"StorageDelegate"="{896664F7-12E1-490f-8782-C0835AFD98FC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\UsersLibraries\NameSpace\DelegateFolders\{896664F7-12E1-490f-8782-C0835AFD98FC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\XWizards\Components\{9264B7DC-A82F-4AFD-89C8-4F399DA7B028}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Foundation\Platform\EVR\{5C67A112-A4C9-483f-B4A7-1D473BECAFDC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{383487a6-3676-4870-a4e7-d45b30c35629}\{ed83b00b-6afd-4063-9420-16fe0fa3b36f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\Stereo3D\GameConfigs\NoName]
"Link13"="SOAFDemo.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0180E49C-13BF-46DB-9AFD-9F52292E1C22}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0f3ed1f2-afdd-4b0c-b6d9-229c1bc58a08}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1440AD10-6AA8-11D1-B6F9-00A024DDAFD1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{15eae92e-f17a-4431-9f28-805e482dafd4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1E1DAECB-F640-416d-96A3-2BC8AFDF6059}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{636B9F10-0C7D-11D1-95B2-0020AFDC7421}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{66182EC4-AFD1-11d2-9CB9-0000F87A369E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6E3D2E94-E6D8-4afd-AFDE-ABD26CA88BF5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{896664F7-12E1-490f-8782-C0835AFD98FC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9264B7DC-A82F-4AFD-89C8-4F399DA7B028}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9ecf51f8-cfb1-458d-9485-f5a231afd22f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{a4c31131-ff70-4984-afd6-0609ced53ad6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{a4c31131-ff70-4984-afd6-0609ced53ad6}]
"AppId"="{a4c31131-ff70-4984-afd6-0609ced53ad6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A9C8F210-55EB-4849-8807-EC49C5389A79}]
"AppID"="{F370E41B-AFAD-4B49-AFD4-0FEF3FC1375D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A9C8F210-55EB-4849-8807-EC49C5389A79}\TypeLib]
@="{F370E41B-AFAD-4B49-AFD4-0FEF3FC1375D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AE8AFD54-5B57-4961-8A9B-12ADF23B696A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AFD7F94B-1627-436c-80C8-B464AA21CAD3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B091E540-83E3-11CF-A713-0020AFD79762}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B45A4A81-86DA-11D1-B706-00A024DDAFD1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B45A4A81-86DA-11D1-B706-00A024DDAFD1}\Typelib]
@="{B45A4A80-86DA-11D1-B706-00A024DDAFD1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\TypeLib]
@="{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}]
"AppID"="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D6EBC66B-8921-4193-AFDD-A1789FB7FF57}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DAFD8210-5711-4B91-9FE3-F75B7AE279BF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ecabafd0-7f19-11d2-978e-0000f8757e2a}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ECABAFD1-7F19-11D2-978E-0000F8757E2A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ecabafd3-7f19-11d2-978e-0000f8757e2a}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F37AFD4F-E736-4980-8650-A486B1F2DF25}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F7AFD75B-BF8C-4a11-BDB9-04AD66182F84}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\DirectShow\MediaObjects\Categories\f3602b3f-0592-48df-a4cd-674721e7ebeb\dafd8210-5711-4b91-9fe3-f75b7ae279bf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\DirectShow\MediaObjects\dafd8210-5711-4b91-9fe3-f75b7ae279bf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{01AFD447-60CA-3B67-803A-E57B727F3A5B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{04E32E89-3918-4AFD-B1F9-C9AF04B07DD9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{07EC23DA-EF73-4BDE-A40F-F269E0B7AFD6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{18A4E900-E0AE-11D2-AFDD-00105A2799B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{19ADBAFD-1C5F-4FC7-94EE-846702DFB58B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{1E1DAECB-F640-416d-96A3-2BC8AFDF6059}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{1E1DAECB-F640-416d-96A3-2BC8AFDF6059}\ProxyStubClsid32]
@="{1E1DAECB-F640-416d-96A3-2BC8AFDF6059}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{28C7F1D0-DE25-11D2-AFDD-00105A2799B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{3A439AB0-155F-470A-86A6-9EA54AFD6EAF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{404FAFDD-1E3F-3602-BFF6-755C00613ED8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}\TypeLib]
@="{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{51372AFD-CAE7-11CF-BE81-00AA00A2FA25}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{57DBE1A0-DE25-11D2-AFDD-00105A2799B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{583F34D0-DE25-11D2-AFDD-00105A2799B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{5BB11929-AFD1-11d2-9CB9-0000F87A369E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6C6D65DC-AFD1-11d2-9CB9-0000F87A369E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{71AF87C9-66C5-49E4-A602-B9012115AFD5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7B9CEE5B-BC27-4480-92F8-65222AFD2BF9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A6E098B5-BA1D-4889-AFD6-81B2240718B6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AE8AFD54-5B57-4961-8A9B-12ADF23B696A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AE8AFD54-5B57-4961-8A9B-12ADF23B696A}\ProxyStubClsid32]
@="{AE8AFD54-5B57-4961-8A9B-12ADF23B696A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AFD1F242-7EFD-45EE-BA4E-407A25C9A77A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AFD77847-E2B2-4E73-AD83-11B4F4BE6D2A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AFD971E0-C870-11D0-A3A5-00C04FD706EC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AFDBA726-047A-4B83-B8C7-D812FE9CAA5C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{C14342B8-BAFD-322A-BB71-62C672DA284E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{C17A2AFD-2CE0-4BFE-9322-8BD55521E235}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{C27990BB-3CFD-3D29-8DC0-BBE5FBADEAFD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{CC6DCAFD-0185-308A-891C-83812FE574E7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{CEE3DEF2-3808-414D-BE66-FAFD472210BC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D318E959-22AB-4EEA-9A06-962B11AFDC29}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D5331D95-FFF2-358F-AFD5-588F469FF2E4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D625AFD0-8FD9-3113-A900-43912A54C421}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D6EBC66B-8921-4193-AFDD-A1789FB7FF57}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D6EBC66B-8921-4193-AFDD-A1789FB7FF57}\ProxyStubClsid32]
@="{D6EBC66B-8921-4193-AFDD-A1789FB7FF57}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{DC2601D7-059E-42FC-A09D-2AFD21B6D5F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{ECABAFD2-7F19-11D2-978E-0000F8757E2A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{eff1f00b-488a-466d-afd9-a401c5f9eef5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{0B15AFD8-3A99-4A6E-9975-30D66F70BD94}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{a4c31131-ff70-4984-afd6-0609ced53ad6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{F370E41B-AFAD-4B49-AFD4-0FEF3FC1375D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B45A4A80-86DA-11D1-B706-00A024DDAFD1}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}\Subservices\{3DD12A98-5AFD-4903-A13F-E17E6C0BFE01}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaCategories\{22B0EAFD-96E3-11d2-AC4C-00C04F8EFB68}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\NetCoreHelperClass\HelperClasses\IpPath]
"CLSID"="{0f3ed1f2-afdd-4b0c-b6d9-229c1bc58a08}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\NetCoreHelperClass\HelperClasses\Winsock\Providers\{e53c6823-7bb8-44bb-90dc-3f86090d48a6}]
"Name"="Microsoft-Windows-Winsock-AFD"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\NetCoreHelperClass\HelperClasses\Winsock\RootCauses\{4CC189F9-4AFD-4a1e-91C9-90881165DD3B}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\RootCauses\{97bafddc-13c4-4d21-9b83-b01e3f4f1dd1}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\9596FB26-9850-41fd-AC3E-F7C3C00AFD4B]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\Scenarios\{045275DA-E6C7-43a3-ADEF-8005C9D661E4}\Instrumentation\{6bba3851-2c7e-4dea-8f54-31e5afd029e3};2]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\Scenarios\{3af8b24a-c441-4fa4-8c5c-bed591bfa867}\Instrumentation\{6bba3851-2c7e-4dea-8f54-31e5afd029e3};1]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\Scenarios\{3af8b24a-c441-4fa4-8c5c-bed591bfa867}\Instrumentation\{6bba3851-2c7e-4dea-8f54-31e5afd029e3};180]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\Scenarios\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}\Instrumentation\{6bba3851-2c7e-4dea-8f54-31e5afd029e3};1]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\Scenarios\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}\Instrumentation\{6bba3851-2c7e-4dea-8f54-31e5afd029e3};180]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\EventLog-Application]
"Guid"="{639eade2-9051-5ddc-d208-b51afd9e984b}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\EventLog-System\{6bba3851-2c7e-4dea-8f54-31e5afd029e3}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AFD\0000]
"Service"="AFD"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AFD\0000]
"DeviceDesc"="@%systemroot%\system32\drivers\afd.sys,-1000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AFD]
"DisplayName"="@%systemroot%\system32\drivers\afd.sys,-1000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AFD]
"Description"="@%systemroot%\system32\drivers\afd.sys,-1000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AFD\Enum]
"0"="Root\LEGACY_AFD\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp]
"DependOnService"="NSI Tdx Afd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts]
"DependOnService"="NetBT Afd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}\Subservices\{3DD12A98-5AFD-4903-A13F-E17E6C0BFE01}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\MediaCategories\{22B0EAFD-96E3-11d2-AC4C-00C04F8EFB68}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetDiagFx\Microsoft\HostDLLs\NetCoreHelperClass\HelperClasses\IpPath]
"CLSID"="{0f3ed1f2-afdd-4b0c-b6d9-229c1bc58a08}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetDiagFx\Microsoft\HostDLLs\NetCoreHelperClass\HelperClasses\Winsock\Providers\{e53c6823-7bb8-44bb-90dc-3f86090d48a6}]
"Name"="Microsoft-Windows-Winsock-AFD"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetDiagFx\Microsoft\HostDLLs\NetCoreHelperClass\HelperClasses\Winsock\RootCauses\{4CC189F9-4AFD-4a1e-91C9-90881165DD3B}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\RootCauses\{97bafddc-13c4-4d21-9b83-b01e3f4f1dd1}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Power\PowerSettings\9596FB26-9850-41fd-AC3E-F7C3C00AFD4B]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\WDI\Scenarios\{045275DA-E6C7-43a3-ADEF-8005C9D661E4}\Instrumentation\{6bba3851-2c7e-4dea-8f54-31e5afd029e3};2]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\WDI\Scenarios\{3af8b24a-c441-4fa4-8c5c-bed591bfa867}\Instrumentation\{6bba3851-2c7e-4dea-8f54-31e5afd029e3};1]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\WDI\Scenarios\{3af8b24a-c441-4fa4-8c5c-bed591bfa867}\Instrumentation\{6bba3851-2c7e-4dea-8f54-31e5afd029e3};180]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\WDI\Scenarios\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}\Instrumentation\{6bba3851-2c7e-4dea-8f54-31e5afd029e3};1]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\WDI\Scenarios\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}\Instrumentation\{6bba3851-2c7e-4dea-8f54-31e5afd029e3};180]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\WMI\Autologger\EventLog-Application]
"Guid"="{639eade2-9051-5ddc-d208-b51afd9e984b}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\WMI\Autologger\EventLog-System\{6bba3851-2c7e-4dea-8f54-31e5afd029e3}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AFD\0000]
"Service"="AFD"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AFD\0000]
"DeviceDesc"="@%systemroot%\system32\drivers\afd.sys,-1000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AFD]
"DisplayName"="@%systemroot%\system32\drivers\afd.sys,-1000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AFD]
"Description"="@%systemroot%\system32\drivers\afd.sys,-1000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AFD\Enum]
"0"="Root\LEGACY_AFD\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Dhcp]
"DependOnService"="NSI Tdx Afd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\lmhosts]
"DependOnService"="NetBT Afd"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000]
"Service"="AFD"
[HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000]
"DeviceDesc"="@%systemroot%\system32\drivers\afd.sys,-1000"
[HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000\Control]
"ActiveService"="AFD"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}\Subservices\{3DD12A98-5AFD-4903-A13F-E17E6C0BFE01}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaCategories\{22B0EAFD-96E3-11d2-AC4C-00C04F8EFB68}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\NetCoreHelperClass\HelperClasses\IpPath]
"CLSID"="{0f3ed1f2-afdd-4b0c-b6d9-229c1bc58a08}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\NetCoreHelperClass\HelperClasses\Winsock\Providers\{e53c6823-7bb8-44bb-90dc-3f86090d48a6}]
"Name"="Microsoft-Windows-Winsock-AFD"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\NetCoreHelperClass\HelperClasses\Winsock\RootCauses\{4CC189F9-4AFD-4a1e-91C9-90881165DD3B}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\RootCauses\{97bafddc-13c4-4d21-9b83-b01e3f4f1dd1}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\9596FB26-9850-41fd-AC3E-F7C3C00AFD4B]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WDI\Scenarios\{045275DA-E6C7-43a3-ADEF-8005C9D661E4}\Instrumentation\{6bba3851-2c7e-4dea-8f54-31e5afd029e3};2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WDI\Scenarios\{3af8b24a-c441-4fa4-8c5c-bed591bfa867}\Instrumentation\{6bba3851-2c7e-4dea-8f54-31e5afd029e3};1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WDI\Scenarios\{3af8b24a-c441-4fa4-8c5c-bed591bfa867}\Instrumentation\{6bba3851-2c7e-4dea-8f54-31e5afd029e3};180]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WDI\Scenarios\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}\Instrumentation\{6bba3851-2c7e-4dea-8f54-31e5afd029e3};1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WDI\Scenarios\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}\Instrumentation\{6bba3851-2c7e-4dea-8f54-31e5afd029e3};180]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-Application]
"Guid"="{639eade2-9051-5ddc-d208-b51afd9e984b}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-System\{6bba3851-2c7e-4dea-8f54-31e5afd029e3}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000]
"Service"="AFD"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000]
"DeviceDesc"="@%systemroot%\system32\drivers\afd.sys,-1000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD]
"DisplayName"="@%systemroot%\system32\drivers\afd.sys,-1000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD]
"Description"="@%systemroot%\system32\drivers\afd.sys,-1000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Enum]
"0"="Root\LEGACY_AFD\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp]
"DependOnService"="NSI Tdx Afd"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lmhosts]
"DependOnService"="NetBT Afd"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\13D\52C64B7E]
"@%systemroot%\system32\drivers\afd.sys,-1000"="Ancillary Function Driver for Winsock"
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\PhysicalDeviceID\01KnTXeiBruXK8s5eNFVoflA]
"AppIdList"="{AFDA72BF-3409-413A-B54E-2AB8D66A7826}_S-1-5-21-175869551-1456407368-2275875465-1001;{8CC11465-DF53-4789-AC99-F7C08E1D5200}_S-1-5-21-175869551-1456407368-2275875465-1001;"
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-175869551-1456407368-2275875465-1001\02iqzizicymo]
"AppIdList"="{AFDA72BF-3409-413A-B54E-2AB8D66A7826};"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\DPX\Assets\458D2C4CFA4CAFD7]
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\17IMA ADPCM]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\1PCM]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\2Microsoft ADPCM]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\49GSM 6.10]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\654Messenger Audio Codec]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\6CCITT A-Law]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\7CCITT u-Law]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\85MPEG Layer-3]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device]
"CLSID"="{07B65360-C445-11CE-AFDE-00AA006C14F4}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Realtek Digital Output (Realtek High Definition Audio)]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Realtek Digital Output(Optical) (Realtek High Definition Audio)]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Speakers (Apowersoft_AudioDevice)]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Speakers (Realtek High Definition Audio)]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum 64-bit\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\17IMA ADPCM]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum 64-bit\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\1PCM]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum 64-bit\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\2Microsoft ADPCM]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum 64-bit\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\49GSM 6.10]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum 64-bit\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\6CCITT A-Law]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum 64-bit\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\7CCITT u-Law]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum 64-bit\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\85MPEG Layer-3]
"CLSID"="{6A08CF80-0E18-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device]
"CLSID"="{07B65360-C445-11CE-AFDE-00AA006C14F4}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Realtek Digital Output (Realtek High Definition Audio)]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Realtek Digital Output(Optical) (Realtek High Definition Audio)]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Speakers (Apowersoft_AudioDevice)]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Speakers (Realtek High Definition Audio)]
"CLSID"="{79376820-07D0-11CF-A24D-0020AFD79767}"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\Windows Live Mail]
"Default LDAP Account"="account{34ADAE98-F0FF-44CB-BFD6-070AFD152817}.oeaccount"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Classes\Local Settings\MuiCache\13D\52C64B7E]
"@%systemroot%\system32\drivers\afd.sys,-1000"="Ancillary Function Driver for Winsock"
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001_Classes\Local Settings\MuiCache\13D\52C64B7E]
"@%systemroot%\system32\drivers\afd.sys,-1000"="Ancillary Function Driver for Winsock"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\13D\52C64B7E]
"@%systemroot%\system32\drivers\afd.sys,-1000"="Ancillary Function Driver for Winsock"
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\PhysicalDeviceID\01KnTXeiBruXK8s5eNFVoflA]
"AppIdList"="{AFDA72BF-3409-413A-B54E-2AB8D66A7826}_S-1-5-21-175869551-1456407368-2275875465-1001;{8CC11465-DF53-4789-AC99-F7C08E1D5200}_S-1-5-21-175869551-1456407368-2275875465-1001;"
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-175869551-1456407368-2275875465-1001\02iqzizicymo]
"AppIdList"="{AFDA72BF-3409-413A-B54E-2AB8D66A7826};"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\DPX\Assets\458D2C4CFA4CAFD7]

