1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win64/Patched.A detected by AVG - need help removing

Discussion in 'Virus & Other Malware Removal' started by Defragger, Dec 12, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Defragger

    Defragger Thread Starter

    Joined:
    Dec 12, 2012
    Messages:
    40
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i5-2550K CPU @ 3.40GHz, Intel64 Family 6 Model 42 Stepping 7
    Processor Count: 4
    RAM: 8173 Mb
    Graphics Card: NVIDIA GeForce GT 520, 1023 Mb
    Hard Drives: C: Total - 953766 MB, Free - 851534 MB;
    Motherboard: ASUSTeK Computer INC., P8Z68-V LX
    Antivirus: AVG Anti-Virus Free Edition 2013, Updated and Enabled

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:07:26 PM, on 12/12/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16455)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
    C:\Users\DeFragger\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-175869551-1456407368-2275875465-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-175869551-1456407368-2275875465-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10512 bytes


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
    Run by DeFragger at 20:08:38 on 2012-12-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.6895 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
    uSearch Page = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
    uDefault_Page_URL = hxxp://nmd.msn.com
    uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
    mWinlogon: Userinit = userinit.exe,
    BHO: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    LSP: mswsock.dll
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{F1B89120-180F-4C2A-A43A-1B5E91D75DC6} : DHCPNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://www.searchamong.com/searchview.php?cat=webs&bar=true&query=
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-12-09 11:12; [email protected]; C:\Users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]
    .
    ---- FIREFOX POLICIES ----
    .
    FF - user.js: extensions.funmoods.hmpg - false
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
    FF - user.js: extensions.funmoods.dfltSrch - false
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - false
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636&q=
    FF - user.js: extensions.funmoods.id - C860006C8C0D8BCB
    FF - user.js: extensions.funmoods.instlDay - 15593
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.221:14:34
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - axl
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - axl
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    .
    .
    FF - user.js: security.csp.enable - false
    .
    FF - user.js: extensions.autoDisableScopes - 14//Playbryte-fa-ptn
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-26 30568]
    R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [2012-4-16 947328]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-4 13592]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-4-4 161560]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-8-28 92632]
    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-4 646248]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2012-6-16 29288]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-18 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-5 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-5 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-5 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-17 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-12-10 22:28:44 -------- d-----w- C:\Users\DeFragger\AppData\Roaming\Malwarebytes
    2012-12-10 22:28:31 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-12-10 22:28:30 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-10 22:28:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-10 21:45:52 -------- d-----w- C:\Users\DeFragger\AppData\Roaming\SpeedyPC Software
    2012-12-10 21:45:52 -------- d-----w- C:\Users\DeFragger\AppData\Roaming\DriverCure
    2012-12-10 21:45:46 -------- d-----w- C:\ProgramData\SpeedyPC Software
    2012-12-09 16:12:45 -------- d-----w- C:\Users\DeFragger\AppData\Local\Vid-Saver
    2012-12-09 16:12:44 -------- d-----w- C:\Program Files (x86)\Vid-Saver
    2012-12-09 16:12:38 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
    2012-12-09 16:11:25 -------- d-----w- C:\Program Files (x86)\AVS Video Converter
    2012-12-09 15:54:48 -------- d-----w- C:\Program Files (x86)\MPC-HC
    2012-12-09 15:52:47 220160 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
    2012-12-09 15:52:42 -------- d-----w- C:\Program Files (x86)\Mega Codec Pack
    2012-12-09 15:20:03 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-12-09 15:20:03 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-12-09 15:19:59 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-12-06 02:07:39 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
    2012-12-03 23:08:48 -------- d-sh--w- C:\found.000
    2012-11-25 13:59:06 -------- d-----w- C:\Program Files\Ventrilo
    2012-11-25 13:58:47 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-11-24 11:34:13 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2012-11-24 11:34:13 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2012-11-24 11:34:13 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2012-11-24 11:34:13 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2012-11-24 11:34:13 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2012-11-23 22:36:51 -------- d-----w- C:\Program Files (x86)\Activision
    2012-11-19 09:40:46 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
    2012-11-15 09:44:20 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2012-11-15 09:44:20 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-15 09:44:20 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-15 09:44:20 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-15 09:40:36 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-15 09:40:36 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2012-11-15 09:40:36 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-15 09:40:36 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2012-11-15 09:40:35 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2012-11-15 09:40:35 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-15 09:40:35 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    .
    ==================== Find3M ====================
    .
    2012-11-22 12:48:01 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-22 12:48:01 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-11-08 11:06:06 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-10-22 18:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-15 08:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2012-10-11 02:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
    2012-10-11 02:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
    2012-10-11 02:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
    2012-10-11 02:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
    2012-10-11 02:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
    2012-10-11 02:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
    2012-10-11 02:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
    2012-10-11 02:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-08 19:11:05 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-10-05 08:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
    2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-10-02 18:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-10-02 07:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
    2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
    2012-09-21 07:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2012-09-21 07:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-09-14 07:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    .
    ============= FINISH: 20:08:51.32 ===============
     
  2. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hello Defragger and Welcome to Tech Support Guy! :)
    My name is Gizzy and I'll be glad to help you with your malware problems.

    Please note the following while we work:
    • The fixes are specific to your problem and should only be used for this issue on this computer.
    • Perform all actions in the order given.
    • If you don't know or understand something stop and ask! Don't keep going on.
    • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
    • Please DO NOT run any tools or scans unless I ask you to.
    • It is important that you reply to this thread. Do not start a new topic.
    • Your security programs may give warnings for some of the tools I will ask you to use, Be assured, any links I give are safe.
    • The process is not instant, Please continue to respond to this thread until I give you the All Clean!. Absence of symptoms does not mean that everything is clear.
    • Topics not replied to within 3 days will be removed from my Subscribed Threads List.
    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.
    Backup your data - windows 7



    I am checking your logs and will reply with further instructions soon.
     
  3. Defragger

    Defragger Thread Starter

    Joined:
    Dec 12, 2012
    Messages:
    40
    Thanks so much Gizzy! Your help is greatly appreciated.
     
  4. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
  5. Defragger

    Defragger Thread Starter

    Joined:
    Dec 12, 2012
    Messages:
    40
    Thanks Gizzy, but the link didn't help any. Can't enable the firewall and Windows Updates will not work. AVG tells me that;

    "Virus identified Win64/Patched.A, C:\Windows\System32\services.exe";"Cannot be cleaned
    Remove manually"

    and it keeps trying to install these;

    "Trojan horse Generic28.CBQW, c:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\U\[email protected]";"Infected"

    "Found Luhe.Sirefef.A, c:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\U\[email protected]";"Infected"

    "Found Luhe.Sirefef.A, c:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\U\[email protected]";"Infected"

    I have no idea what to do next. I guess I'm on bent knee asking for your help...lmao. I would like to try and clean this machine until I can get a recovery disk from IBuyPower and repave. Thanks so much in advance.
     
  6. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    No problem, Please continue with the following. :)
    If you don't have a flash drive let me know and we can try something else, Though this way is preferred.

    Also when you ran DDS it should have created 2 files DDS.txt and Attach.txt, Please post Attach.txt


    FRST
    1. Download FRST64 to a USB flash drive.
    2. Plug the USB drive into the infected machine.

    Boot your computer into Recovery Environment

    1. Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
    2. Select Repair your computer.
    3. Select Language and click Next
    4. Enter password (if necessary) and click OK, you should now see the screen below ...

      [​IMG]

    5. Select the Command Prompt option.
    6. A command window will open.
      • Type notepad then hit Enter.
      • Notepad will open.
        • Click File > Open then select Computer.
        • Note down the drive letter for your USB Drive.
        • Close Notepad.
    7. Back in the command window ....
      • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
      • FRST will start to run.
        • When the tool opens click Yes to disclaimer.
        • Press Scan button.
        • When finished scanning it will make a log FRST.txt on the flash drive.
    8. Next
      • Type services.exe;explorer.exe into the Search: box in FRST
      • Click the Search Files button.
      • FRST will scan your machine once more, this time looking for files.
      • When finished scanning it will make a log Search.txt on the flash drive.
    9. Close the command window.
    10. Boot back into normal mode and post me the FRST.txt log and the Search.txt log please.


    Please reply with:
    • Attach.txt
    • FRST logs (FRST.txt and Search.txt)
     
  7. Defragger

    Defragger Thread Starter

    Joined:
    Dec 12, 2012
    Messages:
    40
    Sorry for the delay Gizzy but I had to acquire a flashdrive, prolly could have used my Kindle but didn't want to risk it. Anyway, here are the log files you asked for. Thanks again.

    attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/16/2012 3:45:25 AM
    System Uptime: 12/12/2012 5:23:55 PM (3 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P8Z68-V LX
    Processor: Intel(R) Core(TM) i5-2550K CPU @ 3.40GHz | LGA1155 | 3400/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 831.576 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP61: 11/23/2012 5:35:02 PM - Installed Call of Duty(R) 2
    RP62: 11/23/2012 5:59:39 PM - Installed Call of Duty(R) 2 Patch 1.3
    RP63: 11/25/2012 8:58:57 AM - Installed Ventrilo Client for Windows x64
    RP64: 11/29/2012 4:40:40 AM - Windows Update
    RP65: 12/5/2012 9:07:14 PM - Windows Update
    RP66: 12/9/2012 10:19:44 AM - Installed Java 7 Update 9
    RP67: 12/10/2012 5:19:07 PM - Removed Translate Genius
    RP68: 12/11/2012 3:17:49 PM - Removed WinZip 15.0
    RP69: 12/11/2012 3:19:20 PM - Removed calibre
    .
    ==== Installed Programs ======================
    .
    7-Zip 4.65
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Asmedia ASM104x USB 3.0 Host Controller Driver
    AVG 2013
    AVG Security Toolbar
    Call of Duty(R) 2
    Call of Duty(R) 2 Patch 1.3
    Command & Conquer 3
    Command & Conquer Red Alert 2
    Command & Conquer™ 3: Kane's Wrath
    D3DX10
    Diablo III
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel® Trusted Connect Service Client
    Java 7 Update 9
    Java Auto Updater
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.65.1.1000
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Office Word Viewer 2003
    Microsoft PowerPoint Viewer
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 16.0.1 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    NVIDIA 3D Vision Controller Driver 295.73
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA HD Audio Driver 1.3.12.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0209
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Steam
    The Elder Scrolls V: Skyrim
    TomTom HOME
    TomTom HOME Visual Studio Merge Modules
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Ventrilo Client for Windows x64
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    VLC media player 2.0.0
    Westwood Shared Internet Components
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yahoo! Detect
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/8/2012 11:06:16 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\System32\config\COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
    12/5/2012 9:22:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000000403, 0xfffff680000dd0b0, 0x9cd00000380cb867, 0xfffff6fc001c0658). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120512-17281-01.
    12/12/2012 6:12:47 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    12/12/2012 6:12:47 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    12/12/2012 3:49:16 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    12/12/2012 3:49:07 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    12/12/2012 3:49:05 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    12/12/2012 3:49:05 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    .
    ==== End Of File ===========================

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012
    Ran by SYSTEM at 14-12-2012 16:14:42
    Running from F:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7560296 2011-12-12] (Realtek Semiconductor)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
    HKLM-x32\...\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [856160 2012-09-26] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    ==================== Services (Whitelisted) ===================

    2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [947328 2012-04-16] (ASUSTeK Computer Inc.)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
    2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
    2 TomTomHOMEService; "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [92632 2012-08-28] (TomTom)
    2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()