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTP]
"NextInstance"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTP\0000]
"Service"="HTTP"
"Legacy"= 0x0000000001 (1)
"ConfigFlags"= 0x0000000000 (0)
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="@%SystemRoot%\system32\drivers\http.sys,-1"
"Capabilities"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTP\0000\Control]
(No values found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP]
"DisplayName"="@%SystemRoot%\system32\drivers\http.sys,-1"
"ImagePath"="system32\drivers\HTTP.sys"
"Description"="@%SystemRoot%\system32\drivers\http.sys,-2"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000003 (3)
"Type"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters]
(No values found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo]
(No values found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]
"http://*:2869/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 1c 00 01 00 00 00 00 00 14 00 00 00 00 20 01 01 00 00 00 00 00 05 13 00 00 00 (REG_BINARY)
"http://+:80/Temporary_Listen_Addresses/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 1c 00 01 00 00 00 00 00 14 00 00 00 00 20 01 01 00 00 00 00 00 01 00 00 00 00 (REG_BINARY)
"http://*:5357/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 00 00 00 20 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 00 14 00 00 00 00 20 01 01 00 00 00 00 00 05 13 00 00 00 (REG_BINARY)
"https://*:5358/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 00 00 00 20 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 00 14 00 00 00 00 20 01 01 00 00 00 00 00 05 13 00 00 00 (REG_BINARY)
"http://+:47001/wsman/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 58 00 02 00 00 00 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 86 2a ee 21 d7 5b 09 b0 a4 5b 6c ad bb 83 93 4d ea 67 90 18 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 43 b4 fa f1 d3 d4 54 34 a8 d5 3e 4a 53 0a 6c 1f 3d ee 9b b2 (REG_BINARY)
"http://+:5985/wsman/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 58 00 02 00 00 00 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 86 2a ee 21 d7 5b 09 b0 a4 5b 6c ad bb 83 93 4d ea 67 90 18 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 43 b4 fa f1 d3 d4 54 34 a8 d5 3e 4a 53 0a 6c 1f 3d ee 9b b2 (REG_BINARY)
"https://+:5986/wsman/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 58 00 02 00 00 00 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 86 2a ee 21 d7 5b 09 b0 a4 5b 6c ad bb 83 93 4d ea 67 90 18 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 43 b4 fa f1 d3 d4 54 34 a8 d5 3e 4a 53 0a 6c 1f 3d ee 9b b2 (REG_BINARY)
"https://+:443/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 5c 00 03 00 00 00 00 00 28 00 00 00 00 10 01 06 00 00 00 00 00 05 50 00 00 00 7e a6 c8 cc 2a ae a7 2f c1 eb fb e1 ba e3 6b c0 da d0 2b af 00 00 18 00 00 00 00 80 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 00 00 00 10 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)
"http://+:10243/WMPNSSv4/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 01 00 00 00 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 39 0b 9a 8d 3e 6d c7 2d 58 a4 ad d2 48 66 ef 3b c8 b6 4a ab (REG_BINARY)
"https://+:10245/WMPNSSv4/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 01 00 00 00 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 39 0b 9a 8d 3e 6d c7 2d 58 a4 ad d2 48 66 ef 3b c8 b6 4a ab (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Security]
"Security"=01 00 14 80 a0 00 00 00 ac 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 ff 01 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 9d 00 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 9d 00 02 00 01 01 00 00 00 00 00 05 06 00 00 00 00 00 14 00 9d 00 02 00 01 01 00 00 00 00 00 05 03 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Enum]
"0"="Root\LEGACY_HTTP\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)
"INITSTARTFAILED"= 0x0000000001 (1)

-= EOF =-


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,

*SystemLook*

Right-click *SystemLook.exe* and select *Run as administrator* to run it.
Copy and paste the *content* of the following codebox into the main textfield:

```
:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD /s
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD /s
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## Defragger (Dec 13, 2012)

Good morning Gizzy, here is the SystemLook log. Thanks again for your continued help, Kim.

SystemLook 30.07.11 by jpshortstuff
Log created at 07:27 on 05/01/2013 by DeFragger
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD]
"NextInstance"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000]
"Service"="AFD"
"Legacy"= 0x0000000001 (1)
"ConfigFlags"= 0x0000000400 (1024)
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="@%systemroot%\system32\drivers\afd.sys,-1000"
"Capabilities"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000\Control]
(No values found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD]
"BootFlags"= 0x0000000001 (1)
"DisplayName"="@%systemroot%\system32\drivers\afd.sys,-1000"
"Group"="PNP_TDI"
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
"Description"="@%systemroot%\system32\drivers\afd.sys,-1000"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000001 (1)
"Type"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD\Enum]
"0"="Root\LEGACY_AFD\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)
"INITSTARTFAILED"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD\Parameters]
(No values found)

-= EOF =-


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,


Go to Start > Run (alternatively use Windows key+R), type *devmgmt.msc* and click *OK*
Click *View* at the top, then *Show hidden devices*
Expand *Non-Plug and Play Drivers* by clicking on the + sign
Right-click on *Ancillary Function Driver for Winsock* and select *Uninstall*
Then right-click on *HTTP* and select *Uninstall*
Please reboot your computer and check your internet
If you still do not have internet please rerun MiniToolBox and post a new log


----------



## Defragger (Dec 13, 2012)

Good Morning Gizzy, I trust you had a good one. Well, sorry, no internet connection so here is the MiniToolBox log, once again thanks so much for all your help, Kim.

MiniToolBox by Farbar Version: 25-11-2012
Ran by DeFragger (administrator) on 07-01-2013 at 03:49:18
Running from "C:\Users\DeFragger\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Kims_Beast
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : C8-60-00-6C-8C-0D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5cb3:1268:b504:22e9%11(Preferred) 
Autoconfiguration IPv4 Address. . : 169.254.34.233(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{F1B89120-180F-4C2A-A43A-1B5E91D75DC6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...c8 60 00 6c 8c 0d ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.34.233 276
169.254.34.233 255.255.255.255 On-link 169.254.34.233 276
169.254.255.255 255.255.255.255 On-link 169.254.34.233 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.34.233 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.34.233 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::5cb3:1268:b504:22e9/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/07/2013 03:48:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2013 03:47:02 AM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/07/2013 03:38:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2013 03:37:10 AM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/06/2013 06:05:00 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (01/06/2013 05:54:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2013 05:52:48 AM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/05/2013 03:58:21 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (01/05/2013 03:47:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2013 03:46:15 PM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

System errors:
=============
Error: (01/07/2013 03:49:22 AM) (Source: Service Control Manager) (User: )
Description: The HTTP service failed to start due to the following error: 
%%22

Error: (01/07/2013 03:49:16 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147014846

Error: (01/07/2013 03:49:15 AM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error: 
%%22

Error: (01/07/2013 03:49:15 AM) (Source: Service Control Manager) (User: )
Description: The HTTP service failed to start due to the following error: 
%%22

Error: (01/07/2013 03:49:14 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069

Error: (01/07/2013 03:49:14 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/07/2013 03:47:15 AM) (Source: Service Control Manager) (User: )
Description: The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error: 
%%1068

Error: (01/07/2013 03:47:15 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1068

Error: (01/07/2013 03:47:15 AM) (Source: Service Control Manager) (User: )
Description: The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: 
%%1068

Error: (01/07/2013 03:47:15 AM) (Source: Service Control Manager) (User: )
Description: The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: 
%%1068

Microsoft Office Sessions:
=========================
Error: (01/07/2013 03:48:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2013 03:47:02 AM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/07/2013 03:38:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2013 03:37:10 AM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/06/2013 06:05:00 AM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (01/06/2013 05:54:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2013 05:52:48 AM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/05/2013 03:58:21 PM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (01/05/2013 03:47:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2013 03:46:15 PM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

CodeIntegrity Errors:
===================================
Date: 2012-12-15 06:42:38.194
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-15 06:42:38.178
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

7-Zip 4.65
Adobe Flash Player 11 ActiveX (Version: 11.5.502.110)
Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.14.3.0)
AVG 2013 (Version: 13.0.2637)
AVG 2013 (Version: 13.0.2805)
AVG 2013 (Version: 2013.0.2805)
AVG Security Toolbar
Call of Duty(R) 2 (Version: 1.00.0000)
Call of Duty(R) 2 (Version: 1.3)
Call of Duty(R) 2 Patch 1.3 (Version: 1.3)
Command & Conquer 3 (Version: 1.00.0000)
Command & Conquer Red Alert 2
Command & Conquer 3: Kane's Wrath (Version: 1.00.0000)
D3DX10 (Version: 15.4.2368.0902)
Diablo III (Version: 1.0.5.12811)
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Management Engine Components (Version: 8.0.0.1351)
Intel(R) Rapid Storage Technology (Version: 10.5.0.1026)
Intel® Trusted Connect Service Client (Version: 1.23.216.0)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 15.4.3502.0922)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
Mozilla Thunderbird 16.0.1 (x86 en-US) (Version: 16.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
NVIDIA 3D Vision Controller Driver 295.73 (Version: 295.73)
NVIDIA 3D Vision Driver 306.97 (Version: 306.97)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (Version: 9.12.0209)
NVIDIA PhysX System Software 9.12.0209 (Version: 9.12.0209)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0697)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Realtek Ethernet Controller Driver (Version: 7.49.927.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6526)
Steam (Version: 1.0.0.0)
The Elder Scrolls V: Skyrim
TomTom HOME (Version: 2.9.2)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.0 (Version: 2.0.0)
Westwood Shared Internet Components
Winamp (Version: 5.623 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Detect

========================= Devices: ================================

**** End of log ****


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,

*ServicesRepair*

Download ServicesRepair.exe by ESET from *Here* and save it to the infected computer's desktop.
Double-click *ServicesRepair.exe* to run it.
OK any prompts that your PC may display and then click *Yes* when asked if you want to proceed.
Once the tool is finished you will be prompted to restart your computer. Click *Yes* to restart.

*SystemLook*

Right-click *SystemLook.exe* and select *Run as administrator* to run it.
Copy and paste the *content* of the following codebox into the main textfield:

```
:service
Dhcp
afd
http
wuauserv
BITS

:filefind
afd.*
http.*

:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD /s
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTP /s
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP /s
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

*Please reply with:*

SystemLook log


----------



## Defragger (Dec 13, 2012)

Good afternoon Gizzy, a surprise to see you replied again today! K, here is the SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 16:15 on 07/01/2013 by DeFragger
Administrator - Elevation successful

========== service ==========

Dhcp
DHCP Client
"Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start."
Current Status: Stopped
Startup Type: Automatic
Error Control: Severe
Binary: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Group: TDI
SafeBoot: Network Network(Group)
Dependencies:
->NSI
->Tdx
->Afd
Dependant Services:
->WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) (Stopped)

afd
Ancillary Function Driver for Winsock
"Ancillary Function Driver for Winsock"
Current Status: Stopped
Startup Type: System
Error Control: Normal
Binary: \SystemRoot\system32\drivers\afd.sys
Group: PNP_TDI
SafeBoot: Network Network(Group)
Dependencies:
(none)
Dependant Services:
->TCP/IP NetBIOS Helper (lmhosts) (Stopped)
->WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) (Stopped)
->DHCP Client (Dhcp) (Stopped)

http
HTTP
"This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start."
Current Status: Stopped
Startup Type: Demand
Error Control: Critical
Binary: system32\drivers\HTTP.sys
Group: (none)
SafeBoot:
Dependencies:
(none)
Dependant Services:
->Windows Media Player Network Sharing Service (WMPNetworkSvc) (Stopped)
->Windows Remote Management (WS-Management) (WinRM) (Stopped)
->Windows Event Collector (Wecsvc) (Stopped)
->UPnP Device Host (upnphost) (Stopped)
->Media Center Extender Service (Mcx2Svc) (Stopped)
->SSDP Discovery (SSDPSRV) (Stopped)
->Fax (Fax) (Stopped)
->Print Spooler (Spooler) (Stopped)
->Routing and Remote Access (RemoteAccess) (Stopped)
->HomeGroup Provider (HomeGroupProvider) (Stopped)
->Function Discovery Resource Publication (FDResPub) (Stopped)
->PnP-X IP Bus Enumerator (IPBusEnum) (Stopped)
->Function Discovery Provider Host (fdPHost) (Stopped)

wuauserv
Windows Update
"Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API."
Current Status: Stopped
Startup Type: Automatic
Error Control: Severe
Binary: C:\Windows\system32\svchost.exe -k netsvcs
Group: (none)
SafeBoot:
Dependencies:
->rpcss
Dependant Services:
(none)

BITS
Background Intelligent Transfer Service
"Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information."
Current Status: Stopped
Startup Type: Demand
Error Control: Critical
Binary: C:\Windows\System32\svchost.exe -k netsvcs
Group: (none)
SafeBoot:
Dependencies:
->RpcSs
->EventSystem
Dependant Services:
(none)

========== filefind ==========

Searching for "afd.*"
C:\FRST\Quarantine\AFD.SYS --a---- 22368 bytes [08:47 17/04/2012] [12:43 16/12/2012] 42B7E1AA0C7EC54652A50585793F1885
C:\Windows\System32\drivers\AFD.SYS --a---- 498688 bytes [08:47 17/04/2012] [03:59 28/12/2011] 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\System32\drivers\en-US\afd.sys.mui --a---- 14848 bytes [07:06 21/11/2010] [07:06 21/11/2010] E6A5E6AD9C6F4F30061068F321C0EC5A
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a7ddb2029817a18e\afd.sys.mui --a---- 14848 bytes [07:06 21/11/2010] [07:06 21/11/2010] E6A5E6AD9C6F4F30061068F321C0EC5A
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys --a---- 499712 bytes [03:24 21/11/2010] [03:24 21/11/2010] D31DC7A16DEA4A9BAF179F3D6FBDB38C
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys --a---- 499200 bytes [16:30 22/11/2011] [02:34 25/04/2011] D5B031C308A409A0A576BFF4CF083D30
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys --a---- 498688 bytes [08:47 17/04/2012] [03:59 28/12/2011] 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys --a---- 499200 bytes [16:30 22/11/2011] [03:09 25/04/2011] F4AD06143EAC303F55D0E86C40802976
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys --a---- 498176 bytes [08:47 17/04/2012] [04:01 28/12/2011] 36A14FD1A23F57046361733B792CA8DB

Searching for "http.*"
C:\Program Files (x86)\VideoLAN\VLC\lua\intf\http.luac --a---- 12708 bytes [18:11 17/02/2012] [18:11 17/02/2012] F6FE5573D974034268DDC423E0D77FDD
C:\Windows\System32\drivers\http.sys --a---- 753664 bytes [03:23 21/11/2010] [03:23 21/11/2010] 0EA7DE1ACB728DD5A369FD742D6EEE28
C:\Windows\System32\drivers\en-US\http.sys.mui --a---- 32256 bytes [07:06 21/11/2010] [07:06 21/11/2010] E7385B794486432C74CA8CBEAE1E957C
C:\Windows\winsxs\amd64_microsoft-windows-http.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6eea4a6ceff69d5a\http.sys.mui --a---- 32256 bytes [07:06 21/11/2010] [07:06 21/11/2010] E7385B794486432C74CA8CBEAE1E957C
C:\Windows\winsxs\amd64_microsoft-windows-http_31bf3856ad364e35_6.1.7601.17514_none_0ae701b82f7a7759\http.sys --a---- 753664 bytes [03:23 21/11/2010] [03:23 21/11/2010] 0EA7DE1ACB728DD5A369FD742D6EEE28
C:\Windows\winsxs\amd64_microsoft-windows-snmp-mib-files_31bf3856ad364e35_6.1.7600.16385_none_6b1c9d28fd950bf2\http.mib --a---- 21271 bytes [00:10 14/07/2009] [21:00 10/06/2009] 8FCC09B868D074AA553433554AA7FB56
C:\Windows\winsxs\x86_microsoft-windows-snmp-mib-files_31bf3856ad364e35_6.1.7600.16385_none_0efe01a545379abc\http.mib --a---- 21271 bytes [23:55 13/07/2009] [21:39 10/06/2009] 8FCC09B868D074AA553433554AA7FB56