    ==================== Drivers (Whitelisted) =====================

    3 Apowersoft_AudioDevice; C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)
    1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2012-04-16] ()
    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
    0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-12-14 12:52 - 2012-12-14 12:52 - 01461033 ____A (Farbar) C:\Users\DeFragger\Desktop\FRST64.exe
    2012-12-13 14:17 - 2012-12-13 14:20 - 00000000 ____D C:\Users\All Users\ParetoLogic
    2012-12-13 14:17 - 2012-12-13 14:17 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\ParetoLogic
    2012-12-12 18:00 - 2012-12-13 14:01 - 00003265 ____A C:\Windows\WindowsUpdate.log
    2012-12-12 17:31 - 2012-12-12 17:31 - 00000000 ____D C:\Windows\Sun
    2012-12-12 17:14 - 2012-12-12 17:14 - 00509440 ____A (Tech Support Guy System) C:\Users\DeFragger\Desktop\SysInfo.exe
    2012-12-12 17:08 - 2012-12-12 17:08 - 00022760 ____A C:\Users\DeFragger\Desktop\dds.txt
    2012-12-12 17:08 - 2012-12-12 17:08 - 00006802 ____A C:\Users\DeFragger\Desktop\attach.txt
    2012-12-12 17:07 - 2012-12-12 17:07 - 00010514 ____A C:\Users\DeFragger\Desktop\hijackthis.log
    2012-12-12 17:04 - 2012-12-12 17:04 - 00688992 ____R (Swearware) C:\Users\DeFragger\Desktop\dds.scr
    2012-12-12 17:04 - 2012-12-12 17:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\DeFragger\Desktop\HijackThis.exe
    2012-12-10 15:06 - 2012-12-13 16:57 - 00007332 ____A C:\Windows\PFRO.log
    2012-12-10 14:28 - 2012-12-10 14:28 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Malwarebytes
    2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-10 14:28 - 2012-09-29 16:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-12-10 14:16 - 2012-12-14 12:50 - 00001522 ____A C:\Windows\setupact.log
    2012-12-10 14:16 - 2012-12-10 14:16 - 00000000 ____A C:\Windows\setuperr.log
    2012-12-10 14:10 - 2012-12-10 14:10 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\DeFragger\Downloads\mb.exe
    2012-12-10 13:45 - 2012-12-10 14:18 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
    2012-12-10 13:45 - 2012-12-10 13:45 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\SpeedyPC Software
    2012-12-10 13:45 - 2012-12-10 13:45 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\DriverCure
    2012-12-09 08:34 - 2012-12-09 08:34 - 00821248 ____A C:\Users\DeFragger\Downloads\FreeISOBurner.exe
    2012-12-09 08:12 - 2012-12-10 14:19 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2012-12-09 08:12 - 2012-12-09 08:12 - 00000000 ____D C:\Users\DeFragger\AppData\Local\Vid-Saver
    2012-12-09 08:12 - 2012-12-09 08:12 - 00000000 ____D C:\Program Files (x86)\Vid-Saver
    2012-12-09 08:11 - 2012-12-09 08:13 - 00000000 ____D C:\Program Files (x86)\AVS Video Converter
    2012-12-09 07:54 - 2012-12-09 08:04 - 00000000 ____D C:\Program Files (x86)\MPC-HC
    2012-12-09 07:52 - 2012-12-13 13:31 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-12-09 07:20 - 2012-12-09 07:20 - 00000000 ____D C:\Users\All Users\Sun
    2012-12-09 07:20 - 2012-12-09 07:19 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-12-09 07:20 - 2012-12-09 07:19 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-12-09 07:20 - 2012-12-09 07:19 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-12-09 07:19 - 2012-12-09 07:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-12-09 07:19 - 2012-12-09 07:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-12-09 07:19 - 2012-12-09 07:19 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-12-09 07:19 - 2012-12-09 07:19 - 00000000 ____D C:\Users\All Users\McAfee
    2012-12-09 07:19 - 2012-12-09 07:19 - 00000000 ____D C:\Program Files (x86)\Java
    2012-12-08 06:23 - 2012-12-08 07:12 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink Floyd - full discography
    2012-12-08 06:18 - 2012-12-08 06:18 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink Floyd Meddle [Original Recording Remastered] 320 Kbps
    2012-12-08 06:17 - 2012-12-08 06:17 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink_Floyd_Greatest_Hits.www.lokotorrents.com
    2012-12-06 12:57 - 2012-12-11 12:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-12-05 18:07 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-12-05 18:07 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-12-05 18:07 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-12-05 18:07 - 2012-08-24 10:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-12-05 18:07 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
    2012-12-05 18:07 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-12-05 18:07 - 2012-08-24 08:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-12-05 18:07 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-12-05 18:07 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-12-05 18:07 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
    2012-12-05 18:07 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
    2012-12-05 18:07 - 2012-08-23 06:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
    2012-12-05 18:07 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
    2012-12-05 18:07 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2012-12-05 18:07 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2012-12-05 18:07 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
    2012-12-05 18:07 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
    2012-12-05 18:07 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
    2012-12-05 18:07 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
    2012-12-05 18:07 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2012-12-05 18:07 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
    2012-12-05 18:07 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
    2012-12-05 18:07 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
    2012-12-05 18:07 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
    2012-12-05 18:07 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2012-12-05 18:07 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
    2012-12-05 18:07 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2012-12-05 18:07 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
    2012-12-05 18:07 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
    2012-12-05 18:07 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2012-12-05 18:07 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
    2012-12-05 18:07 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-12-05 18:07 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2012-12-05 18:07 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2012-12-03 15:08 - 2012-12-03 15:08 - 00000000 __SHD C:\found.000
    2012-11-25 05:59 - 2012-12-10 14:04 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Ventrilo
    2012-11-25 05:59 - 2012-11-25 05:59 - 00000920 ____A C:\Users\DeFragger\Desktop\Ventrilo.lnk
    2012-11-25 05:59 - 2012-11-25 05:59 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    2012-11-25 05:59 - 2012-11-25 05:59 - 00000000 ____D C:\Program Files\Ventrilo
    2012-11-25 05:58 - 2012-11-25 05:58 - 00000000 ____D C:\Users\DeFragger\Downloads\Ventrilo
    2012-11-24 03:30 - 2012-11-24 03:31 - 00000000 ____D C:\Users\DeFragger\Downloads\COD Patch
    2012-11-24 03:26 - 2012-11-24 03:28 - 00000000 ____D C:\Users\DeFragger\Downloads\Kindle Books and Software update
    2012-11-24 03:22 - 2012-11-24 03:25 - 00000000 ____D C:\Users\DeFragger\Downloads\Red Alert
    2012-11-23 14:47 - 2012-11-23 14:47 - 00001882 ____A C:\Users\Public\Desktop\Call of Duty(R) 2 Single Player.lnk
    2012-11-23 14:47 - 2012-11-23 14:47 - 00001882 ____A C:\Users\Public\Desktop\Call of Duty(R) 2 Multiplayer.lnk
    2012-11-23 14:47 - 2012-11-23 14:47 - 00000293 ____A C:\Windows\game.ini
    2012-11-23 14:36 - 2012-11-23 14:36 - 00000000 ____D C:\Program Files (x86)\Activision
    2012-11-22 04:48 - 2012-11-22 05:25 - 00000000 ____D C:\Program Files (x86)\Google
    2012-11-19 01:40 - 2012-10-02 11:50 - 02557800 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
    2012-11-16 17:55 - 2012-11-16 17:55 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\WinRAR
    2012-11-15 01:44 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
    2012-11-15 01:44 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
    2012-11-15 01:44 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
    2012-11-15 01:44 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2012-11-15 01:41 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-11-15 01:41 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-11-15 01:41 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-11-15 01:41 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-11-15 01:41 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-11-15 01:41 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-11-15 01:41 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-11-15 01:41 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-11-15 01:41 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-11-15 01:41 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-11-15 01:41 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-11-15 01:41 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-11-15 01:41 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-11-15 01:41 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-11-15 01:41 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-11-15 01:41 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-11-15 01:41 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-11-15 01:41 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-11-15 01:41 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-11-15 01:41 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-11-15 01:41 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-11-15 01:41 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-11-15 01:41 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-11-15 01:41 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-11-15 01:41 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-11-15 01:41 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-11-15 01:41 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-11-15 01:41 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-11-15 01:41 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-11-15 01:41 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-11-15 01:41 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-11-15 01:41 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-11-15 01:40 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
    2012-11-15 01:40 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
    2012-11-15 01:40 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
    2012-11-15 01:40 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
    2012-11-15 01:40 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-15 01:40 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
    2012-11-15 01:40 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
    2012-11-15 01:40 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2012-11-14 01:48 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-11-14 01:48 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
    2012-11-14 01:48 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
    2012-11-14 01:48 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
    2012-11-14 01:48 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
    2012-11-14 01:48 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-11-14 01:48 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
    2012-11-14 01:48 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
    2012-11-14 01:48 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
    2012-11-14 01:48 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
    2012-11-14 01:48 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
    2012-11-14 01:48 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
    2012-11-14 01:48 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
    2012-11-14 01:48 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2012-11-14 01:48 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
    2012-11-14 01:48 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
    2012-11-14 01:48 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2012-11-14 01:48 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
    2012-11-14 01:48 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll


    ==================== One Month Modified Files and Folders =======

    2012-12-14 12:54 - 2009-07-13 21:13 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-12-14 12:52 - 2012-12-14 12:52 - 01461033 ____A (Farbar) C:\Users\DeFragger\Desktop\FRST64.exe
    2012-12-14 12:50 - 2012-12-10 14:16 - 00001522 ____A C:\Windows\setupact.log
    2012-12-14 12:50 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-12-14 12:50 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-12-14 12:48 - 2012-04-16 00:50 - 00000000 ____D C:\Users\All Users\MFAData
    2012-12-14 12:43 - 2012-04-10 06:30 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-12-14 12:43 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-12-13 16:57 - 2012-12-10 15:06 - 00007332 ____A C:\Windows\PFRO.log
    2012-12-13 14:31 - 2012-05-02 15:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2012-12-13 14:20 - 2012-12-13 14:17 - 00000000 ____D C:\Users\All Users\ParetoLogic
    2012-12-13 14:17 - 2012-12-13 14:17 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\ParetoLogic
    2012-12-13 14:01 - 2012-12-12 18:00 - 00003265 ____A C:\Windows\WindowsUpdate.log
    2012-12-13 13:31 - 2012-12-09 07:52 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-12-12 17:31 - 2012-12-12 17:31 - 00000000 ____D C:\Windows\Sun
    2012-12-12 17:14 - 2012-12-12 17:14 - 00509440 ____A (Tech Support Guy System) C:\Users\DeFragger\Desktop\SysInfo.exe
    2012-12-12 17:08 - 2012-12-12 17:08 - 00022760 ____A C:\Users\DeFragger\Desktop\dds.txt
    2012-12-12 17:08 - 2012-12-12 17:08 - 00006802 ____A C:\Users\DeFragger\Desktop\attach.txt
    2012-12-12 17:07 - 2012-12-12 17:07 - 00010514 ____A C:\Users\DeFragger\Desktop\hijackthis.log
    2012-12-12 17:04 - 2012-12-12 17:04 - 00688992 ____R (Swearware) C:\Users\DeFragger\Desktop\dds.scr
    2012-12-12 17:04 - 2012-12-12 17:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\DeFragger\Desktop\HijackThis.exe
    2012-12-11 12:26 - 2012-04-18 15:23 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Winamp
    2012-12-11 12:18 - 2012-12-06 12:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-12-11 12:18 - 2012-09-09 21:23 - 00000000 ____D C:\Users\All Users\WinZip
    2012-12-11 12:17 - 2012-06-21 06:23 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\uTorrent
    2012-12-10 14:28 - 2012-12-10 14:28 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Malwarebytes
    2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-10 14:22 - 2012-09-26 11:31 - 00000000 ____D C:\Users\All Users\AVG2013
    2012-12-10 14:19 - 2012-12-09 08:12 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2012-12-10 14:18 - 2012-12-10 13:45 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
    2012-12-10 14:16 - 2012-12-10 14:16 - 00000000 ____A C:\Windows\setuperr.log
    2012-12-10 14:10 - 2012-12-10 14:10 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\DeFragger\Downloads\mb.exe
    2012-12-10 14:04 - 2012-11-25 05:59 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Ventrilo
    2012-12-10 14:04 - 2012-08-26 04:11 - 00000000 ____D C:\Windows\Minidump
    2012-12-10 14:04 - 2012-04-19 12:49 - 00000000 ____D C:\Program Files (x86)\Steam
    2012-12-10 14:04 - 2012-04-18 11:29 - 00000000 ___DC C:\Users\DeFragger\AppData\Local\MigWiz
    2012-12-10 14:04 - 2011-11-21 17:24 - 00000000 ____D C:\Windows\panther
    2012-12-10 13:45 - 2012-12-10 13:45 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\SpeedyPC Software
    2012-12-10 13:45 - 2012-12-10 13:45 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\DriverCure
    2012-12-09 08:34 - 2012-12-09 08:34 - 00821248 ____A C:\Users\DeFragger\Downloads\FreeISOBurner.exe
    2012-12-09 08:13 - 2012-12-09 08:11 - 00000000 ____D C:\Program Files (x86)\AVS Video Converter
    2012-12-09 08:12 - 2012-12-09 08:12 - 00000000 ____D C:\Users\DeFragger\AppData\Local\Vid-Saver
    2012-12-09 08:12 - 2012-12-09 08:12 - 00000000 ____D C:\Program Files (x86)\Vid-Saver
    2012-12-09 08:04 - 2012-12-09 07:54 - 00000000 ____D C:\Program Files (x86)\MPC-HC
    2012-12-09 07:59 - 2012-09-09 20:49 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\vlc
    2012-12-09 07:20 - 2012-12-09 07:20 - 00000000 ____D C:\Users\All Users\Sun
    2012-12-09 07:19 - 2012-12-09 07:20 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-12-09 07:19 - 2012-12-09 07:20 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-12-09 07:19 - 2012-12-09 07:20 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-12-09 07:19 - 2012-12-09 07:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-12-09 07:19 - 2012-12-09 07:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-12-09 07:19 - 2012-12-09 07:19 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-12-09 07:19 - 2012-12-09 07:19 - 00000000 ____D C:\Users\All Users\McAfee
    2012-12-09 07:19 - 2012-12-09 07:19 - 00000000 ____D C:\Program Files (x86)\Java
    2012-12-08 07:45 - 2012-02-09 17:25 - 00000000 ____D C:\My MP3's
    2012-12-08 07:12 - 2012-12-08 06:23 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink Floyd - full discography
    2012-12-08 06:18 - 2012-12-08 06:18 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink Floyd Meddle [Original Recording Remastered] 320 Kbps
    2012-12-08 06:17 - 2012-12-08 06:17 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink_Floyd_Greatest_Hits.www.lokotorrents.com
    2012-12-07 01:34 - 2012-05-08 00:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-12-06 14:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-12-05 18:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2012-12-05 17:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
    2012-12-03 15:08 - 2012-12-03 15:08 - 00000000 __SHD C:\found.000
    2012-11-25 05:59 - 2012-11-25 05:59 - 00000920 ____A C:\Users\DeFragger\Desktop\Ventrilo.lnk
    2012-11-25 05:59 - 2012-11-25 05:59 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    2012-11-25 05:59 - 2012-11-25 05:59 - 00000000 ____D C:\Program Files\Ventrilo
    2012-11-25 05:58 - 2012-11-25 05:58 - 00000000 ____D C:\Users\DeFragger\Downloads\Ventrilo
    2012-11-24 03:31 - 2012-11-24 03:30 - 00000000 ____D C:\Users\DeFragger\Downloads\COD Patch
    2012-11-24 03:28 - 2012-11-24 03:26 - 00000000 ____D C:\Users\DeFragger\Downloads\Kindle Books and Software update
    2012-11-24 03:25 - 2012-11-24 03:22 - 00000000 ____D C:\Users\DeFragger\Downloads\Red Alert
    2012-11-24 03:09 - 2009-07-13 21:08 - 00032544 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-11-23 15:00 - 2012-04-04 05:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-11-23 14:47 - 2012-11-23 14:47 - 00001882 ____A C:\Users\Public\Desktop\Call of Duty(R) 2 Single Player.lnk
    2012-11-23 14:47 - 2012-11-23 14:47 - 00001882 ____A C:\Users\Public\Desktop\Call of Duty(R) 2 Multiplayer.lnk
    2012-11-23 14:47 - 2012-11-23 14:47 - 00000293 ____A C:\Windows\game.ini
    2012-11-23 14:36 - 2012-11-23 14:36 - 00000000 ____D C:\Program Files (x86)\Activision
    2012-11-23 04:43 - 2012-04-15 23:46 - 00000000 ____D C:\Users\DeFragger\AppData\Local\VirtualStore
    2012-11-22 06:43 - 2012-05-18 11:50 - 00000000 ____D C:\Program Files (x86)\Diablo III
    2012-11-22 05:25 - 2012-11-22 04:48 - 00000000 ____D C:\Program Files (x86)\Google
    2012-11-22 05:25 - 2012-04-18 11:09 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\SoftGrid Client
    2012-11-22 04:48 - 2012-09-09 20:34 - 00000000 ____D C:\Users\DeFragger\AppData\Local\Google
    2012-11-22 04:48 - 2012-05-08 16:17 - 00000000 ____D C:\Users\All Users\Adobe
    2012-11-22 04:48 - 2012-04-16 00:17 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-11-22 04:48 - 2012-04-16 00:17 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-11-19 01:40 - 2012-04-10 06:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2012-11-19 01:40 - 2012-04-10 06:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2012-11-16 17:55 - 2012-11-16 17:55 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\WinRAR
    2012-11-15 12:05 - 2012-04-15 23:46 - 00058016 ____A C:\Users\DeFragger\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-11-15 12:05 - 2009-07-13 20:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-11-15 01:40 - 2012-04-18 02:02 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-11-14 17:32 - 2012-04-15 23:49 - 00000000 ____D C:\Users\DeFragger\AppData\Local\Microsoft Games


    ZeroAccess:
    C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}
    C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\@
    C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\L
    C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\U
    C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\L\[email protected]
    C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\U\[email protected]
    C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\U\[email protected]
    C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821}\U\[email protected]

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-11-23 14:35:08
    Restore point made on: 2012-11-23 14:59:45
    Restore point made on: 2012-11-25 05:59:03
    Restore point made on: 2012-11-29 01:40:50
    Restore point made on: 2012-12-05 18:07:21
    Restore point made on: 2012-12-09 07:19:50
    Restore point made on: 2012-12-10 14:19:13
    Restore point made on: 2012-12-11 12:17:54
    Restore point made on: 2012-12-11 12:19:23

    ==================== Memory info ===========================

    Percentage of memory in use: 9%
    Total physical RAM: 8173.21 MB
    Available physical RAM: 7389.67 MB
    Total Pagefile: 8171.41 MB
    Available Pagefile: 7376.55 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ==================== Partitions =============================

    1 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:831.01 GB) NTFS
    3 Drive f: (USB20FD) (Removable) (Total:15.22 GB) (Free:15.22 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 2048 KB
    Disk 1 Online 15 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 31 KB
    Partition 2 Primary 931 GB 103 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Windows NTFS Partition 931 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 15 GB 24 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F USB20FD FAT32 Removable 15 GB Healthy

    =========================================================

    Last Boot: 2012-12-05 14:54

    ==================== End Of Log =============================

    Search.txt

    Farbar Recovery Scan Tool (x64) Version: 11-12-2012
    Ran by SYSTEM at 2012-12-14 16:16:17
    Running from F:\

    ================== Search: "services.exe;explorer.exe" ===================

    C:\Windows\explorer.exe
    [2011-11-22 08:35] - [2011-02-24 22:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

    C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2011-11-22 08:35] - [2011-02-25 21:19] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746

    C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2011-11-22 08:35] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

    C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2010-11-20 19:24] - [2010-11-20 19:24] - 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2011-11-22 08:35] - [2011-02-25 22:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48

    C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011-11-22 08:35] - [2011-02-24 22:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

    C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2010-11-20 19:24] - [2010-11-20 19:24] - 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24

    C:\Windows\SysWOW64\explorer.exe
    [2011-11-22 08:35] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
     
  8. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hi Defragger,
    A few things to remove, But lets start with the main infection.


    FRST Fix
    Click the fixlist.txt link under Attached Files at the bottom of this post to download the attached file fixlist.txt and save it to the flashdrive with FRST.

    Boot into Recovery Environment

    1. Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt on your USB flashdrive.
    2. Exit out of Recovery Environment and post me the log please.


    After running FRST with fixlist.txt, Continue with the following.


    Download and run Combofix
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    Please download ComboFix from the link below:

    Link

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.
    • If you need help to disable your protection programs see here.
    • Right-click on ComboFix.exe and select Run as administrator then follow the prompts.
    • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

    If you need help, see this link:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix


    Please reply with:
    • FRST log (fixlog.txt)
    • ComboFix log
     

    Attached Files:

  9. Defragger

    Defragger Thread Starter

    Joined:
    Dec 12, 2012
    Messages:
    40
    Okay Gizzy, here are the log files you asked for. Thanks again so much for your help.

    Fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012
    Ran by SYSTEM at 2012-12-15 06:35:36 Run:1
    Running from F:\

    ==============================================

    C:\Windows\Installer\{b1aa134e-b22a-d2f0-453a-6922b5b8c821} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====