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD]
"BootFlags"= 0x0000000001 (1)
"DisplayName"="@%systemroot%\system32\drivers\afd.sys,-1000"
"Group"="PNP_TDI"
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
"Description"="@%systemroot%\system32\drivers\afd.sys,-1000"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000001 (1)
"Type"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD\Enum]
"Count"= 0x0000000000 (0)
"NextInstance"= 0x0000000000 (0)
"INITSTARTFAILED"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD\Parameters]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTP]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP]
"DisplayName"="@%SystemRoot%\system32\drivers\http.sys,-1"
"ImagePath"="system32\drivers\HTTP.sys"
"Description"="@%SystemRoot%\system32\drivers\http.sys,-2"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000003 (3)
"Type"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters]
(No values found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo]
(No values found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]
"http://*:2869/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 1c 00 01 00 00 00 00 00 14 00 00 00 00 20 01 01 00 00 00 00 00 05 13 00 00 00 (REG_BINARY)
"http://+:80/Temporary_Listen_Addresses/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 1c 00 01 00 00 00 00 00 14 00 00 00 00 20 01 01 00 00 00 00 00 01 00 00 00 00 (REG_BINARY)
"http://*:5357/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 00 00 00 20 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 00 14 00 00 00 00 20 01 01 00 00 00 00 00 05 13 00 00 00 (REG_BINARY)
"https://*:5358/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 00 00 00 20 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 00 14 00 00 00 00 20 01 01 00 00 00 00 00 05 13 00 00 00 (REG_BINARY)
"http://+:47001/wsman/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 58 00 02 00 00 00 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 86 2a ee 21 d7 5b 09 b0 a4 5b 6c ad bb 83 93 4d ea 67 90 18 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 43 b4 fa f1 d3 d4 54 34 a8 d5 3e 4a 53 0a 6c 1f 3d ee 9b b2 (REG_BINARY)
"http://+:5985/wsman/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 58 00 02 00 00 00 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 86 2a ee 21 d7 5b 09 b0 a4 5b 6c ad bb 83 93 4d ea 67 90 18 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 43 b4 fa f1 d3 d4 54 34 a8 d5 3e 4a 53 0a 6c 1f 3d ee 9b b2 (REG_BINARY)
"https://+:5986/wsman/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 58 00 02 00 00 00 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 86 2a ee 21 d7 5b 09 b0 a4 5b 6c ad bb 83 93 4d ea 67 90 18 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 43 b4 fa f1 d3 d4 54 34 a8 d5 3e 4a 53 0a 6c 1f 3d ee 9b b2 (REG_BINARY)
"https://+:443/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 5c 00 03 00 00 00 00 00 28 00 00 00 00 10 01 06 00 00 00 00 00 05 50 00 00 00 7e a6 c8 cc 2a ae a7 2f c1 eb fb e1 ba e3 6b c0 da d0 2b af 00 00 18 00 00 00 00 80 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 00 00 00 10 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)
"http://+:10243/WMPNSSv4/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 01 00 00 00 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 39 0b 9a 8d 3e 6d c7 2d 58 a4 ad d2 48 66 ef 3b c8 b6 4a ab (REG_BINARY)
"https://+:10245/WMPNSSv4/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 01 00 00 00 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 39 0b 9a 8d 3e 6d c7 2d 58 a4 ad d2 48 66 ef 3b c8 b6 4a ab (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Security]
"Security"=01 00 14 80 a0 00 00 00 ac 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 ff 01 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 9d 00 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 9d 00 02 00 01 01 00 00 00 00 00 05 06 00 00 00 00 00 14 00 9d 00 02 00 01 01 00 00 00 00 00 05 03 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Enum]
"Count"= 0x0000000000 (0)
"NextInstance"= 0x0000000000 (0)
"INITSTARTFAILED"= 0x0000000001 (1)

-= EOF =-


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,
If you don't still have PsExec on your desktop please download it *Here*
Also download the attached file and unzip it to the infected computer at C:\.

*Import Registry File*

Go to Start > Run (alternatively use Windows key+R), type *cmd* and click *OK*
Enter the contents of the code box below into the command prompt

```
"%userprofile%\desktop\psexec.exe" -i -s "c:\windows\regedit.exe"
```

If a window pops up click *Agree*
In the menu at the top click *File* > *Import...* then navigate to the *LegacyKeys.reg* file.
Select it then click the *Open* button.
Restart the computer

*SystemLook*

Right-click *SystemLook.exe* and select *Run as administrator* to run it.
Copy and paste the *content* of the following codebox into the main textfield:

```
:service
Dhcp
afd
http
wuauserv
BITS

:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD /s
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTP /s
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP /s
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

*MiniToolBox*
Checkmark the following checkboxes:

List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Devices
Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

*Please reply with:*

SystemLook log
MiniToolBox log


----------



## Defragger (Dec 13, 2012)

Hi Gizzy, here are the requested log files, thanks for your dedication in helping me.

SystemLook

SystemLook 30.07.11 by jpshortstuff
Log created at 17:07 on 08/01/2013 by DeFragger
Administrator - Elevation successful

========== service ==========

Dhcp
DHCP Client
"Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start."
Current Status: Stopped
Startup Type: Automatic
Error Control: Severe
Binary: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Group: TDI
SafeBoot: Network Network(Group)
Dependencies:
->NSI
->Tdx
->Afd
Dependant Services:
->WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) (Stopped)

afd
Ancillary Function Driver for Winsock
"Ancillary Function Driver for Winsock"
Current Status: Stopped
Startup Type: System
Error Control: Normal
Binary: \SystemRoot\system32\drivers\afd.sys
Group: PNP_TDI
SafeBoot: Network Network(Group)
Dependencies:
(none)
Dependant Services:
->TCP/IP NetBIOS Helper (lmhosts) (Stopped)
->WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) (Stopped)
->DHCP Client (Dhcp) (Stopped)

http
HTTP
"This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start."
Current Status: Stopped
Startup Type: Demand
Error Control: Critical
Binary: system32\drivers\HTTP.sys
Group: (none)
SafeBoot:
Dependencies:
(none)
Dependant Services:
->Windows Media Player Network Sharing Service (WMPNetworkSvc) (Stopped)
->Windows Remote Management (WS-Management) (WinRM) (Stopped)
->Windows Event Collector (Wecsvc) (Stopped)
->UPnP Device Host (upnphost) (Stopped)
->Media Center Extender Service (Mcx2Svc) (Stopped)
->SSDP Discovery (SSDPSRV) (Stopped)
->Fax (Fax) (Stopped)
->Print Spooler (Spooler) (Stopped)
->Routing and Remote Access (RemoteAccess) (Stopped)
->HomeGroup Provider (HomeGroupProvider) (Stopped)
->Function Discovery Resource Publication (FDResPub) (Stopped)
->PnP-X IP Bus Enumerator (IPBusEnum) (Stopped)
->Function Discovery Provider Host (fdPHost) (Stopped)

wuauserv
Windows Update
"Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API."
Current Status: Stopped
Startup Type: Automatic
Error Control: Severe
Binary: C:\Windows\system32\svchost.exe -k netsvcs
Group: (none)
SafeBoot:
Dependencies:
->rpcss
Dependant Services:
(none)

BITS
Background Intelligent Transfer Service
"Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information."
Current Status: Stopped
Startup Type: Demand
Error Control: Critical
Binary: C:\Windows\System32\svchost.exe -k netsvcs
Group: (none)
SafeBoot:
Dependencies:
->RpcSs
->EventSystem
Dependant Services:
(none)

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD]
"NextInstance"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000]
"Service"="AFD"
"Legacy"= 0x0000000001 (1)
"ConfigFlags"= 0x0000000400 (1024)
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="@%systemroot%\system32\drivers\afd.sys,-1000"
"Capabilities"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AFD\0000\Control]
(No values found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD]
"BootFlags"= 0x0000000001 (1)
"DisplayName"="@%systemroot%\system32\drivers\afd.sys,-1000"
"Group"="PNP_TDI"
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
"Description"="@%systemroot%\system32\drivers\afd.sys,-1000"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000001 (1)
"Type"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD\Enum]
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)
"0"="Root\LEGACY_AFD\0000"
"INITSTARTFAILED"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD\Parameters]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTP]
"NextInstance"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTP\0000]
"Service"="HTTP"
"Legacy"= 0x0000000001 (1)
"ConfigFlags"= 0x0000000000 (0)
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="@%SystemRoot%\system32\drivers\http.sys,-1"
"Capabilities"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTP\0000\Control]
(No values found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP]
"DisplayName"="@%SystemRoot%\system32\drivers\http.sys,-1"
"ImagePath"="system32\drivers\HTTP.sys"
"Description"="@%SystemRoot%\system32\drivers\http.sys,-2"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000003 (3)
"Type"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters]
(No values found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo]
(No values found)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]
"http://*:2869/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 1c 00 01 00 00 00 00 00 14 00 00 00 00 20 01 01 00 00 00 00 00 05 13 00 00 00 (REG_BINARY)
"http://+:80/Temporary_Listen_Addresses/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 1c 00 01 00 00 00 00 00 14 00 00 00 00 20 01 01 00 00 00 00 00 01 00 00 00 00 (REG_BINARY)
"http://*:5357/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 00 00 00 20 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 00 14 00 00 00 00 20 01 01 00 00 00 00 00 05 13 00 00 00 (REG_BINARY)
"https://*:5358/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 00 00 00 20 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 00 14 00 00 00 00 20 01 01 00 00 00 00 00 05 13 00 00 00 (REG_BINARY)
"http://+:47001/wsman/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 58 00 02 00 00 00 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 86 2a ee 21 d7 5b 09 b0 a4 5b 6c ad bb 83 93 4d ea 67 90 18 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 43 b4 fa f1 d3 d4 54 34 a8 d5 3e 4a 53 0a 6c 1f 3d ee 9b b2 (REG_BINARY)
"http://+:5985/wsman/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 58 00 02 00 00 00 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 86 2a ee 21 d7 5b 09 b0 a4 5b 6c ad bb 83 93 4d ea 67 90 18 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 43 b4 fa f1 d3 d4 54 34 a8 d5 3e 4a 53 0a 6c 1f 3d ee 9b b2 (REG_BINARY)
"https://+:5986/wsman/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 58 00 02 00 00 00 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 86 2a ee 21 d7 5b 09 b0 a4 5b 6c ad bb 83 93 4d ea 67 90 18 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 43 b4 fa f1 d3 d4 54 34 a8 d5 3e 4a 53 0a 6c 1f 3d ee 9b b2 (REG_BINARY)
"https://+:443/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 5c 00 03 00 00 00 00 00 28 00 00 00 00 10 01 06 00 00 00 00 00 05 50 00 00 00 7e a6 c8 cc 2a ae a7 2f c1 eb fb e1 ba e3 6b c0 da d0 2b af 00 00 18 00 00 00 00 80 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 00 00 00 10 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)
"http://+:10243/WMPNSSv4/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 01 00 00 00 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 39 0b 9a 8d 3e 6d c7 2d 58 a4 ad d2 48 66 ef 3b c8 b6 4a ab (REG_BINARY)
"https://+:10245/WMPNSSv4/"=01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 01 00 00 00 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 39 0b 9a 8d 3e 6d c7 2d 58 a4 ad d2 48 66 ef 3b c8 b6 4a ab (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Security]
"Security"=01 00 14 80 a0 00 00 00 ac 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 ff 01 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 9d 00 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 9d 00 02 00 01 01 00 00 00 00 00 05 06 00 00 00 00 00 14 00 9d 00 02 00 01 01 00 00 00 00 00 05 03 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Enum]
"0"="Root\LEGACY_HTTP\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)
"INITSTARTFAILED"= 0x0000000001 (1)

-= EOF =-

MiniToolBox

MiniToolBox by Farbar Version: 25-11-2012
Ran by DeFragger (administrator) on 08-01-2013 at 17:09:36
Running from "C:\Users\DeFragger\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Kims_Beast
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : C8-60-00-6C-8C-0D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5cb3:1268:b504:22e9%11(Preferred) 
Autoconfiguration IPv4 Address. . : 169.254.34.233(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{F1B89120-180F-4C2A-A43A-1B5E91D75DC6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...c8 60 00 6c 8c 0d ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.34.233 276
169.254.34.233 255.255.255.255 On-link 169.254.34.233 276
169.254.255.255 255.255.255.255 On-link 169.254.34.233 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.34.233 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.34.233 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::5cb3:1268:b504:22e9/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/08/2013 05:08:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2013 05:06:45 PM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/08/2013 04:42:41 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (01/08/2013 04:32:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2013 04:30:29 PM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/08/2013 03:47:55 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (01/08/2013 03:37:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2013 03:35:51 AM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/07/2013 04:25:44 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (01/07/2013 04:15:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (01/08/2013 05:09:40 PM) (Source: Service Control Manager) (User: )
Description: The HTTP service failed to start due to the following error: 
%%22

Error: (01/08/2013 05:09:03 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147014846

Error: (01/08/2013 05:09:02 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error: 
%%22

Error: (01/08/2013 05:09:02 PM) (Source: Service Control Manager) (User: )
Description: The HTTP service failed to start due to the following error: 
%%22

Error: (01/08/2013 05:09:02 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069

Error: (01/08/2013 05:09:02 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/08/2013 05:07:00 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AFD

Error: (01/08/2013 05:06:52 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (01/08/2013 05:06:47 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (01/08/2013 05:06:47 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service terminated with the following error: 
%%13876

Microsoft Office Sessions:
=========================
Error: (01/08/2013 05:08:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2013 05:06:45 PM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/08/2013 04:42:41 PM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (01/08/2013 04:32:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2013 04:30:29 PM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/08/2013 03:47:55 AM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (01/08/2013 03:37:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2013 03:35:51 AM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/07/2013 04:25:44 PM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (01/07/2013 04:15:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2012-12-15 06:42:38.194
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-15 06:42:38.178
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

========================= Devices: ================================

Name: Ancillary Function Driver for Winsock
Description: Ancillary Function Driver for Winsock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AFD
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HTTP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

**** End of log ****


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,

*MiniToolBox*
Checkmark the following checkboxes:

List Restore Point
Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


----------



## Defragger (Dec 13, 2012)

Good Morning Gizzy, here the MiniToolBox log:

MiniToolBox by Farbar Version: 25-11-2012
Ran by DeFragger (administrator) on 10-01-2013 at 03:41:10
Running from "C:\Users\DeFragger\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Restore Points ==================================

06-12-2012 02:07:14 Windows Update
09-12-2012 15:19:44 Installed Java 7 Update 9
10-12-2012 22:19:07 Removed Translate Genius
11-12-2012 20:17:49 Removed WinZip 15.0
11-12-2012 20:19:20 Removed calibre
15-12-2012 11:39:30 ComboFix created restore point
15-12-2012 15:37:16 Windows Update
20-12-2012 03:05:04 Gizzy
24-12-2012 00:48:56 Gizzy2
03-01-2013 09:43:18 OTL Restore Point - 1/3/2013 4:43:16 AM

**** End of log ****


----------



## Gizzy (Aug 2, 2005)

Hi Dragger,
Please download the newest version of combofix using the link in the instructions below, Delete any old version and place it on the infected computer's desktop, run it, Then let me know if your internet still isn't working.

*Download and run Combofix*

Please download ComboFix from the link below:

*Link*


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.
If you need help to disable your protection programs see *here*.
Right-click on *ComboFix.exe* and select *Run as administrator* then follow the prompts.
When finished, it will produce a log for you. Please include the *C:\ComboFix.txt* in your next reply

If you need help, see this link:
*http://www.bleepingcomputer.com/combofix/how-to-use-combofix*

*Farbar Service Scanner*

Right-click FSS.exe and select *Run as administrator* to start the program
Make sure the following options are checked:
*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center*
*Windows Update*
*Windows Defender*

Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

*Please reply with:*

Combofix log
Farbar Service Scanner log


----------



## Defragger (Dec 13, 2012)

A very Good Morning to you Gizzy! After running ComboFix and FSS and then rebooting I was pleasently surprised to see I had an internet connection once again! And here are the log files:

ComboFix

ComboFix 13-01-11.01 - DeFragger 01/11/2013 7:58.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.6769 [GMT -5:00]
Running from: c:\users\DeFragger\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-12-11 to 2013-01-11 )))))))))))))))))))))))))))))))
.
.
2013-01-11 13:00 . 2013-01-11 13:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-11 13:00 . 2013-01-11 13:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-03 09:43 . 2013-01-03 09:43 -------- d-----w- C:\_OTL
2012-12-31 12:47 . 2013-01-08 21:52 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-12-15 11:54 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-15 00:14 . 2012-12-15 00:14 -------- d-----w- C:\FRST
2012-12-13 22:17 . 2012-12-13 22:17 -------- d-----w- c:\users\DeFragger\AppData\Roaming\ParetoLogic
2012-12-13 22:17 . 2012-12-13 22:20 -------- d-----w- c:\programdata\ParetoLogic
2012-12-13 20:51 . 2013-01-01 11:58 -------- d-----w- c:\users\DeFragger\AppData\Local\ElevatedDiagnostics
2012-12-13 01:31 . 2012-12-13 01:31 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 15:38 . 2012-04-18 10:02 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-09 15:52 . 2012-12-09 15:52 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-12-09 15:19 . 2012-12-09 15:20 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-09 15:19 . 2012-12-09 15:20 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-09 15:19 . 2012-12-09 15:19 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-22 12:48 . 2012-04-16 08:17 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-22 12:48 . 2012-04-16 08:17 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-08 11:06 . 2012-09-26 19:31 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-10-30 00:45 . 2012-10-30 00:45 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 09:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 09:40 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 09:40 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-08 11:06 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-11-06 15:07 220160 ----a-w- c:\program files (x86)\Mega Codec Pack\Filters\Haali\mmdinfo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-08 997320]
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-26 856160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]
R3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [2013-01-08 181064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-17 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-08 30568]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [2012-04-16 947328]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-08 711112]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636&q=
FF - user.js: extensions.funmoods.id - C860006C8C0D8BCB
FF - user.js: extensions.funmoods.instlDay - 15593
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.221:14
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: security.csp.enable - false
FF - user.js: extensions.autoDisableScopes - 14//Playbryte-fa-ptn
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e2,7b,5c,c5,b0,8f,35,9c,d2,1d,b6,86,e5,10,4b,c1,75,0d,5c,0a,36,8c,64,
f1,30,d4,03,5e,f8,d9,1b,9e,e2,ef,25,5d,10,c2,79,09,f2,13,19,c4,d5,97,b5,0b,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\SecuROM\License information*]
"datasecu"=hex:b1,b0,5a,20,80,a2,91,da,a6,05,8b,36,7a,9b,bb,d8,b3,b3,19,08,ac,
4b,36,74,87,f1,6c,00,3a,79,5c,4a,49,51,d5,62,79,fd,db,96,f6,9b,fc,c7,6a,e8,\
"rkeysecu"=hex:56,c6,0d,e0,20,27,f2,5f,5e,7a,0c,15,6c,01,a7,f3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