    ComboFix.txt

    ComboFix 12-12-14.01 - DeFragger 12/15/2012 6:40.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.6869 [GMT -5:00]
    Running from: c:\users\DeFragger\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Vid-Saver
    c:\program files (x86)\Vid-Saver\Vid-Saver.ico
    c:\program files (x86)\Vid-Saver\Vid-Saver.ini
    c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log
    c:\programdata\ReadOnlyInstaller.msi
    c:\programdata\uninstaller.exe
    c:\users\DeFragger\AppData\Local\Vid-Saver
    c:\users\DeFragger\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx
    c:\users\DeFragger\AppData\Roaming\Microsoft\~DFKa09e97.tmp
    c:\users\DeFragger\AppData\Roaming\Microsoft\1eaadjc.dll
    c:\users\DeFragger\AppData\Roaming\Microsoft\bass.dll
    c:\users\DeFragger\AppData\Roaming\Microsoft\engine_vx.dll
    c:\users\DeFragger\AppData\Roaming\Microsoft\kfgresk.dll
    c:\users\DeFragger\AppData\Roaming\Microsoft\mjcriu.dll
    c:\users\DeFragger\AppData\Roaming\Microsoft\peaadje.dll
    c:\users\DeFragger\AppData\Roaming\Microsoft\qwadjb.dll
    c:\users\DeFragger\AppData\Roaming\Microsoft\rsaadjd.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-15 to 2012-12-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-15 00:14 . 2012-12-15 00:14 -------- d-----w- C:\FRST
    2012-12-13 22:17 . 2012-12-13 22:17 -------- d-----w- c:\users\DeFragger\AppData\Roaming\ParetoLogic
    2012-12-13 22:17 . 2012-12-13 22:20 -------- d-----w- c:\programdata\ParetoLogic
    2012-12-13 20:51 . 2012-12-13 20:52 -------- d-----w- c:\users\DeFragger\AppData\Local\ElevatedDiagnostics
    2012-12-13 01:31 . 2012-12-13 01:31 -------- d-----w- c:\windows\Sun
    2012-12-10 22:28 . 2012-12-10 22:28 -------- d-----w- c:\users\DeFragger\AppData\Roaming\Malwarebytes
    2012-12-10 22:28 . 2012-12-10 22:28 -------- d-----w- c:\programdata\Malwarebytes
    2012-12-10 21:45 . 2012-12-10 21:45 -------- d-----w- c:\users\DeFragger\AppData\Roaming\SpeedyPC Software
    2012-12-10 21:45 . 2012-12-10 21:45 -------- d-----w- c:\users\DeFragger\AppData\Roaming\DriverCure
    2012-12-10 21:45 . 2012-12-10 22:18 -------- d-----w- c:\programdata\SpeedyPC Software
    2012-12-09 16:12 . 2012-12-10 22:19 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
    2012-12-09 16:11 . 2012-12-09 16:13 -------- d-----w- c:\program files (x86)\AVS Video Converter
    2012-12-09 15:54 . 2012-12-09 16:04 -------- d-----w- c:\program files (x86)\MPC-HC
    2012-12-09 15:52 . 2012-12-09 15:52 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
    2012-12-09 15:52 . 2012-12-13 21:31 -------- d-----w- c:\program files (x86)\Mega Codec Pack
    2012-12-09 15:20 . 2012-12-09 15:20 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-12-09 15:20 . 2012-12-09 15:19 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-12-09 15:20 . 2012-12-09 15:19 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-12-09 15:19 . 2012-12-09 15:19 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-12-09 15:19 . 2012-12-09 15:19 -------- d-----w- c:\program files (x86)\Java
    2012-12-09 15:19 . 2012-12-09 15:19 -------- d-----w- c:\programdata\McAfee
    2012-12-03 23:08 . 2012-12-03 23:08 -------- d-----w- C:\found.000
    2012-11-25 13:59 . 2012-12-10 22:04 -------- d-----w- c:\users\DeFragger\AppData\Roaming\Ventrilo
    2012-11-25 13:59 . 2012-11-25 13:59 -------- d-----w- c:\program files\Ventrilo
    2012-11-25 13:58 . 2012-11-25 13:58 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-11-24 11:34 . 2012-04-16 14:08 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2012-11-24 11:34 . 2001-09-05 09:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2012-11-24 11:34 . 2001-09-05 09:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2012-11-24 11:34 . 2001-09-05 09:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2012-11-24 11:34 . 2001-09-05 09:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2012-11-23 22:36 . 2012-11-23 22:36 -------- d-----w- c:\program files (x86)\Activision
    2012-11-22 12:48 . 2012-11-22 13:25 -------- d-----w- c:\program files (x86)\Google
    2012-11-19 09:40 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-22 12:48 . 2012-04-16 08:17 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-22 12:48 . 2012-04-16 08:17 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-11-15 09:40 . 2012-04-18 10:02 66395536 ----a-w- c:\windows\system32\MRT.exe
    2012-11-08 11:06 . 2012-09-26 19:31 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2012-10-30 00:45 . 2012-10-30 00:45 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
    2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
    2012-10-18 18:25 . 2012-11-14 09:48 3149824 ----a-w- c:\windows\system32\win32k.sys
    2012-10-16 08:38 . 2012-11-28 09:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-28 09:40 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-28 09:40 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
    2012-10-11 02:23 . 2012-10-11 02:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
    2012-10-11 02:23 . 2012-10-11 02:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2012-10-11 02:23 . 2012-10-11 02:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
    2012-10-11 02:23 . 2012-10-11 02:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
    2012-10-11 02:23 . 2012-10-11 02:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
    2012-10-11 02:23 . 2012-10-11 02:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2012-10-11 02:23 . 2012-10-11 02:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-10-11 02:23 . 2012-10-11 02:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2012-10-11 02:23 . 2012-10-11 02:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
    2012-10-11 02:23 . 2012-10-11 02:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
    2012-10-11 02:23 . 2012-04-10 14:30 2731880 ----a-w- c:\windows\system32\nvapi64.dll
    2012-10-11 02:23 . 2012-04-10 14:30 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-10-11 02:23 . 2012-10-11 02:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-10-11 02:23 . 2012-10-11 02:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
    2012-10-11 02:23 . 2012-10-11 02:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2012-10-11 02:23 . 2012-10-11 02:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-10-11 02:23 . 2012-10-11 02:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-10-11 02:22 . 2012-10-11 02:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-10-11 02:22 . 2012-10-11 02:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
    2012-10-11 02:22 . 2012-04-10 14:30 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-10-11 02:22 . 2012-10-11 02:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-10-11 02:22 . 2012-10-11 02:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-10-11 02:22 . 2012-10-11 02:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2012-10-11 02:22 . 2012-10-11 02:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-10-11 02:22 . 2012-10-11 02:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2012-10-09 18:17 . 2012-11-14 09:48 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 18:17 . 2012-11-14 09:48 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-09 17:40 . 2012-11-14 09:48 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-14 09:48 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    2012-10-08 19:11 . 2012-10-08 19:11 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-10-08 12:19 . 2012-11-15 09:41 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-10-08 11:42 . 2012-11-15 09:41 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-10-08 11:31 . 2012-11-15 09:41 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-10-08 11:24 . 2012-11-15 09:41 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-10-08 11:23 . 2012-11-15 09:41 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-10-08 11:22 . 2012-11-15 09:41 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-10-08 11:22 . 2012-11-15 09:41 237056 ----a-w- c:\windows\system32\url.dll
    2012-10-08 11:20 . 2012-11-15 09:41 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-10-08 11:18 . 2012-11-15 09:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-10-08 11:17 . 2012-11-15 09:41 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-10-08 11:17 . 2012-11-15 09:41 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-10-08 11:15 . 2012-11-15 09:41 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-10-08 11:15 . 2012-11-15 09:41 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-10-08 11:13 . 2012-11-15 09:41 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-10-08 11:13 . 2012-11-15 09:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-10-08 11:09 . 2012-11-15 09:41 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-10-08 07:56 . 2012-11-15 09:41 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-10-08 07:48 . 2012-11-15 09:41 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-10-08 07:47 . 2012-11-15 09:41 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-10-08 07:44 . 2012-11-15 09:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-10-08 07:43 . 2012-11-15 09:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-10-08 07:40 . 2012-11-15 09:41 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
    2012-10-03 17:56 . 2012-11-14 09:48 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-10-03 17:44 . 2012-11-14 09:48 70656 ----a-w- c:\windows\system32\nlaapi.dll
    2012-10-03 17:44 . 2012-11-14 09:48 303104 ----a-w- c:\windows\system32\nlasvc.dll
    2012-10-03 17:44 . 2012-11-14 09:48 246272 ----a-w- c:\windows\system32\netcorehc.dll
    2012-10-03 17:44 . 2012-11-14 09:48 18944 ----a-w- c:\windows\system32\netevent.dll
    2012-10-03 17:44 . 2012-11-14 09:48 216576 ----a-w- c:\windows\system32\ncsi.dll
    2012-10-03 17:42 . 2012-11-14 09:48 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-10-03 16:42 . 2012-11-14 09:48 18944 ----a-w- c:\windows\SysWow64\netevent.dll
    2012-10-03 16:42 . 2012-11-14 09:48 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
    2012-10-03 16:42 . 2012-11-14 09:48 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
    2012-10-03 16:07 . 2012-11-14 09:48 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2012-10-02 19:51 . 2012-04-10 14:30 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-10-02 19:51 . 2012-04-10 14:30 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-10-02 19:51 . 2012-04-10 14:30 6200680 ----a-w- c:\windows\system32\nvcpl.dll
    2012-10-02 19:50 . 2012-04-10 14:30 891240 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-10-02 19:50 . 2012-04-10 14:30 63336 ----a-w- c:\windows\system32\nvshext.dll
    2012-10-02 19:50 . 2012-04-10 14:30 118120 ----a-w- c:\windows\system32\nvmctray.dll
    2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-10-02 07:30 . 2012-10-02 07:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
    2012-09-25 22:47 . 2012-11-14 09:48 78336 ----a-w- c:\windows\SysWow64\synceng.dll
    2012-09-25 22:46 . 2012-11-14 09:48 95744 ----a-w- c:\windows\system32\synceng.dll
    2012-09-21 07:46 . 2012-09-21 07:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
    2012-09-21 07:46 . 2012-09-21 07:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-11-08 11:06 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
    @="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
    [HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
    2012-11-06 15:07 220160 ----a-w- c:\program files (x86)\Mega Codec Pack\Filters\Haali\mmdinfo.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-08 997320]
    "ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-26 856160]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
    R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-17 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-08 30568]
    S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [2012-04-16 947328]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632]
    S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-08 711112]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://www.searchamong.com/searchview.php?cat=webs&bar=true&query=
    FF - ExtSQL: 2012-12-09 11:12; [email protected]; c:\users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]
    FF - user.js: extensions.funmoods.hmpg - false
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
    FF - user.js: extensions.funmoods.dfltSrch - false
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - false
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636&q=
    FF - user.js: extensions.funmoods.id - C860006C8C0D8BCB
    FF - user.js: extensions.funmoods.instlDay - 15593
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.221:14
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - axl
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - axl
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    FF - user.js: security.csp.enable - false
    FF - user.js: extensions.autoDisableScopes - 14//Playbryte-fa-ptn
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:e2,7b,5c,c5,b0,8f,35,9c,d2,1d,b6,86,e5,10,4b,c1,75,0d,5c,0a,36,8c,64,
    f1,30,d4,03,5e,f8,d9,1b,9e,e2,ef,25,5d,10,c2,79,09,f2,13,19,c4,d5,97,b5,0b,\
    "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
    .
    [HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\SecuROM\License information*]
    "datasecu"=hex:b1,b0,5a,20,80,a2,91,da,a6,05,8b,36,7a,9b,bb,d8,b3,b3,19,08,ac,
    4b,36,74,87,f1,6c,00,3a,79,5c,4a,49,51,d5,62,79,fd,db,96,f6,9b,fc,c7,6a,e8,\
    "rkeysecu"=hex:56,c6,0d,e0,20,27,f2,5f,5e,7a,0c,15,6c,01,a7,f3
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    .
    **************************************************************************
    .
    Completion time: 2012-12-15 06:46:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-12-15 11:46
    .
    Pre-Run: 891,850,424,320 bytes free
    Post-Run: 891,317,665,792 bytes free
    .
    - - End Of File - - DD8EB751B8074C084A7BF64C8C55837A
     
  10. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hi Defragger,
    You're welcome. :)


    COMBOFIX-Script
    A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

    1. Please open Notepad (Start > Run > type notepad in the Open field > OK) and copy and paste the text present inside the code box below:

      Code:
      DDS::
      uSearch Bar = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
      uSearch Page = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
      uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
      
      Firefox::
      FF - ProfilePath - c:\users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\
      FF - prefs.js: keyword.URL - hxxp://www.searchamong.com/searchview.php?cat=webs&bar=true&query=
      FF - ExtSQL: 2012-12-09 11:12; [email protected]; c:\users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]
      FF - user.js: extensions.funmoods.hmpg - false
      FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
      FF - user.js: extensions.funmoods.dfltSrch - false
      FF - user.js: extensions.funmoods.srchPrvdr - Search
      FF - user.js: extensions.funmoods.dnsErr - true
      FF - user.js: extensions.funmoods_i.newTab - false
      FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
      FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636&q=
      FF - user.js: extensions.funmoods.id - C860006C8C0D8BCB
      FF - user.js: extensions.funmoods.instlDay - 15593
      FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
      FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
      FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.221:14
      FF - user.js: extensions.funmoods.prtnrId - funmoods
      FF - user.js: extensions.funmoods.prdct - funmoods
      FF - user.js: extensions.funmoods.aflt - axl
      FF - user.js: extensions.funmoods_i.smplGrp - none
      FF - user.js: extensions.funmoods.tlbrId - base
      FF - user.js: extensions.funmoods.instlRef - axl
      FF - user.js: extensions.funmoods.dfltLng -
      FF - user.js: extensions.funmoods.excTlbr - false
      FF - user.js: extensions.funmoods.autoRvrt - false
      FF - user.js: extensions.funmoods.envrmnt - production
      FF - user.js: extensions.funmoods.isdcmntcmplt - true
      FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
      FF - user.js: security.csp.enable - false
      FF - user.js: extensions.autoDisableScopes - 14//Playbryte-fa-ptn
      
      RegLock::
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      
      
    2. Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

      [​IMG]
    3. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    4. If you need help to disable your protection programs see here.
    5. Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    6. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    7. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


    aswMBR
    Please download aswMBR and save it to your Desktop.
    1. Right-click aswMBR.exe & choose Run as Administrator to run it.
    2. Click Yes to the prompt to download Avast! virus definitions.
      (Please be patient whilst the virus definitions download)
    3. With the AV scan set to Quick Scan, click the Scan button.
      (Please be patient whilst your computer is scanned.)
    4. After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
    5. Click OK > Exit.
      Note: Do not attempt to fix anything at this stage!
    6. Two files will be created, aswMBR.txt & a file named MBR.dat.
      MBR.dat is a backup of the MBR(master boot record), do not delete it.
    7. Copy & Paste the contents of aswMBR.txt into your next reply.


    Please reply with:
    • New combofix log
    • aswMBR log
     
  11. Defragger

    Defragger Thread Starter

    Joined:
    Dec 12, 2012
    Messages:
    40
    Well Gizzy, the infected machine can no longer connect to the web so I am swapping files to wife's machine with the flashdrive. That happened after the first round of ComboFix and FRST64. When it rebooted, it ran Windows Update and installed some updates and when I rebooted later last night I could no longer connect it.
    I ran ComboFix with the script with no problem but aswMBR could not download the updated virus definitions. And here are the logs.

    ComboFix

    ComboFix 12-12-14.01 - DeFragger 12/16/2012 6:54.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.6610 [GMT -5:00]
    Running from: c:\users\DeFragger\Desktop\ComboFix.exe
    Command switches used :: c:\users\DeFragger\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-16 to 2012-12-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-16 11:56 . 2012-12-16 11:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-12-16 11:56 . 2012-12-16 11:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-12-15 11:54 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-12-15 00:14 . 2012-12-15 00:14 -------- d-----w- C:\FRST
    2012-12-13 22:17 . 2012-12-13 22:17 -------- d-----w- c:\users\DeFragger\AppData\Roaming\ParetoLogic
    2012-12-13 22:17 . 2012-12-13 22:20 -------- d-----w- c:\programdata\ParetoLogic
    2012-12-13 20:51 . 2012-12-15 16:10 -------- d-----w- c:\users\DeFragger\AppData\Local\ElevatedDiagnostics
    2012-12-13 01:31 . 2012-12-13 01:31 -------- d-----w- c:\windows\Sun
    2012-12-10 22:28 . 2012-12-10 22:28 -------- d-----w- c:\users\DeFragger\AppData\Roaming\Malwarebytes
    2012-12-10 22:28 . 2012-12-10 22:28 -------- d-----w- c:\programdata\Malwarebytes
    2012-12-10 21:45 . 2012-12-10 21:45 -------- d-----w- c:\users\DeFragger\AppData\Roaming\SpeedyPC Software
    2012-12-10 21:45 . 2012-12-10 21:45 -------- d-----w- c:\users\DeFragger\AppData\Roaming\DriverCure
    2012-12-10 21:45 . 2012-12-10 22:18 -------- d-----w- c:\programdata\SpeedyPC Software
    2012-12-09 16:12 . 2012-12-10 22:19 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
    2012-12-09 16:11 . 2012-12-09 16:13 -------- d-----w- c:\program files (x86)\AVS Video Converter
    2012-12-09 15:54 . 2012-12-09 16:04 -------- d-----w- c:\program files (x86)\MPC-HC
    2012-12-09 15:52 . 2012-12-09 15:52 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
    2012-12-09 15:52 . 2012-12-13 21:31 -------- d-----w- c:\program files (x86)\Mega Codec Pack
    2012-12-09 15:20 . 2012-12-09 15:20 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-12-09 15:20 . 2012-12-09 15:19 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-12-09 15:20 . 2012-12-09 15:19 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-12-09 15:19 . 2012-12-09 15:19 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-12-09 15:19 . 2012-12-09 15:19 -------- d-----w- c:\program files (x86)\Java
    2012-12-09 15:19 . 2012-12-09 15:19 -------- d-----w- c:\programdata\McAfee
    2012-12-03 23:08 . 2012-12-03 23:08 -------- d-----w- C:\found.000
    2012-11-25 13:59 . 2012-12-10 22:04 -------- d-----w- c:\users\DeFragger\AppData\Roaming\Ventrilo
    2012-11-25 13:59 . 2012-11-25 13:59 -------- d-----w- c:\program files\Ventrilo
    2012-11-25 13:58 . 2012-11-25 13:58 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-11-24 11:34 . 2012-04-16 14:08 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2012-11-24 11:34 . 2001-09-05 09:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2012-11-24 11:34 . 2001-09-05 09:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2012-11-24 11:34 . 2001-09-05 09:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2012-11-24 11:34 . 2001-09-05 09:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2012-11-23 22:36 . 2012-11-23 22:36 -------- d-----w- c:\program files (x86)\Activision
    2012-11-22 12:48 . 2012-11-22 13:25 -------- d-----w- c:\program files (x86)\Google
    2012-11-19 09:40 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-15 15:38 . 2012-04-18 10:02 67413224 ----a-w- c:\windows\system32\MRT.exe
    2012-12-15 11:48 . 2012-04-17 08:47 22368 ----a-w- c:\windows\system32\drivers\AFD.SYS
    2012-12-15 11:48 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
    2012-11-22 12:48 . 2012-04-16 08:17 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-22 12:48 . 2012-04-16 08:17 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-11-08 11:06 . 2012-09-26 19:31 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2012-10-30 00:45 . 2012-10-30 00:45 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
    2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
    2012-10-16 08:38 . 2012-11-28 09:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-28 09:40 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-28 09:40 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
    2012-10-11 02:23 . 2012-10-11 02:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
    2012-10-11 02:23 . 2012-10-11 02:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2012-10-11 02:23 . 2012-10-11 02:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
    2012-10-11 02:23 . 2012-10-11 02:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
    2012-10-11 02:23 . 2012-10-11 02:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
    2012-10-11 02:23 . 2012-10-11 02:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2012-10-11 02:23 . 2012-10-11 02:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-10-11 02:23 . 2012-10-11 02:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2012-10-11 02:23 . 2012-10-11 02:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
    2012-10-11 02:23 . 2012-10-11 02:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
    2012-10-11 02:23 . 2012-04-10 14:30 2731880 ----a-w- c:\windows\system32\nvapi64.dll
    2012-10-11 02:23 . 2012-04-10 14:30 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-10-11 02:23 . 2012-10-11 02:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-10-11 02:23 . 2012-10-11 02:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
    2012-10-11 02:23 . 2012-10-11 02:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2012-10-11 02:23 . 2012-10-11 02:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-10-11 02:23 . 2012-10-11 02:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-10-11 02:22 . 2012-10-11 02:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-10-11 02:22 . 2012-10-11 02:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
    2012-10-11 02:22 . 2012-04-10 14:30 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-10-11 02:22 . 2012-10-11 02:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-10-11 02:22 . 2012-10-11 02:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-10-11 02:22 . 2012-10-11 02:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2012-10-11 02:22 . 2012-10-11 02:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-10-11 02:22 . 2012-10-11 02:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2012-10-09 18:17 . 2012-11-14 09:48 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 18:17 . 2012-11-14 09:48 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-09 17:40 . 2012-11-14 09:48 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-14 09:48 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    2012-10-08 19:11 . 2012-10-08 19:11 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
    2012-10-04 16:40 . 2012-12-15 11:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-10-03 17:56 . 2012-11-14 09:48 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-10-03 17:44 . 2012-11-14 09:48 70656 ----a-w- c:\windows\system32\nlaapi.dll
    2012-10-03 17:44 . 2012-11-14 09:48 303104 ----a-w- c:\windows\system32\nlasvc.dll
    2012-10-03 17:44 . 2012-11-14 09:48 246272 ----a-w- c:\windows\system32\netcorehc.dll
    2012-10-03 17:44 . 2012-11-14 09:48 18944 ----a-w- c:\windows\system32\netevent.dll
    2012-10-03 17:44 . 2012-11-14 09:48 216576 ----a-w- c:\windows\system32\ncsi.dll
    2012-10-03 17:42 . 2012-11-14 09:48 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-10-03 16:42 . 2012-11-14 09:48 18944 ----a-w- c:\windows\SysWow64\netevent.dll
    2012-10-03 16:42 . 2012-11-14 09:48 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
    2012-10-03 16:42 . 2012-11-14 09:48 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
    2012-10-03 16:07 . 2012-11-14 09:48 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2012-10-02 19:51 . 2012-04-10 14:30 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-10-02 19:51 . 2012-04-10 14:30 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-10-02 19:51 . 2012-04-10 14:30 6200680 ----a-w- c:\windows\system32\nvcpl.dll
    2012-10-02 19:50 . 2012-04-10 14:30 891240 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-10-02 19:50 . 2012-04-10 14:30 63336 ----a-w- c:\windows\system32\nvshext.dll
    2012-10-02 19:50 . 2012-04-10 14:30 118120 ----a-w- c:\windows\system32\nvmctray.dll
    2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-10-02 07:30 . 2012-10-02 07:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
    2012-09-25 22:47 . 2012-11-14 09:48 78336 ----a-w- c:\windows\SysWow64\synceng.dll
    2012-09-25 22:46 . 2012-11-14 09:48 95744 ----a-w- c:\windows\system32\synceng.dll
    2012-09-21 07:46 . 2012-09-21 07:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
    2012-09-21 07:46 . 2012-09-21 07:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-11-08 11:06 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
    @="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
    [HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
    2012-11-06 15:07 220160 ----a-w- c:\program files (x86)\Mega Codec Pack\Filters\Haali\mmdinfo.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-17 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-08 30568]
    S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [2012-04-16 947328]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632]
    S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-08 711112]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uSearch Page =
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2012-12-09 11:12; [email protected]; c:\users\DeFragger\AppData\Roaming\Mozilla\Firefox\Profiles\g4gh3r7z.default\extensions\[email protected]
    FF - user.js: extensions.funmoods.hmpg - false
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
    FF - user.js: extensions.funmoods.dfltSrch - false
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - false
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyC0Czz0CtD0Dzz0B0C0BtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1853818636&q=
    FF - user.js: extensions.funmoods.id - C860006C8C0D8BCB
    FF - user.js: extensions.funmoods.instlDay - 15593
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.221:14
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - axl
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - axl
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    FF - user.js: security.csp.enable - false
    FF - user.js: extensions.autoDisableScopes - 14//Playbryte-fa-ptn
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NETFramework]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\1394ohci]
    "ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI]
    "ImagePath"="system32\drivers\ACPI.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AcpiPmi]
    "ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeARMservice]
    "ImagePath"="\"c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adp94xx]
    "ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpahci]
    "ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpu320]
    "ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adsi]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc]
    "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AFD]
    "ImagePath"="\SystemRoot\system32\drivers\afd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\agp440]
    "ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALG]
    "ImagePath"="%SystemRoot%\System32\alg.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aliide]
    "ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdide]
    "ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdK8]
    "ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdPPM]
    "ImagePath"="\SystemRoot\system32\drivers\amdppm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsata]
    "ImagePath"="\SystemRoot\system32\drivers\amdsata.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsbs]
    "ImagePath"="\SystemRoot\system32\drivers\amdsbs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdxata]
    "ImagePath"="system32\drivers\amdxata.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Apowersoft_AudioDevice]
    "ImagePath"="system32\drivers\Apowersoft_AudioDevice.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppID]
    "ImagePath"="\SystemRoot\system32\drivers\appid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc]
    "ServiceDll"="%SystemRoot%\System32\appidsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo]
    "ServiceDll"="%SystemRoot%\System32\appinfo.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt]
    "ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arc]
    "ImagePath"="\SystemRoot\system32\drivers\arc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arcsas]
    "ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\asHmComSvc]
    "ImagePath"="c:\program files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AsIO]
    "ImagePath"="SysWow64\drivers\AsIO.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\asmthub3]
    "ImagePath"="system32\DRIVERS\asmthub3.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\asmtxhci]
    "ImagePath"="system32\DRIVERS\asmtxhci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AsyncMac]
    "ImagePath"="system32\DRIVERS\asyncmac.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\atapi]
    "ImagePath"="system32\drivers\atapi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder]
    "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv]
    "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent]
    "ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver]
    "ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSHA]
    "ImagePath"="system32\DRIVERS\avgidsha.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64]
    "ImagePath"="system32\DRIVERS\avgldx64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgloga]
    "ImagePath"="system32\DRIVERS\avgloga.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64]
    "ImagePath"="system32\DRIVERS\avgmfx64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64]
    "ImagePath"="system32\DRIVERS\avgrkx64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia]
    "ImagePath"="system32\DRIVERS\avgtdia.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgtp]
    "ImagePath"="\??\c:\windows\system32\drivers\avgtpx64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd]
    "ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV]
    "ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b06bdrv]
    "ImagePath"="\SystemRoot\system32\drivers\bxvbda.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b57nd60a]
    "ImagePath"="system32\DRIVERS\b57nd60a.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BattC]
    "MofImagePath"="system32\drivers\battc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC]
    "ServiceDll"="%SystemRoot%\System32\bdesvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Beep]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]
    "ServiceDll"="%SystemRoot%\System32\bfe.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS]
    "ServiceDll"="%systemroot%\system32\qmgr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\blbdrive]
    "ImagePath"="system32\DRIVERS\blbdrive.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bowser]
    "ImagePath"="system32\DRIVERS\bowser.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltLo]
    "ImagePath"="\SystemRoot\system32\drivers\BrFiltLo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltUp]
    "ImagePath"="\SystemRoot\system32\drivers\BrFiltUp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BridgeMP]
    "ImagePath"="system32\DRIVERS\bridge.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser]
    "ServiceDll"="%SystemRoot%\System32\browser.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Brserid]
    "ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrSerWdm]
    "ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbMdm]
    "ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbSer]
    "ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHMODEM]
    "ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHPORT]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv]
    "ServiceDll"="%SystemRoot%\system32\bthserv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\catchme]
    "ImagePath"="\??\c:\combofix\catchme.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdfs]
    "ImagePath"="system32\DRIVERS\cdfs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdrom]
    "ImagePath"="system32\DRIVERS\cdrom.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc]
    "ServiceDll"="%SystemRoot%\System32\certprop.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\circlass]
    "ImagePath"="\SystemRoot\system32\drivers\circlass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLFS]
    "ImagePath"="System32\CLFS.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_32]
    "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_64]
    "ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32]
    "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64]
    "ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmBatt]
    "ImagePath"="\SystemRoot\system32\drivers\CmBatt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdide]
    "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CNG]
    "ImagePath"="System32\Drivers\cng.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Compbatt]
    "ImagePath"="\SystemRoot\system32\drivers\compbatt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CompositeBus]
    "ImagePath"="system32\DRIVERS\CompositeBus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\COMSysApp]
    "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crcdisk]
    "ImagePath"="\SystemRoot\system32\drivers\crcdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc]
    "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cvhsvc]
    "ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DCLocator]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch]
    "ServiceDll"="%SystemRoot%\system32\rpcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\defragsvc]
    "ServiceDll"="%Systemroot%\System32\defragsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DfsC]
    "ImagePath"="System32\Drivers\dfsc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp]
    "ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\discache]
    "ImagePath"="System32\drivers\discache.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk]
    "ImagePath"="system32\drivers\disk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache]
    "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc]
    "ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DPS]
    "ServiceDll"="%SystemRoot%\system32\dps.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\drmkaud]
    "ImagePath"="system32\drivers\drmkaud.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DXGKrnl]
    "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost]
    "ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ebdrv]
    "ImagePath"="\SystemRoot\system32\drivers\evbda.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS]
    "ImagePath"="%SystemRoot%\System32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehRecvr]
    "ImagePath"="%systemroot%\ehome\ehRecvr.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehSched]
    "ImagePath"="%systemroot%\ehome\ehsched.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\elxstor]
    "ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ErrDev]
    "ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ESENT]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog]
    "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem]
    "ServiceDll"="%systemroot%\system32\es.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\exfat]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fastfat]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fax]
    "ImagePath"="%systemroot%\system32\fxssvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdc]
    "ImagePath"="\SystemRoot\system32\drivers\fdc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost]
    "ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub]
    "ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FileInfo]
    "ImagePath"="system32\drivers\fileinfo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Filetrace]
    "ImagePath"="system32\drivers\filetrace.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\flpydisk]
    "ImagePath"="\SystemRoot\system32\drivers\flpydisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr]
    "ImagePath"="system32\drivers\fltmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache]
    "ServiceDll"="%SystemRoot%\system32\FntCache.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache3.0.0.0]
    "ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FsDepends]
    "ImagePath"="System32\drivers\FsDepends.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fssfltr]
    "ImagePath"="system32\DRIVERS\fssfltr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fsssvc]
    "ImagePath"="\"c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fs_Rec]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fvevol]
    "ImagePath"="System32\DRIVERS\fvevol.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gagp30kx]
    "ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc]
    "ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hcw85cir]
    "ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HdAudAddService]
    "ImagePath"="system32\drivers\HdAudio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus]
    "ImagePath"="system32\DRIVERS\HDAudBus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBatt]
    "ImagePath"="\SystemRoot\system32\drivers\HidBatt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBth]
    "ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidIr]
    "ImagePath"="\SystemRoot\system32\drivers\hidir.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv]
    "ServiceDll"="%SystemRoot%\System32\hidserv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidUsb]
    "ImagePath"="system32\DRIVERS\hidusb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc]
    "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener]
    "ServiceDll"="%SystemRoot%\system32\ListSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider]
    "ServiceDll"="%SystemRoot%\system32\provsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HpSAMD]
    "ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HTTP]
    "ImagePath"="system32\drivers\HTTP.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwpolicy]
    "ImagePath"="System32\drivers\hwpolicy.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\i8042prt]
    "ImagePath"="system32\DRIVERS\i8042prt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStor]
    "ImagePath"="system32\DRIVERS\iaStor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IAStorDataMgrSvc]
    "ImagePath"="\"c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStorV]
    "ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iirsp]
    "ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IKEEXT]
    "ServiceDll"="%SystemRoot%\System32\ikeext.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\inetaccs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcAzAudAddService]
    "ImagePath"="system32\drivers\RTKVHD64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Intel(R) Capability Licensing Service Interface]
    "ImagePath"="\"c:\program files\Intel\iCLS Client\HeciServer.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelide]
    "ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm]
    "ImagePath"="system32\DRIVERS\intelppm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum]
    "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IpFilterDriver]
    "ImagePath"="system32\DRIVERS\ipfltdrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc]
    "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPMIDRV]
    "ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPNAT]
    "ImagePath"="System32\drivers\ipnat.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IRENUM]