Completion time: 2013-01-11 08:01:38
ComboFix-quarantined-files.txt 2013-01-11 13:01
.
Pre-Run: 895,192,645,632 bytes free
Post-Run: 894,760,763,392 bytes free
.
- - End Of File - - C2D1625DA72418772EF9B1FCAA2B45F4

FSS

Farbar Service Scanner Version: 10-12-2012
Ran by DeFragger (administrator) on 11-01-2013 at 08:09:27
Running from "C:\Users\DeFragger\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. 
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Disabled Policy: 
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,


> After running ComboFix and FSS and then rebooting I was pleasently surprised to see I had an internet connection once again!


That's very good to hear! :up: Is it still working?
Please continue with the instructions below.

*Upload File(s) for Scanning*
Please go to *VirusTotal* or *Jotti* to upload a file for scanning.


Click *Choose File* (For VirusTotal) or *Browse...* (For Jotti)
Copy and paste the below file and path into the *File name:* box.


> c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll



Click *Open*
Click on *Scan it!* (For VirusTotal) or *Submit file* (For Jotti)
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address:








*Junkware Removal Tool*
Please download *Junkware Removal Tool* and save it to your *desktop*.

Shut down your protection software as shown in *This topic* now to avoid potential conflicts.
Run the tool by right-clicking it and select *Run as administrator*.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (*JRT.txt*) is saved to your desktop and will automatically open.
Please post the contents of *JRT.txt* into your next reply.

*MiniToolBox*
If it's not still on the computer re-download it from the link below,
MiniToolBox, save it to your desktop and run it. (Right-click and *Run as administrator*)

Checkmark the following checkboxes:

List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Devices
Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

*Please reply with:*

Virustotal/Jotti results
Junkware Removal Tool log
MiniToolBox log


----------



## Defragger (Dec 13, 2012)

Good Morning Gizzy, yes, I still have an internet connection with the infected machine. Here are the log files:

VirusTotal:

https://www.virustotal.com/file/729...f16052a6a60d2f95147b7fa3/analysis/1358076858/

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Windows 7 Home Premium x64
Ran by DeFragger on Sun 01/13/2013 at 6:51:11.70
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233} 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-175869551-1456407368-2275875465-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_current_user\software\default tab
Successfully deleted: [Registry Key] hkey_local_machine\software\default tab
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d824f0de-3d60-4f57-9eb1-66033ecd8abb}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\Users\DeFragger\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\DeFragger\AppData\Roaming\speedypc software"
Successfully deleted: [Folder] "C:\Users\DeFragger\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Program Files (x86)\bucksbee loyalty plugin - 100815"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ FireFox

Successfully deleted: [File] C:\Users\DeFragger\AppData\Roaming\mozilla\firefox\profiles\g4gh3r7z.default\user.js
Successfully deleted: [File] C:\Users\DeFragger\AppData\Roaming\mozilla\firefox\profiles\g4gh3r7z.default\invalidprefs.js
Successfully deleted the following from C:\Users\DeFragger\AppData\Roaming\mozilla\firefox\profiles\g4gh3r7z.default\prefs.js

user_pref("extensions.crossrider.bic", "13b8079c608b4524906e2eed781b0237");
user_pref("extensions.crossriderapp3491.3491.InstallationTime", 1355070162);
user_pref("extensions.crossriderapp3491.3491.active", true);
user_pref("extensions.crossriderapp3491.3491.addressbar", "");
user_pref("extensions.crossriderapp3491.3491.addressbarenhanced", "");
user_pref("extensions.crossriderapp3491.3491.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit()
user_pref("extensions.crossriderapp3491.3491.backgroundver", 12);
user_pref("extensions.crossriderapp3491.3491.can_run_bg_code", true);
user_pref("extensions.crossriderapp3491.3491.certdomaininstaller", "");
user_pref("extensions.crossriderapp3491.3491.changeprevious", false);
user_pref("extensions.crossriderapp3491.3491.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp3491.3491.cookie.InstallationTime.value", "1355070162");
user_pref("extensions.crossriderapp3491.3491.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp3491.3491.cookie._GPL_aoi.value", "1355070162");
user_pref("extensions.crossriderapp3491.3491.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp3491.3491.cookie._GPL_crr.value", "1357007232");
user_pref("extensions.crossriderapp3491.3491.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp3491.3491.cookie._GPL_hotfix20111102645.value", "%221%22");
user_pref("extensions.crossriderapp3491.3491.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp3491.3491.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
user_pref("extensions.crossriderapp3491.3491.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp3491.3491.cookie._GPL_parent_zoneid.value", "%2214019%22");
user_pref("extensions.crossriderapp3491.3491.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp3491.3491.cookie._GPL_pc_20120828.value", "1355070216248");
user_pref("extensions.crossriderapp3491.3491.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp3491.3491.cookie._GPL_product_id.value", "%221140%22");
user_pref("extensions.crossriderapp3491.3491.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp3491.3491.cookie._GPL_zoneid.value", "%22117314%22");
user_pref("extensions.crossriderapp3491.3491.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp3491.3491.cookie.dbtest.value", "1355070163759");
user_pref("extensions.crossriderapp3491.3491.description", "Vid-Saver allows you to download your favorite streaming videos!");
user_pref("extensions.crossriderapp3491.3491.domain", "");
user_pref("extensions.crossriderapp3491.3491.enablesearch", false);
user_pref("extensions.crossriderapp3491.3491.fbremoteurl", "");
user_pref("extensions.crossriderapp3491.3491.group", 0);
user_pref("extensions.crossriderapp3491.3491.homepage", "");
user_pref("extensions.crossriderapp3491.3491.iframe", false);
user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_appVer.value", "60");
user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_lastVersion.value", "0");
user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.crossriderapp3491.3491.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1140,baseCDN:\"
user_pref("extensions.crossriderapp3491.3491.manifesturl", "");
user_pref("extensions.crossriderapp3491.3491.name", "Vid-Saver");
user_pref("extensions.crossriderapp3491.3491.newtab", "");
user_pref("extensions.crossriderapp3491.3491.opensearch", "");
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw n
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.ver", 7);
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.name", "GPL Background (BG)");
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.ver", 4);
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelectio
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.ver", 2);
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.ver", 2);
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*9999999999999
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.name", "FacebookFFIE");
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.ver", 1);
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=true)&&(typeof _firefoxVersion!==\"undefined\"&&_
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.name", "FFAppAPIWrapper");
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.ver", 4);
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * http://jquery.com/\n *\
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.name", "jQuery");
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.ver", 3);
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(fu
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.name", "resources_background");
user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.ver", 1);
user_pref("extensions.crossriderapp3491.3491.plugins_lists.plugins_0", "17,14,16,47,1000015");
user_pref("extensions.crossriderapp3491.3491.plugins_lists.plugins_1", "17,14,13,16,15,1000014");
user_pref("extensions.crossriderapp3491.3491.pluginsurl", "http://app-static.crossrider.com/plugin/apps/3491/plugins/086/ff/plugins.json");
user_pref("extensions.crossriderapp3491.3491.pluginsversion", 17);
user_pref("extensions.crossriderapp3491.3491.publisher", "215 Apps");
user_pref("extensions.crossriderapp3491.3491.searchstatus", 0);
user_pref("extensions.crossriderapp3491.3491.setnewtab", false);
user_pref("extensions.crossriderapp3491.3491.settingsurl", "");
user_pref("extensions.crossriderapp3491.3491.thankyou", "http://vid-saver.com/thankyou.html");
user_pref("extensions.crossriderapp3491.3491.updateinterval", 360);
user_pref("extensions.crossriderapp3491.3491.ver", 60);
user_pref("extensions.crossriderapp3491.apps", "3491");
user_pref("extensions.crossriderapp3491.bic", "13b8079c608b4524906e2eed781b0237");
user_pref("extensions.crossriderapp3491.cid", 3491);
user_pref("extensions.crossriderapp3491.firstrun", false);
user_pref("extensions.crossriderapp3491.hadappinstalled", true);
user_pref("extensions.crossriderapp3491.installationdate", 1355070162);
user_pref("extensions.crossriderapp3491.lastcheck", 22616787);
user_pref("extensions.crossriderapp3491.lastcheckitem", 22616787);
user_pref("extensions.crossriderapp3491.modetype", "production");
user_pref("extensions.crossriderapp3491.reportInstall", true);
user_pref("extensions.crossriderapp3491.updating", true);
user_pref("extensions.funmoods.aflt", "axl");
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.dfltSrch", false);
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.hmpg", false);
user_pref("extensions.funmoods.hmpgUrl", "http://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtF
user_pref("extensions.funmoods.id", "C860006C8C0D8BCB");
user_pref("extensions.funmoods.instlDay", "15593");
user_pref("extensions.funmoods.instlRef", "axl");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
user_pref("extensions.funmoods.newTabUrl", "http://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtC
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.tlbrSrchUrl", "http://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtF
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.newTab", false);
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.221:14:34");
Emptied folder: C:\Users\DeFragger\AppData\Roaming\mozilla\firefox\profiles\g4gh3r7z.default\minidumps [94 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/13/2013 at 6:54:48.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MiniToolBox:

MiniToolBox by Farbar Version: 25-11-2012
Ran by DeFragger (administrator) on 13-01-2013 at 06:58:00
Running from "C:\Users\DeFragger\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Kims_Beast
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : C8-60-00-6C-8C-0D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5cb3:1268:b504:22e9%11(Preferred) 
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, January 13, 2013 6:23:31 AM
Lease Expires . . . . . . . . . . : Monday, January 14, 2013 6:23:58 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 248012800
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-37-03-57-C8-60-00-6C-8C-0D
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{F1B89120-180F-4C2A-A43A-1B5E91D75DC6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:182c:18c9:3f57:fefc(Preferred) 
Link-local IPv6 Address . . . . . : fe80::182c:18c9:3f57:fefc%12(Preferred) 
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4004:801::1007
74.125.228.73
74.125.228.78
74.125.228.64
74.125.228.65
74.125.228.66
74.125.228.67
74.125.228.68
74.125.228.69
74.125.228.70
74.125.228.71
74.125.228.72

Pinging google.com [74.125.228.4] with 32 bytes of data:
Reply from 74.125.228.4: bytes=32 time=35ms TTL=51
Reply from 74.125.228.4: bytes=32 time=35ms TTL=51

Ping statistics for 74.125.228.4:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 35ms, Maximum = 35ms, Average = 35ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=222ms TTL=47
Reply from 98.139.183.24: bytes=32 time=232ms TTL=47

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 222ms, Maximum = 232ms, Average = 227ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...c8 60 00 6c 8c 0d ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 276
192.168.1.3 255.255.255.255 On-link 192.168.1.3 276
192.168.1.255 255.255.255.255 On-link 192.168.1.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:9d38:953c:182c:18c9:3f57:fefc/128
On-link
11 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::182c:18c9:3f57:fefc/128
On-link
11 276 fe80::5cb3:1268:b504:22e9/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2012-12-15 06:42:38.194
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-15 06:42:38.178
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

========================= Devices: ================================

**** End of log ****


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,
I see you have Malwarebytes' Anti-Malware installed, Please run a scan using the instructions below and post the log,
We also never got a complete scan with aswMBR because of the issues with the internet connection please re-download it and run a new scan using the instructions below.

*Malwarebytes Anti-Malware* 

Launch *Malwarebytes Anti-Malware*. (Right-click and select *Run as administrator*)
Click the *Update* tab.
Click *Check for Updates* and wait for it to finish updating.
Click the *Scanner* tab, Select *Perform quick scan*, Then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Check all items, then click on *Remove Selected*.
When completed, a log will open in Notepad. Please post that log in your next reply.
The log is automatically saved and can be viewed by clicking the *Logs* tab in Malwarebytes' Anti-Malware. It can also be found here: 

C:\Users\Username\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*mbam-log-date (time).txt*
*Note:* If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

*aswMBR*
Please download *aswMBR* and save it to your Desktop.

Right-click *aswMBR.exe* & choose *Run as Administrator* to run it.
Click *Yes* to the prompt to download *Avast! virus definitions*.
(Please be patient whilst the virus definitions download)
With the *AV scan* set to *Quick Scan*, click the *Scan* button.
(Please be patient whilst your computer is scanned.)
After a while when the scan reports *"Scan finished successfully"*, click *Save log* & save the log to your *desktop*.
Click *OK* > *Exit.*
*Note:* Do not attempt to fix anything at this stage!
Two files will be created,* aswMBR.txt* & a file named* MBR.dat*.
*MBR.dat* is a backup of the MBR(master boot record), do not delete it.
Copy & Paste the contents of *aswMBR.txt* into your next reply.

*AdwCleaner*
Download AdwCleaner from *Here* & save it to your *desktop*.

Right-click *AdwCleaner.exe* and select *Run as administrator* to run it.
Click *Search*.
A log will automatically open after the scan has finished.
*Close* the adwCleaner window, click *OK* to the prompt.
Post the contents of that log in your next reply.
*Note:* You can also find the log at *C:\AdwCleaner[R1].txt.*

*Please reply with:*

Malwarebytes' Anti-Malware log
aswMBR log
AdwCleaner log


----------



## Defragger (Dec 13, 2012)

Good afternoon Gizzy, here are the 3 logs as requested:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.14.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
DeFragger :: KIMS_BEAST [administrator]

1/14/2013 4:29:49 PM
mbam-log-2013-01-14 (16-29-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231867
Time elapsed: 1 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-14 16:37:01
-----------------------------
16:37:01.366 OS Version: Windows x64 6.1.7601 Service Pack 1
16:37:01.366 Number of processors: 4 586 0x2A07
16:37:01.366 ComputerName: KIMS_BEAST UserName: DeFragger
16:37:02.225 Initialize success
16:38:07.631 AVAST engine defs: 13011402
16:38:46.131 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:38:46.131 Disk 0 Vendor: ST1000DM CC4C Size: 953869MB BusType: 3
16:38:46.147 Disk 0 MBR read successfully
16:38:46.147 Disk 0 MBR scan
16:38:46.147 Disk 0 Windows 7 default MBR code
16:38:46.147 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 63
16:38:46.163 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953766 MB offset 211680
16:38:46.178 Disk 0 scanning C:\Windows\system32\drivers
16:38:51.975 Service scanning
16:39:02.756 Modules scanning
16:39:02.756 Disk 0 trace - called modules:
16:39:02.756 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
16:39:02.772 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009a2c060]
16:39:02.772 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007186050]
16:39:04.038 AVAST engine scan C:\Windows
16:39:06.413 AVAST engine scan C:\Windows\system32
16:40:58.647 AVAST engine scan C:\Windows\system32\drivers
16:41:06.881 AVAST engine scan C:\Users\DeFragger
16:42:17.116 AVAST engine scan C:\ProgramData
16:43:05.741 Scan finished successfully
16:43:34.334 Disk 0 MBR has been saved successfully to "C:\Users\DeFragger\Desktop\MBR.dat"
16:43:34.334 The log file has been saved successfully to "C:\Users\DeFragger\Desktop\aswMBR.txt"

# AdwCleaner v2.105 - Logfile created 01/14/2013 at 16:45:00
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : DeFragger - KIMS_BEAST
# Boot Mode : Normal
# Running from : C:\Users\DeFragger\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Program Files (x86)\1ClickDownload
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Users\DeFragger\AppData\Local\AVG Secure Search