    "ImagePath"="system32\drivers\irenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\isapnp]
    "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iScsiPrt]
    "ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\jhi_service]
    "ImagePath"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass]
    "ImagePath"="system32\DRIVERS\kbdclass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid]
    "ImagePath"="system32\DRIVERS\kbdhid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecDD]
    "ImagePath"="System32\Drivers\ksecdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecPkg]
    "ImagePath"="System32\Drivers\ksecpkg.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ksthunk]
    "ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm]
    "ServiceDll"="%systemroot%\system32\msdtckrm.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer]
    "ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation]
    "ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ldap]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdio]
    "ImagePath"="system32\DRIVERS\lltdio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc]
    "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts]
    "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Lsa]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_FC]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS2]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_sas2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SCSI]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\luafv]
    "ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MAV Client PerfMon Provider]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc]
    "ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\megasas]
    "ImagePath"="\SystemRoot\system32\drivers\megasas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MegaSR]
    "ImagePath"="\SystemRoot\system32\drivers\MegaSR.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEIx64]
    "ImagePath"="system32\DRIVERS\HECIx64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MMCSS]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Modem]
    "ImagePath"="system32\drivers\modem.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor]
    "ImagePath"="system32\DRIVERS\monitor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouclass]
    "ImagePath"="system32\DRIVERS\mouclass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouhid]
    "ImagePath"="system32\DRIVERS\mouhid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mountmgr]
    "ImagePath"="System32\drivers\mountmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MozillaMaintenance]
    "ImagePath"="c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpio]
    "ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpsdrv]
    "ImagePath"="System32\drivers\mpsdrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
    "ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MRxDAV]
    "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb]
    "ImagePath"="system32\DRIVERS\mrxsmb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb10]
    "ImagePath"="system32\DRIVERS\mrxsmb10.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb20]
    "ImagePath"="system32\DRIVERS\mrxsmb20.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msahci]
    "ImagePath"="system32\drivers\msahci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msdsm]
    "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC]
    "ImagePath"="%SystemRoot%\System32\msdtc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Msfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mshidkmdf]
    "ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msisadrv]
    "ImagePath"="system32\drivers\msisadrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI]
    "ServiceDll"="%systemroot%\system32\iscsiexe.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msiserver]
    "ImagePath"="%systemroot%\system32\msiexec.exe /V"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSKSSRV]
    "ImagePath"="system32\drivers\MSKSSRV.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPCLOCK]
    "ImagePath"="system32\drivers\MSPCLOCK.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPQM]
    "ImagePath"="system32\drivers\MSPQM.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsRPC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios]
    "ImagePath"="system32\DRIVERS\mssmbios.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSTEE]
    "ImagePath"="system32\drivers\MSTEE.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTConfig]
    "ImagePath"="\SystemRoot\system32\drivers\MTConfig.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mup]
    "ImagePath"="System32\Drivers\mup.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent]
    "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NativeWifiP]
    "ImagePath"="system32\DRIVERS\nwifi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS]
    "ImagePath"="system32\drivers\ndis.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisCap]
    "ImagePath"="system32\DRIVERS\ndiscap.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisTapi]
    "ImagePath"="system32\DRIVERS\ndistapi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ndisuio]
    "ImagePath"="system32\DRIVERS\ndisuio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisWan]
    "ImagePath"="system32\DRIVERS\ndiswan.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDProxy]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS]
    "ImagePath"="system32\DRIVERS\netbios.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT]
    "ImagePath"="System32\DRIVERS\netbt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netman]
    "ServiceDll"="%SystemRoot%\System32\netman.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\netprofm]
    "ServiceDll"="%SystemRoot%\System32\netprofm.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nfrd960]
    "ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc]
    "ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Npfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsi]
    "ServiceDll"="%systemroot%\system32\nsisvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsiproxy]
    "ImagePath"="system32\drivers\nsiproxy.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTDS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ntfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Null]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NVHDA]
    "ImagePath"="system32\drivers\nvhda64v.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvlddmkm]
    "ImagePath"="system32\DRIVERS\nvlddmkm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvraid]
    "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvstor]
    "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvsvc]
    "ImagePath"="c:\windows\system32\nvvsvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvUpdatusService]
    "ImagePath"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nv_agp]
    "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ohci1394]
    "ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ose]
    "ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\osppsvc]
    "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc]
    "ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Parport]
    "ImagePath"="\SystemRoot\system32\drivers\parport.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr]
    "ImagePath"="System32\drivers\partmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PcaSvc]
    "ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pci]
    "ImagePath"="system32\drivers\pci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pciide]
    "ImagePath"="\SystemRoot\system32\drivers\pciide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcmcia]
    "ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcw]
    "ImagePath"="System32\drivers\pcw.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PEAUTH]
    "ImagePath"="system32\drivers\peauth.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfDisk]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfHost]
    "ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfNet]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfOS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfProc]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla]
    "ServiceDll"="%systemroot%\system32\pla.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PlugPlay]
    "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg]
    "ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc]
    "ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent]
    "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PortProxy]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Power]
    "ServiceDll"="%SystemRoot%\system32\umpo.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PptpMiniport]
    "ImagePath"="system32\DRIVERS\raspptp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Processor]
    "ImagePath"="\SystemRoot\system32\drivers\processr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProfSvc]
    "ServiceDll"="%systemroot%\system32\profsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Psched]
    "ImagePath"="system32\DRIVERS\pacer.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql2300]
    "ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql40xx]
    "ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE]
    "ServiceDll"="%windir%\system32\qwave.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVEdrv]
    "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAcd]
    "ImagePath"="System32\DRIVERS\rasacd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAgileVpn]
    "ImagePath"="system32\DRIVERS\AgileVpn.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto]
    "ServiceDll"="%SystemRoot%\System32\rasauto.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rasl2tp]
    "ImagePath"="system32\DRIVERS\rasl2tp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan]
    "ServiceDll"="%SystemRoot%\System32\rasmans.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasPppoe]
    "ImagePath"="system32\DRIVERS\raspppoe.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasSstp]
    "ImagePath"="system32\DRIVERS\rassstp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdbss]
    "ImagePath"="system32\DRIVERS\rdbss.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdpbus]
    "ImagePath"="\SystemRoot\system32\drivers\rdpbus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPCDD]
    "ImagePath"="System32\DRIVERS\RDPCDD.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPDD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPENCDD]
    "ImagePath"="system32\drivers\rdpencdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPNP]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPREFMP]
    "ImagePath"="system32\drivers\rdprefmp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPUDD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RdpVideoMiniport]
    "ImagePath"="System32\drivers\rdpvideominiport.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPWD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdyboost]
    "ImagePath"="System32\drivers\rdyboost.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess]
    "ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry]
    "ServiceDll"="%SystemRoot%\system32\regsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper]
    "ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcLocator]
    "ImagePath"="%SystemRoot%\system32\locator.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs]
    "ServiceDll"="%SystemRoot%\system32\rpcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspndr]
    "ImagePath"="system32\DRIVERS\rspndr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RTL8167]
    "ImagePath"="system32\DRIVERS\Rt64win7.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SamSs]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sbp2port]
    "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr]
    "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\scfilter]
    "ImagePath"="System32\DRIVERS\scfilter.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Schedule]
    "ServiceDll"="%systemroot%\system32\schedsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc]
    "ServiceDll"="%SystemRoot%\System32\certprop.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDRSVC]
    "ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\secdrv]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon]
    "ServiceDll"="%windir%\system32\seclogon.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SENS]
    "ServiceDll"="%SystemRoot%\system32\sens.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc]
    "ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serenum]
    "ImagePath"="\SystemRoot\system32\drivers\serenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serial]
    "ImagePath"="\SystemRoot\system32\drivers\serial.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sermouse]
    "ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv]
    "ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffdisk]
    "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_mmc]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_sd]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sfloppy]
    "ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftfs]
    "ImagePath"="system32\DRIVERS\Sftfslh.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sftlist]
    "ImagePath"="\"c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftplay]
    "ImagePath"="system32\DRIVERS\Sftplaylh.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftredir]
    "ImagePath"="system32\DRIVERS\Sftredirlh.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftvol]
    "ImagePath"="system32\DRIVERS\Sftvollh.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sftvsa]
    "ImagePath"="\"c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess]
    "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellHWDetection]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid2]
    "ImagePath"="\SystemRoot\system32\drivers\SiSRaid2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid4]
    "ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb]
    "ImagePath"="system32\DRIVERS\smb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP]
    "ImagePath"="%SystemRoot%\System32\snmptrap.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\spldr]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler]
    "ImagePath"="%SystemRoot%\System32\spoolsv.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc]
    "ImagePath"="%SystemRoot%\system32\sppsvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify]
    "ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv]
    "ImagePath"="System32\DRIVERS\srv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv2]
    "ImagePath"="System32\DRIVERS\srv2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srvnet]
    "ImagePath"="System32\DRIVERS\srvnet.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
    "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc]
    "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Steam Client Service]
    "ImagePath"="c:\program files (x86)\Common Files\Steam\SteamService.exe /RunAsService"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Stereo Service]
    "ImagePath"="c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stexstor]
    "ImagePath"="\SystemRoot\system32\drivers\stexstor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc]
    "ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swenum]
    "ImagePath"="system32\DRIVERS\swenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv]
    "ServiceDll"="%Systemroot%\System32\swprv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain]
    "ServiceDll"="%systemroot%\system32\sysmain.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService]
    "ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv]
    "ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS]
    "ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip]
    "ImagePath"="System32\drivers\tcpip.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6]
    "ImagePath"="system32\DRIVERS\tcpip.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6TUNNEL]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tcpipreg]
    "ImagePath"="System32\drivers\tcpipreg.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIPTUNNEL]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDPIPE]
    "ImagePath"="system32\drivers\tdpipe.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDTCP]
    "ImagePath"="system32\drivers\tdtcp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tdx]
    "ImagePath"="system32\DRIVERS\tdx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermDD]
    "ImagePath"="system32\DRIVERS\termdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService]
    "ServiceDll"="%SystemRoot%\System32\termsrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Themes]
    "ServiceDll"="%SystemRoot%\system32\themeservice.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TomTomHOMEService]
    "ImagePath"="\"c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrkWks]
    "ServiceDll"="%SystemRoot%\System32\trkwks.dll"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller]
    "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TSDDD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tssecsrv]
    "ImagePath"="System32\DRIVERS\tssecsrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TsUsbFlt]
    "ImagePath"="system32\drivers\tsusbflt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TsUsbGD]
    "ImagePath"="\SystemRoot\system32\drivers\TsUsbGD.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tunnel]
    "ImagePath"="system32\DRIVERS\tunnel.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uagp35]
    "ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\udfs]
    "ImagePath"="system32\DRIVERS\udfs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGatherer]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect]
    "ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uliagpkx]
    "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\umbus]
    "ImagePath"="system32\DRIVERS\umbus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmPass]
    "ImagePath"="\SystemRoot\system32\drivers\umpass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost]
    "ServiceDll"="%SystemRoot%\System32\upnphost.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbccgp]
    "ImagePath"="system32\DRIVERS\usbccgp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbcir]
    "ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbehci]
    "ImagePath"="system32\DRIVERS\usbehci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbhub]
    "ImagePath"="system32\DRIVERS\usbhub.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbohci]
    "ImagePath"="\SystemRoot\system32\drivers\usbohci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbprint]
    "ImagePath"="\SystemRoot\system32\drivers\usbprint.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBSTOR]
    "ImagePath"="system32\DRIVERS\USBSTOR.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbuhci]
    "ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms]
    "ServiceDll"="%SystemRoot%\System32\uxsms.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrvroot]
    "ImagePath"="system32\drivers\vdrvroot.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds]
    "ImagePath"="%SystemRoot%\System32\vds.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga]
    "ImagePath"="system32\DRIVERS\vgapnp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VgaSave]
    "ImagePath"="\SystemRoot\System32\drivers\vga.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vhdmp]
    "ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\viaide]
    "ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgr]
    "ImagePath"="system32\drivers\volmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgrx]
    "ImagePath"="System32\drivers\volmgrx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volsnap]
    "ImagePath"="system32\drivers\volsnap.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vsmraid]
    "ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS]
    "ImagePath"="%systemroot%\system32\vssvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
    "ImagePath"="c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]
    "ImagePath"="\SystemRoot\System32\drivers\vwifibus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]
    "ServiceDll"="%systemroot%\system32\w32time.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]
    "ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]
    "ImagePath"="system32\DRIVERS\wanarp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]
    "ImagePath"="system32\DRIVERS\wanarp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc]
    "ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]
    "ImagePath"="\"%systemroot%\system32\wbengine.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]
    "ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]
    "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]
    "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]
    "ImagePath"="\SystemRoot\system32\drivers\wd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]
    "ImagePath"="system32\drivers\Wdf01000.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]
    "ServiceDll"="%SystemRoot%\System32\webclnt.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]
    "ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]
    "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]
    "ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]
    "ImagePath"="system32\DRIVERS\wfplwf.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]
    "ImagePath"="system32\drivers\wimmount.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]
    "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]
    "ServiceDll"="winhttp.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]
    "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]
    "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinUsb]
    "ImagePath"="system32\DRIVERS\WinUsb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]
    "ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlcrasvc]
    "ImagePath"="\"c:\program files\Windows Live\Mesh\wlcrasvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlidsvc]
    "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]
    "ImagePath"="system32\DRIVERS\wmiacpi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]
    "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]
    "ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]
    "ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]
    "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ws2ifsl]
    "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]
    "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]
    "ServiceDll"="%systemroot%\system32\wuaueng.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]
    "ImagePath"="system32\drivers\WudfPf.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]
    "ImagePath"="system32\DRIVERS\WUDFRd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]
    "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]
    "ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{F1B89120-180F-4C2A-A43A-1B5E91D75DC6}]
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:e2,7b,5c,c5,b0,8f,35,9c,d2,1d,b6,86,e5,10,4b,c1,75,0d,5c,0a,36,8c,64,
    f1,30,d4,03,5e,f8,d9,1b,9e,e2,ef,25,5d,10,c2,79,09,f2,13,19,c4,d5,97,b5,0b,\
    "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
    .
    [HKEY_USERS\S-1-5-21-175869551-1456407368-2275875465-1001\Software\SecuROM\License information*]
    "datasecu"=hex:b1,b0,5a,20,80,a2,91,da,a6,05,8b,36,7a,9b,bb,d8,b3,b3,19,08,ac,
    4b,36,74,87,f1,6c,00,3a,79,5c,4a,49,51,d5,62,79,fd,db,96,f6,9b,fc,c7,6a,e8,\
    "rkeysecu"=hex:56,c6,0d,e0,20,27,f2,5f,5e,7a,0c,15,6c,01,a7,f3
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-12-16 07:03:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-12-16 12:03
    .
    Pre-Run: 891,568,533,504 bytes free
    Post-Run: 891,193,782,272 bytes free
    .
    - - End Of File - - A258223468D72CDAE79CDDC4F60F1C8B


    aswMBR

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-16 07:53:39
    -----------------------------
    07:53:39.468 OS Version: Windows x64 6.1.7601 Service Pack 1
    07:53:39.468 Number of processors: 4 586 0x2A07
    07:53:39.468 ComputerName: KIMS_BEAST UserName: DeFragger
    07:54:01.203 Initialize success
    07:54:17.968 AVAST engine download error: 0
    07:56:09.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    07:56:09.609 Disk 0 Vendor: ST1000DM CC4C Size: 953869MB BusType: 3
    07:56:09.609 Disk 0 MBR read successfully
    07:56:09.625 Disk 0 MBR scan
    07:56:09.625 Disk 0 Windows 7 default MBR code
    07:56:09.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 63
    07:56:09.875 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953766 MB offset 211680
    07:56:09.921 Disk 0 scanning C:\Windows\system32\drivers
    07:56:28.359 Service scanning
    07:57:13.125 Modules scanning
    07:57:13.140 Disk 0 trace - called modules:
    07:57:13.171 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    07:57:13.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009a2a060]
    07:57:13.171 3 CLASSPNP.SYS[fffff88001dbe43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007143050]
    07:57:13.187 Scan finished successfully
    07:58:08.750 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
    07:58:08.765 The log file has been saved successfully to "E:\aswMBR.txt"
     
  12. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hi Defragger,
    Internet connection problems are often encountered when removing Zero Access.
    Please run FRST again like the first time to get a new log leaving out the search portion, Instructions below if needed.

    FRST
    1. Plug the USB drive into the infected machine.
    Boot your computer into Recovery Environment

    1. Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
    2. Select Repair your computer.
    3. Select Language and click Next
    4. Enter password (if necessary) and click OK
    5. Select the Command Prompt option.
    6. A command window will open.
      • Type notepad then hit Enter.
      • Notepad will open.
        • Click File > Open then select Computer.
        • Note down the drive letter for your USB Drive.
        • Close Notepad.
    7. Back in the command window ....
      • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
      • FRST will start to run.
        • When the tool opens click Yes to disclaimer.
        • Press Scan button.
        • When finished scanning it will make a log FRST.txt on the flash drive.
    8. Close the command window.
    9. Boot back into normal mode and post me the FRST.txt log please.


    Farbar Service Scanner[
    Please download Farbar Service Scanner and run it on the computer with the issue. (Right-click and Run as administrator)
    1. Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    2. Press "Scan".
    3. It will create a log (FSS.txt) in the same directory the tool is run.
    4. Please copy and paste the log to your reply.


    MiniToolBox
    Please download MiniToolBox, save it to your desktop and run it. (Right-click and Run as administrator)

    Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Devices
    • List Users, Partitions and Memory size.
    Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


    Please reply with:
    • New FRST log
    • Farbar Service Scanner log
    • MiniToolBox log
     
  13. Defragger

    Defragger Thread Starter

    Joined:
    Dec 12, 2012
    Messages:
    40
    Okay Gizzy, here are the log files requested. I hope I am doing all this correctly, if not, please admonish me. Thank you.

    FRST log

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012 (ATTENTION: FRST version is 6 days old)
    Ran by SYSTEM at 17-12-2012 04:49:12
    Running from F:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7560296 2011-12-12] (Realtek Semiconductor)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
    HKLM-x32\...\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [856160 2012-09-26] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

    ==================== Services (Whitelisted) ===================

    2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [947328 2012-04-16] (ASUSTeK Computer Inc.)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
    2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
    2 TomTomHOMEService; "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [92632 2012-08-28] (TomTom)
    2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()