Folder Found : C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Folder Found : C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Found : C:\Users\DeFragger\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055345591}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("extensions.crossriderapp3491.3491.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Found : user_pref("extensions.crossriderapp3491.3491.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8228 octets] - [14/01/2013 16:45:00]

########## EOF - C:\AdwCleaner[R1].txt - [8288 octets] ##########


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,

*AdwCleaner - Delete*

Close all open programs and internet browsers.
Right-click *AdwCleaner.exe* and select *Run as administrator* to run it.
Click *Delete*.
Click *OK* to the prompts.
Your computer will be rebooted automatically. A log will open after the restart.
Post the contents of the log in your next reply.
You can also find the log at *C:\AdwCleaner[S1].txt*.

*Update Adobe Reader*
Your version of *Adobe Reader* is out of date,
Older versions have vulnerabilities that can be used to infect your system, It is strongly suggested that you update to the current version. *Adobe Reader XI (11.0.01)*
You can download it from: *http://get.adobe.com/reader/*

Install it, then go to *Programs and Features* and remove *all older versions* that may remain.

*Update Java*
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason it's extremely important that you keep the program up to date and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: *Java Runtime Environment Version 7 Update 11*.


Go *Here*
Click the *Windows Offline* link to download it, Save this to a convenient location.
Go to *Start* > *Control Panel* > *Programs and Features*
Uninstall *all* old versions of *Java* (Java 7 Update 9)
Reboot your computer
Delete the folder C:\Program Files\*Java* if present
Install the new version by right-clicking the downloaded file *jre-7u11-windows-i586-s.exe* and select *Run as administrator* then follow the on-screen instructions.
Reboot your computer

*Please reply with:*

AdwCleaner log


----------



## Defragger (Dec 13, 2012)

Hi Gizzy, here is the AdwCleaner log:

# AdwCleaner v2.105 - Logfile created 01/15/2013 at 16:30:16
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : DeFragger - KIMS_BEAST
# Boot Mode : Normal
# Running from : C:\Users\DeFragger\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\DeFragger\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Folder Deleted : C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : C:\Users\DeFragger\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055345591}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.crossriderapp3491.3491.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8397 octets] - [15/01/2013 16:30:17]

########## EOF - C:\AdwCleaner[S1].txt - [8457 octets] ##########


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,
How is your computer running?

*TFC (Temp File Cleaner)*

Please download *TFC* from *here* and save it to your desktop.
Right-click *TFC.exe* and select *Run as administrator* to run the program.
Click the *Start* button in the bottom left of *TFC*
If prompted, click *Yes* to reboot.

*Note:* _Save your work._ TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

*ESET Online Scanner*
*Note:* You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read *here*.

You will need to to right-click on either the Internet Explorer or Firefox icon in the Start Menu or Quick Launch Bar on the Taskbar and select *Run as administrator* from the context menu.


Please go *here* then click on: *Run ESET Online Scanner*


> *Note:* If using Mozilla Firefox you will need to download *esetsmartinstaller_enu.exe* when prompted then double click on it to install.
> _All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox._



Select the option *YES, I accept the Terms of Use* then click on: *Start*
When prompted allow the *Add-On/Active X* to install.
Make sure that the option *Remove found threats* is *NOT* checked, and the option *Scan archives* is checked.
Now click on Advanced Settings and select the following:
*Scan for potentially unwanted applications*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*

Now click on: *Start*
The *virus signature database...* will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the *Online Scan* will begin automatically, *Do not* touch either the Mouse or keyboard during the scan otherwise it may stall. 
When completed make sure you first copy the logfile located at *C:\Program Files\ESET\EsetOnlineScanner\log.txt*
Copy and paste that log as a reply to this topic.
Now click on: *Finish* (Selecting *Uninstall application on close* if you so wish)

*Note:* Do not forget to re-enable your Anti-Virus application after running the above scan!

*Please reply with:*

Update on computer's performance
Eset log


----------



## Defragger (Dec 13, 2012)

Hi Gizzy, so far the puter seems to be running good, tho the virus definition donwload for Eset took a long time but that could be just the web site, which is not unusual. And here is the Eset log, thanks so much, Kim:

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=6eb7092ce6b0894ca6331b6c7451abc8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-16 10:32:30
# local_time=2013-01-16 05:32:30 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 67134339 109919000 0 0
# scanned=106527
# found=4
# cleaned=0
# scan_time=1812
C:\FRST\Quarantine\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\U\[email protected] Win64/Agent.BA trojan 1BE8D19F044D98320BBB7A0942924735233BCD26 I
C:\FRST\Quarantine\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\U\[email protected] Win64/Conedex.B trojan 810E28D4E7B28D658DC48A82F0C65B46149AAE89 I
C:\FRST\Quarantine\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\U\[email protected] a variant of Win64/Sirefef.AN trojan 1CF7855A62D896230C07AAE9D8319FA548BD16BA I
C:\Users\DeFragger\Downloads\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application FEB447CE5314AC81BC441F8240977E2EE0065BDB I


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,

*Re-Enable UAC*

Click the *Start* button and type *UAC*
Click *Change User Account Control settings*
In the window that opens, Drag the slider up to the position shown in the image and click *OK*








Allow any prompts
Restart your computer

*Run OTL*
If not still on your computer then download from *Here*

Right-click on *OTL.exe* and select *Run as administrator* to run it. Make sure all other windows are closed and let it run uninterrupted.
Check the box beside *Scan All Users*
Ensure *Use SafeList* is selected under Extra Registry
Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy (*Edit* > *Select All* -- *Edit* > *Copy*) the contents of these files, one at a time, and post them with your next reply.

*Please reply with:*

OTL logs


----------



## Defragger (Dec 13, 2012)

Good afternoon Gizzy, here are the OTL logs:

OTL logfile created on: 1/17/2013 4:53:30 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DeFragger\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.49 Gb Available Physical Memory | 81.27% Memory free
15.96 Gb Paging File | 14.50 Gb Available in Paging File | 90.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 828.70 Gb Free Space | 88.97% Space Free | Partition Type: NTFS
Drive D: | 607.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KIMS_BEAST | User Name: DeFragger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/02 04:41:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DeFragger\Desktop\OTL.exe
PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/11/09 10:04:48 | 002,796,576 | ---- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
PRC - [2012/11/09 10:04:48 | 001,200,160 | ---- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/28 06:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/04/16 09:08:07 | 000,947,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe
PRC - [2011/12/16 13:02:56 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/04/30 02:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/13 16:07:46 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6fd278018f0cf369362fc810f8aefcb5\IAStorCommon.ni.dll
MOD - [2013/01/13 16:07:45 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4cae4b1b6c8423f80d1f86eae7fd8203\IAStorUtil.ni.dll
MOD - [2013/01/12 10:39:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/12 10:39:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/12 10:38:59 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/12 10:38:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/12 10:38:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/12 10:38:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/12 10:38:44 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/12 10:38:41 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2011/12/08 18:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:*64bit:* - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/12 06:18:34 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 16:52:21 | 000,181,064 | ---- | M] (Sysinternals) [On_Demand | Stopped] -- C:\Windows\PSEXESVC.EXE -- (PSEXESVC)
SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/09 10:04:48 | 001,200,160 | ---- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe -- (Fitbit Connect)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/08 06:11:37 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/28 06:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/04/16 09:08:07 | 000,947,328 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe -- (asHmComSvc)
SRV - [2011/12/16 13:02:56 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2012/11/08 06:06:06 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:*64bit:* - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:*64bit:* - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:*64bit:* - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:*64bit:* - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:*64bit:* - [2011/11/10 03:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:*64bit:* - [2011/11/03 13:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:*64bit:* - [2011/11/03 13:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:*64bit:* - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:*64bit:* - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:*64bit:* - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:*64bit:* - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:*64bit:* - [2011/09/29 04:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2011/04/26 13:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2010/12/24 10:43:40 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:*64bit:* - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,defaultscope =

IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
IE - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\..\SearchScopes,DefaultScope = {314DD054-C820-4497-8691-F997B4F7B890}
IE - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\..\SearchScopes\{314DD054-C820-4497-8691-F997B4F7B890}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/12 06:18:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/15 16:47:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/17 06:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/09/23 08:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DeFragger\AppData\Roaming\Mozilla\Extensions
[2012/09/23 08:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DeFragger\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/12/12 18:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions
[2013/01/12 06:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/12 06:18:34 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/10/12 18:10:34 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/12 18:10:34 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - Extension: YouTube = C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AVG Secure Search = C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: AVG Secure Search = C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
CHR - Extension: Gmail = C:\Users\DeFragger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/16 06:57:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:*64bit:* - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-175869551-1456407368-2275875465-1001..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-175869551-1456407368-2275875465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1B89120-180F-4C2A-A43A-1B5E91D75DC6}: DhcpNameServer = 192.168.1.1
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000/09/20 19:55:56 | 000,827,392 | R--- | M] () - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2000/09/24 18:34:44 | 000,000,135 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/16 16:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/01/16 16:19:45 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\DeFragger\Desktop\TFC.exe
[2013/01/15 16:49:25 | 000,960,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013/01/15 16:49:24 | 001,081,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013/01/15 16:49:24 | 000,308,640 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/01/15 16:49:21 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/01/15 16:49:19 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/01/15 16:49:19 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/01/15 16:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/01/15 16:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/01/15 16:48:47 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/01/15 16:48:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/01/15 16:48:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/01/15 16:48:42 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/01/15 16:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/01/15 16:47:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/01/15 16:47:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/01/15 03:37:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/14 23:50:50 | 000,000,000 | ---D | C] -- C:\Users\DeFragger\Documents\My Safes
[2013/01/14 23:50:40 | 000,000,000 | ---D | C] -- C:\Users\DeFragger\AppData\Local\PasswordSafe
[2013/01/14 23:50:29 | 000,000,000 | ---D | C] -- C:\Users\DeFragger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe
[2013/01/14 23:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Password Safe
[2013/01/14 23:43:29 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/01/14 22:58:06 | 000,000,000 | ---D | C] -- C:\Users\DeFragger\AppData\Local\{7E885885-5EB0-463F-87ED-A5F287BDD027}
[2013/01/14 16:35:59 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\DeFragger\Desktop\aswMBR.exe
[2013/01/14 16:28:13 | 000,000,000 | ---D | C] -- C:\Users\DeFragger\AppData\Local\Programs
[2013/01/14 16:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/14 16:27:45 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/14 16:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/13 06:51:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/13 06:50:58 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/13 06:49:08 | 000,499,023 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\DeFragger\Desktop\JRT.exe
[2013/01/12 06:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/12 06:02:15 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/01/12 06:02:15 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/01/12 06:02:15 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/01/12 06:02:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/01/11 09:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
[2013/01/11 09:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\FitbitConnect
[2013/01/11 09:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fitbit Connect
[2013/01/11 09:05:17 | 001,824,312 | ---- | C] (Fitbit Inc.) -- C:\Users\DeFragger\Desktop\FitbitConnect_Win_20121109_1.0.0.2292.exe
[2013/01/11 08:50:00 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/11 08:50:00 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/11 08:49:55 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/11 08:49:54 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/11 08:49:50 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/11 08:49:50 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/11 08:49:50 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/11 08:49:50 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/11 08:49:50 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/11 08:49:50 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/11 08:49:50 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/11 08:49:50 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/11 08:49:50 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/11 08:49:50 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/11 08:49:50 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/11 08:49:50 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/11 08:49:50 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/11 08:49:50 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/11 08:49:50 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/11 08:49:50 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/11 08:49:50 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/11 08:49:50 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/11 08:49:50 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/11 08:49:50 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/11 08:49:50 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/11 08:49:50 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/11 08:49:50 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/11 08:49:50 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/11 08:49:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/11 08:49:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/11 08:49:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/11 08:49:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/11 08:49:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/11 08:49:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/11 08:49:50 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/11 08:49:50 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/11 08:49:39 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/11 08:49:39 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/11 08:49:39 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/11 08:49:39 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/11 08:49:39 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/11 08:49:39 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/11 08:49:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/11 08:49:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/11 08:49:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/11 08:49:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/11 08:49:39 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/11 08:49:39 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/11 08:49:39 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/11 08:49:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/11 08:49:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/11 08:49:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/11 08:49:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/11 08:49:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/11 08:49:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/11 08:49:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/11 08:49:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/11 08:49:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/11 08:49:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/11 08:49:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/11 08:49:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/11 08:49:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/11 08:49:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/11 08:49:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/11 08:49:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/11 08:49:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/11 08:49:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/11 08:49:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/11 08:49:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/11 08:49:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/11 08:49:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/11 08:49:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/11 08:49:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/11 08:49:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/11 08:49:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/11 08:49:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/11 08:49:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/11 08:49:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/11 08:49:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/11 08:49:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/11 08:49:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/11 08:49:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/11 08:49:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/11 08:49:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/11 08:49:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/11 08:49:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/11 08:49:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/11 08:49:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/11 08:49:31 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/01/11 08:40:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/11 08:01:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/11 07:56:40 | 005,020,603 | R--- | C] (Swearware) -- C:\Users\DeFragger\Desktop\ComboFix.exe
[2013/01/07 16:12:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2013/01/03 04:43:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/02 04:41:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DeFragger\Desktop\OTL.exe
[2013/01/02 04:40:55 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\DeFragger\Desktop\tdsskiller.exe
[2012/12/31 07:47:45 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/12/24 20:02:49 | 000,381,816 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\DeFragger\Desktop\psexec.exe
[2012/12/18 17:35:38 | 000,697,869 | ---- | C] (Farbar) -- C:\Users\DeFragger\Desktop\FSS.exe

========== Files - Modified Within 30 Days ==========

[2013/01/17 16:53:00 | 000,727,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/17 16:53:00 | 000,624,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/17 16:53:00 | 000,106,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/17 16:47:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/17 16:47:05 | 2132,709,375 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/17 16:46:22 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 16:46:22 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/16 16:19:45 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\DeFragger\Desktop\TFC.exe
[2013/01/15 16:49:17 | 001,081,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013/01/15 16:49:17 | 000,960,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013/01/15 16:49:17 | 000,308,640 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/01/15 16:49:17 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/01/15 16:49:17 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/01/15 16:49:17 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/01/15 16:48:39 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/01/15 16:48:38 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/01/15 16:48:38 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/01/15 16:48:38 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/01/15 16:48:38 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/01/15 16:48:38 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/01/14 23:50:29 | 000,001,037 | ---- | M] () -- C:\Users\DeFragger\Desktop\Password Safe.lnk
[2013/01/14 16:44:22 | 000,554,087 | ---- | M] () -- C:\Users\DeFragger\Desktop\adwcleaner.exe
[2013/01/14 16:43:34 | 000,000,512 | ---- | M] () -- C:\Users\DeFragger\Desktop\MBR.dat
[2013/01/14 16:36:50 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\DeFragger\Desktop\aswMBR.exe
[2013/01/14 16:28:24 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/13 06:49:08 | 000,499,023 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\DeFragger\Desktop\JRT.exe
[2013/01/12 10:35:34 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/11 09:05:17 | 001,824,312 | ---- | M] (Fitbit Inc.) -- C:\Users\DeFragger\Desktop\FitbitConnect_Win_20121109_1.0.0.2292.exe
[2013/01/11 07:56:34 | 005,020,603 | R--- | M] (Swearware) -- C:\Users\DeFragger\Desktop\ComboFix.exe
[2013/01/08 16:52:21 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/01/07 16:10:28 | 004,009,167 | ---- | M] () -- C:\Users\DeFragger\Desktop\ServicesRepair.exe
[2013/01/04 04:43:38 | 000,165,376 | ---- | M] () -- C:\Users\DeFragger\Desktop\SystemLook_x64.exe
[2013/01/02 04:41:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DeFragger\Desktop\OTL.exe
[2013/01/02 04:40:48 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\DeFragger\Desktop\tdsskiller.exe
[2012/12/24 20:02:24 | 000,381,816 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\DeFragger\Desktop\psexec.exe

========== Files Created - No Company Name ==========

[2013/01/15 16:47:08 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/14 23:50:29 | 000,001,037 | ---- | C] () -- C:\Users\DeFragger\Desktop\Password Safe.lnk
[2013/01/14 16:44:22 | 000,554,087 | ---- | C] () -- C:\Users\DeFragger\Desktop\adwcleaner.exe
[2013/01/14 16:43:34 | 000,000,512 | ---- | C] () -- C:\Users\DeFragger\Desktop\MBR.dat
[2013/01/14 16:27:46 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/07 16:10:38 | 004,009,167 | ---- | C] () -- C:\Users\DeFragger\Desktop\ServicesRepair.exe
[2013/01/04 04:43:52 | 000,165,376 | ---- | C] () -- C:\Users\DeFragger\Desktop\SystemLook_x64.exe
[2012/12/15 06:39:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/15 06:39:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/15 06:39:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/15 06:39:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/15 06:39:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/25 08:59:05 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/11/23 17:47:34 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2012/04/18 14:08:42 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/16 09:08:33 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/04/16 09:08:30 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/04/16 09:08:30 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012/04/04 08:42:02 | 000,045,497 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/04/04 08:40:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/04/04 08:40:20 | 000,028,644 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/12/08 18:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

OTL Extras logfile created on: 1/17/2013 4:53:30 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DeFragger\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.49 Gb Available Physical Memory | 81.27% Memory free
15.96 Gb Paging File | 14.50 Gb Available in Paging File | 90.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 828.70 Gb Free Space | 88.97% Space Free | Partition Type: NTFS
Drive D: | 607.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KIMS_BEAST | User Name: DeFragger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1DB1A317-7842-4DDA-8F38-7737CB76DD6F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{245CB269-E46A-4EED-8AA7-0B62224B9943}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{32EF19D1-86A1-4286-8E59-44E5A20C269D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{56172DE2-B1F3-4851-BD67-01C6BEC92008}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A4B4B6AB-4262-49C2-A3E1-0F3C027EA0A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A8649BA2-4A94-434E-A8BF-BECF6AB62840}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{ADB2579C-56B9-4130-BDEC-8F893BE28BD2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E7CFD54D-7FDC-4255-87AD-B1913A0C6EF9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EF0D87B0-BFBE-44FC-ADE4-056E7E3CB6C3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FDF76255-9F9E-4BB2-88B1-897A1FBC8CA7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0FB2F4FF-B663-4113-BEB0-F42891F4B541}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{21F946C0-B20B-4038-A8A9-9E9D433BF812}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 | 
"{5511C145-FD12-4CB7-8C2A-07D279DE2269}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62A4DA44-7303-448F-9DA7-E09C98729CB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC9227DC-5F7B-4F8B-86B1-4EF892CFD3B2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7567C52-D5EA-4752-B922-B28888DB39D1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FA5B3012-E175-4078-AF04-413FFA01AE7B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"TCP Query User{46A4C8AA-83EE-4339-B2DF-FECE74110D62}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{651DF722-7D3D-4738-85BF-80B5A3169625}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BFAB7835-55A2-41CD-AE66-F673BCA4E49F}" = AVG 2013
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F91E2EF2-CD31-4727-816F-F73F772F5FE6}" = AVG 2013
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer 3: Kane's Wrath
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Diablo III" = Diablo III
"ESET Online Scanner" = ESET Online Scanner v3
"Fitbit Connect" = Fitbit Connect
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 18.0 (x86 en-US)" = Mozilla Firefox 18.0 (x86 en-US)
"Mozilla Thunderbird 16.0.1 (x86 en-US)" = Mozilla Thunderbird 16.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Password Safe" = Password Safe
"Red Alert 2" = Command & Conquer Red Alert 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"VLC media player" = VLC media player 2.0.0
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WOLAPI" = Westwood Shared Internet Components
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/15/2013 5:52:18 PM | Computer Name = Kims_Beast | Source = WinMgmt | ID = 10
Description =

Error - 1/15/2013 7:15:46 PM | Computer Name = Kims_Beast | Source = WinMgmt | ID = 10
Description =

Error - 1/16/2013 4:39:02 AM | Computer Name = Kims_Beast | Source = WinMgmt | ID = 10
Description =

Error - 1/16/2013 5:18:35 PM | Computer Name = Kims_Beast | Source = WinMgmt | ID = 10
Description =

Error - 1/16/2013 6:33:36 PM | Computer Name = Kims_Beast | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET
Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 1/16/2013 6:57:23 PM | Computer Name = Kims_Beast | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 1/16/2013 9:40:49 PM | Computer Name = Kims_Beast | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1/17/2013 4:38:43 AM | Computer Name = Kims_Beast | Source = WinMgmt | ID = 10
Description =

Error - 1/17/2013 5:42:44 PM | Computer Name = Kims_Beast | Source = WinMgmt | ID = 10
Description =

Error - 1/17/2013 5:48:50 PM | Computer Name = Kims_Beast | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 1/17/2013 5:41:02 PM | Computer Name = Kims_Beast | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 1/17/2013 5:41:06 PM | Computer Name = Kims_Beast | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 1/17/2013 5:41:06 PM | Computer Name = Kims_Beast | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater13.2.0 service failed to start due to the following
error: %%2

Error - 1/17/2013 5:43:19 PM | Computer Name = Kims_Beast | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).

Error - 1/17/2013 5:43:19 PM | Computer Name = Kims_Beast | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 1/17/2013 5:47:07 PM | Computer Name = Kims_Beast | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 1/17/2013 5:47:07 PM | Computer Name = Kims_Beast | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater13.2.0 service failed to start due to the following
error: %%2

Error - 1/17/2013 5:47:08 PM | Computer Name = Kims_Beast | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 1/17/2013 5:49:18 PM | Computer Name = Kims_Beast | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).

Error - 1/17/2013 5:49:18 PM | Computer Name = Kims_Beast | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

< End of report >


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,

Congratulations your machine appears to be clean! 
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure.

*Remove Tools*
Let's remove the programs we've been using to clean up your computer, They are not suitable for general malware removal and could cause damage if used inappropriately.

The following steps will remove the tools and logs we used to clean your computer.
Any left over merely delete yourself and empty the Recycle Bin.

*Uninstall ComboFix*

Click on *Start* > *Run*
Type *ComboFix /Uninstall* into the box and click *OK*
Note the *space* between the *x* and */Uninstall* it needs to be there.

*Uninstall AdwCleaner*

Right-click *AdwCleaner.exe* and select *Run as administrator* to run it.
Click *Uninstall*
Click *Yes*

*CleanUp with OTL*

Right-click *OTL* and select *Run as administrator* to start the program.
Close all other programs as this step will require a reboot
On the OTL main screen, press the *CleanUp!* button.
Click *Yes* to the prompt and then allow the program to reboot your computer.

*Keep your programs up to date*
Update your Antivirus programs and other programs regularly to avoid new threats that could infect your system.
Below are 2 sites that can be used to check if any of your installed programs are in need of updates.
*Secunia Software Inspector*
*F-secure Health Check*

*Keep your system updated*
*Microsoft* releases patches for Windows and other products regularly:


I advise you visit: *http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us*
Install the *Active X*
Once installed it will advise you set Auto-Updates if not set and you then will be able to manually check for updates also via:
*Start* > *All Programs* > *Microsoft Updates*

Here is a great guide I recommend you read - *COMPUTER SECURITY - a short guide to staying safer online*

If your computer is running slowly after your clean up, please read - *What to do if your Computer is running slowly*

I'd be grateful if you could reply to this post so that I know you have read it, and if you have no other questions, the thread can be marked solved.

Happy surfing and stay clean! :up:


----------



## Defragger (Dec 13, 2012)

Hi Gizzy, thanks so much for all your help. It is greatly appreciated! I went to the link you suggested and have read some and bookmarked it for further reading. My only question is which AV would you recommend, Avast or AVG? Which Anti-malware? Beyond that, yes I think we can mark this as "Solved". Should I click that or do you do that? Again, thank you, Kim.


----------



## Gizzy (Aug 2, 2005)

Hi Defragger,
You're most welcome. 



Defragger said:


> My only question is which AV would you recommend, Avast or AVG?


Either is fine, So whichever one you prefer.



Defragger said:


> Which Anti-malware?


Malwarebytes' Anti-Malware which you already have installed is a very good Anti-Malware program that can be used alongside an AV, I recommend you update and run a scan once a week or so.



Defragger said:


> Beyond that, yes I think we can mark this as "Solved". Should I click that or do you do that?


You do.


----------



## Defragger (Dec 13, 2012)

Okay! Once again, thank you for all your help, Gizzy.


----------