    ==================== Drivers (Whitelisted) =====================

    3 Apowersoft_AudioDevice; C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)
    1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2012-04-16] ()
    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
    0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
    3 catchme; \??\C:\ComboFix\catchme.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-12-16 05:24 - 2012-12-16 05:24 - 00003288 ____N C:\bootsqm.dat
    2012-12-16 04:03 - 2012-12-16 04:03 - 00073094 ____A C:\ComboFix.txt
    2012-12-16 03:54 - 2012-12-16 04:04 - 00000000 ____D C:\ComboFix
    2012-12-16 03:49 - 2012-12-16 03:32 - 04732416 ____A (AVAST Software) C:\Users\DeFragger\Desktop\aswMBR.exe
    2012-12-15 07:37 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-12-15 07:37 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-12-15 07:37 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-12-15 07:37 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-12-15 07:37 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-12-15 07:37 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-12-15 07:37 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-12-15 07:37 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-12-15 07:37 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-12-15 07:37 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-12-15 07:37 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-12-15 07:37 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-12-15 07:37 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-12-15 07:37 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-12-15 07:37 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-12-15 07:37 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-12-15 07:37 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-12-15 07:37 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-12-15 07:37 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-12-15 07:37 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-12-15 07:37 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-12-15 07:37 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-12-15 07:37 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-12-15 07:37 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-12-15 07:37 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-12-15 07:37 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-12-15 07:37 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-12-15 07:37 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-12-15 07:37 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-12-15 07:37 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-12-15 07:37 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-12-15 07:37 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-12-15 03:54 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-12-15 03:54 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-12-15 03:54 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-12-15 03:54 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
    2012-12-15 03:54 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
    2012-12-15 03:54 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-12-15 03:54 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-12-15 03:54 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-12-15 03:54 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-12-15 03:54 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-12-15 03:54 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-12-15 03:54 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-12-15 03:54 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-12-15 03:54 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-12-15 03:54 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-12-15 03:54 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-12-15 03:54 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-12-15 03:54 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-12-15 03:54 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-12-15 03:54 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-12-15 03:39 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-12-15 03:39 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-12-15 03:39 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-12-15 03:39 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-12-15 03:39 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-12-15 03:39 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-12-15 03:39 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-12-15 03:39 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-12-15 03:38 - 2012-12-16 04:03 - 00000000 ____D C:\Qoobox
    2012-12-15 03:38 - 2012-12-15 03:45 - 00000000 ____D C:\Windows\erdnt
    2012-12-15 03:23 - 2012-12-15 03:23 - 05010912 ____R (Swearware) C:\Users\DeFragger\Desktop\ComboFix.exe
    2012-12-14 16:14 - 2012-12-14 16:14 - 00000000 ____D C:\FRST
    2012-12-14 12:52 - 2012-12-14 12:52 - 01461033 ____A (Farbar) C:\Users\DeFragger\Desktop\FRST64.exe
    2012-12-13 14:17 - 2012-12-13 14:20 - 00000000 ____D C:\Users\All Users\ParetoLogic
    2012-12-13 14:17 - 2012-12-13 14:17 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\ParetoLogic
    2012-12-12 18:00 - 2012-12-17 01:38 - 00369795 ____A C:\Windows\WindowsUpdate.log
    2012-12-12 17:31 - 2012-12-12 17:31 - 00000000 ____D C:\Windows\Sun
    2012-12-12 17:14 - 2012-12-12 17:14 - 00509440 ____A (Tech Support Guy System) C:\Users\DeFragger\Desktop\SysInfo.exe
    2012-12-12 17:04 - 2012-12-12 17:04 - 00688992 ____R (Swearware) C:\Users\DeFragger\Desktop\dds.scr
    2012-12-12 17:04 - 2012-12-12 17:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\DeFragger\Desktop\HijackThis.exe
    2012-12-10 15:06 - 2012-12-16 03:57 - 00008436 ____A C:\Windows\PFRO.log
    2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Malwarebytes
    2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-12-10 14:16 - 2012-12-17 01:36 - 00002418 ____A C:\Windows\setupact.log
    2012-12-10 14:16 - 2012-12-10 14:16 - 00000000 ____A C:\Windows\setuperr.log
    2012-12-10 14:10 - 2012-12-10 14:10 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\DeFragger\Downloads\mb.exe
    2012-12-10 13:45 - 2012-12-10 14:18 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
    2012-12-10 13:45 - 2012-12-10 13:45 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\SpeedyPC Software
    2012-12-10 13:45 - 2012-12-10 13:45 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\DriverCure
    2012-12-09 08:34 - 2012-12-09 08:34 - 00821248 ____A C:\Users\DeFragger\Downloads\FreeISOBurner.exe
    2012-12-09 08:12 - 2012-12-10 14:19 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2012-12-09 08:11 - 2012-12-09 08:13 - 00000000 ____D C:\Program Files (x86)\AVS Video Converter
    2012-12-09 07:54 - 2012-12-09 08:04 - 00000000 ____D C:\Program Files (x86)\MPC-HC
    2012-12-09 07:52 - 2012-12-13 13:31 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-12-09 07:20 - 2012-12-09 07:20 - 00000000 ____D C:\Users\All Users\Sun
    2012-12-09 07:20 - 2012-12-09 07:19 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-12-09 07:20 - 2012-12-09 07:19 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-12-09 07:20 - 2012-12-09 07:19 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-12-09 07:19 - 2012-12-09 07:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-12-09 07:19 - 2012-12-09 07:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-12-09 07:19 - 2012-12-09 07:19 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-12-09 07:19 - 2012-12-09 07:19 - 00000000 ____D C:\Users\All Users\McAfee
    2012-12-09 07:19 - 2012-12-09 07:19 - 00000000 ____D C:\Program Files (x86)\Java
    2012-12-08 06:23 - 2012-12-08 07:12 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink Floyd - full discography
    2012-12-08 06:18 - 2012-12-08 06:18 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink Floyd Meddle [Original Recording Remastered] 320 Kbps
    2012-12-08 06:17 - 2012-12-08 06:17 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink_Floyd_Greatest_Hits.www.lokotorrents.com
    2012-12-06 12:57 - 2012-12-11 12:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-12-05 18:07 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-12-05 18:07 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-12-05 18:07 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-12-05 18:07 - 2012-08-24 10:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-12-05 18:07 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
    2012-12-05 18:07 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-12-05 18:07 - 2012-08-24 08:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-12-05 18:07 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-12-05 18:07 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-12-05 18:07 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
    2012-12-05 18:07 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
    2012-12-05 18:07 - 2012-08-23 06:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
    2012-12-05 18:07 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
    2012-12-05 18:07 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2012-12-05 18:07 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2012-12-05 18:07 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
    2012-12-05 18:07 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
    2012-12-05 18:07 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
    2012-12-05 18:07 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
    2012-12-05 18:07 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2012-12-05 18:07 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
    2012-12-05 18:07 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
    2012-12-05 18:07 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
    2012-12-05 18:07 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
    2012-12-05 18:07 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2012-12-05 18:07 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
    2012-12-05 18:07 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2012-12-05 18:07 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
    2012-12-05 18:07 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
    2012-12-05 18:07 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2012-12-05 18:07 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
    2012-12-05 18:07 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-12-05 18:07 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2012-12-05 18:07 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2012-12-03 15:08 - 2012-12-03 15:08 - 00000000 ____D C:\found.000
    2012-11-25 05:59 - 2012-12-10 14:04 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Ventrilo
    2012-11-25 05:59 - 2012-11-25 05:59 - 00000920 ____A C:\Users\DeFragger\Desktop\Ventrilo.lnk
    2012-11-25 05:59 - 2012-11-25 05:59 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    2012-11-25 05:59 - 2012-11-25 05:59 - 00000000 ____D C:\Program Files\Ventrilo
    2012-11-25 05:58 - 2012-11-25 05:58 - 00000000 ____D C:\Users\DeFragger\Downloads\Ventrilo
    2012-11-24 03:30 - 2012-11-24 03:31 - 00000000 ____D C:\Users\DeFragger\Downloads\COD Patch
    2012-11-24 03:26 - 2012-11-24 03:28 - 00000000 ____D C:\Users\DeFragger\Downloads\Kindle Books and Software update
    2012-11-24 03:22 - 2012-11-24 03:25 - 00000000 ____D C:\Users\DeFragger\Downloads\Red Alert
    2012-11-23 14:47 - 2012-11-23 14:47 - 00001882 ____A C:\Users\Public\Desktop\Call of Duty(R) 2 Single Player.lnk
    2012-11-23 14:47 - 2012-11-23 14:47 - 00001882 ____A C:\Users\Public\Desktop\Call of Duty(R) 2 Multiplayer.lnk
    2012-11-23 14:47 - 2012-11-23 14:47 - 00000293 ____A C:\Windows\game.ini
    2012-11-23 14:36 - 2012-11-23 14:36 - 00000000 ____D C:\Program Files (x86)\Activision
    2012-11-22 04:48 - 2012-11-22 05:25 - 00000000 ____D C:\Program Files (x86)\Google
    2012-11-19 01:40 - 2012-10-02 11:50 - 02557800 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll

    ==================== One Month Modified Files and Folders =======

    2012-12-17 01:43 - 2009-07-13 21:13 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-12-17 01:43 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-12-17 01:43 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-12-17 01:39 - 2012-04-16 00:50 - 00000000 ____D C:\Users\All Users\MFAData
    2012-12-17 01:38 - 2012-12-12 18:00 - 00369795 ____A C:\Windows\WindowsUpdate.log
    2012-12-17 01:36 - 2012-12-10 14:16 - 00002418 ____A C:\Windows\setupact.log
    2012-12-17 01:36 - 2012-04-10 06:30 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-12-17 01:36 - 2009-07-13 21:08 - 00032544 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-12-17 01:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-12-16 05:24 - 2012-12-16 05:24 - 00003288 ____N C:\bootsqm.dat
    2012-12-16 04:43 - 2012-04-17 00:47 - 00022368 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\AFD.SYS
    2012-12-16 04:43 - 2009-07-13 16:10 - 00022368 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\WS2IFSL.SYS
    2012-12-16 04:04 - 2012-12-16 03:54 - 00000000 ____D C:\ComboFix
    2012-12-16 04:03 - 2012-12-16 04:03 - 00073094 ____A C:\ComboFix.txt
    2012-12-16 04:03 - 2012-12-15 03:38 - 00000000 ____D C:\Qoobox
    2012-12-16 04:03 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2012-12-16 03:59 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-12-16 03:57 - 2012-12-10 15:06 - 00008436 ____A C:\Windows\PFRO.log
    2012-12-16 03:32 - 2012-12-16 03:49 - 04732416 ____A (AVAST Software) C:\Users\DeFragger\Desktop\aswMBR.exe
    2012-12-15 08:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-12-15 07:58 - 2009-07-13 20:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-12-15 07:38 - 2012-04-18 02:02 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-12-15 03:45 - 2012-12-15 03:38 - 00000000 ____D C:\Windows\erdnt
    2012-12-15 03:23 - 2012-12-15 03:23 - 05010912 ____R (Swearware) C:\Users\DeFragger\Desktop\ComboFix.exe
    2012-12-14 16:14 - 2012-12-14 16:14 - 00000000 ____D C:\FRST
    2012-12-14 14:10 - 2012-04-04 05:40 - 00028644 ____A C:\Windows\Ascd_tmp.ini
    2012-12-14 14:10 - 2012-04-04 05:40 - 00001769 ____A C:\Windows\Language_trs.ini
    2012-12-14 12:52 - 2012-12-14 12:52 - 01461033 ____A (Farbar) C:\Users\DeFragger\Desktop\FRST64.exe
    2012-12-13 14:31 - 2012-05-02 15:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2012-12-13 14:20 - 2012-12-13 14:17 - 00000000 ____D C:\Users\All Users\ParetoLogic
    2012-12-13 14:17 - 2012-12-13 14:17 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\ParetoLogic
    2012-12-13 13:31 - 2012-12-09 07:52 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-12-12 17:31 - 2012-12-12 17:31 - 00000000 ____D C:\Windows\Sun
    2012-12-12 17:14 - 2012-12-12 17:14 - 00509440 ____A (Tech Support Guy System) C:\Users\DeFragger\Desktop\SysInfo.exe
    2012-12-12 17:04 - 2012-12-12 17:04 - 00688992 ____R (Swearware) C:\Users\DeFragger\Desktop\dds.scr
    2012-12-12 17:04 - 2012-12-12 17:04 - 00388608 ____A (Trend Micro Inc.) C:\Users\DeFragger\Desktop\HijackThis.exe
    2012-12-11 12:26 - 2012-04-18 15:23 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Winamp
    2012-12-11 12:18 - 2012-12-06 12:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-12-11 12:18 - 2012-09-09 21:23 - 00000000 ____D C:\Users\All Users\WinZip
    2012-12-11 12:17 - 2012-06-21 06:23 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\uTorrent
    2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Malwarebytes
    2012-12-10 14:28 - 2012-12-10 14:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-12-10 14:22 - 2012-09-26 11:31 - 00000000 ____D C:\Users\All Users\AVG2013
    2012-12-10 14:19 - 2012-12-09 08:12 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2012-12-10 14:18 - 2012-12-10 13:45 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
    2012-12-10 14:16 - 2012-12-10 14:16 - 00000000 ____A C:\Windows\setuperr.log
    2012-12-10 14:10 - 2012-12-10 14:10 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\DeFragger\Downloads\mb.exe
    2012-12-10 14:04 - 2012-11-25 05:59 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\Ventrilo
    2012-12-10 14:04 - 2012-08-26 04:11 - 00000000 ____D C:\Windows\Minidump
    2012-12-10 14:04 - 2012-04-19 12:49 - 00000000 ____D C:\Program Files (x86)\Steam
    2012-12-10 14:04 - 2012-04-18 11:29 - 00000000 ___DC C:\Users\DeFragger\AppData\Local\MigWiz
    2012-12-10 14:04 - 2011-11-21 17:24 - 00000000 ____D C:\Windows\panther
    2012-12-10 13:45 - 2012-12-10 13:45 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\SpeedyPC Software
    2012-12-10 13:45 - 2012-12-10 13:45 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\DriverCure
    2012-12-09 08:34 - 2012-12-09 08:34 - 00821248 ____A C:\Users\DeFragger\Downloads\FreeISOBurner.exe
    2012-12-09 08:13 - 2012-12-09 08:11 - 00000000 ____D C:\Program Files (x86)\AVS Video Converter
    2012-12-09 08:04 - 2012-12-09 07:54 - 00000000 ____D C:\Program Files (x86)\MPC-HC
    2012-12-09 07:59 - 2012-09-09 20:49 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\vlc
    2012-12-09 07:20 - 2012-12-09 07:20 - 00000000 ____D C:\Users\All Users\Sun
    2012-12-09 07:19 - 2012-12-09 07:20 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-12-09 07:19 - 2012-12-09 07:20 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-12-09 07:19 - 2012-12-09 07:20 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-12-09 07:19 - 2012-12-09 07:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-12-09 07:19 - 2012-12-09 07:19 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-12-09 07:19 - 2012-12-09 07:19 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-12-09 07:19 - 2012-12-09 07:19 - 00000000 ____D C:\Users\All Users\McAfee
    2012-12-09 07:19 - 2012-12-09 07:19 - 00000000 ____D C:\Program Files (x86)\Java
    2012-12-08 07:45 - 2012-02-09 17:25 - 00000000 ____D C:\My MP3's
    2012-12-08 07:12 - 2012-12-08 06:23 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink Floyd - full discography
    2012-12-08 06:18 - 2012-12-08 06:18 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink Floyd Meddle [Original Recording Remastered] 320 Kbps
    2012-12-08 06:17 - 2012-12-08 06:17 - 00000000 ____D C:\Users\DeFragger\Downloads\Pink_Floyd_Greatest_Hits.www.lokotorrents.com
    2012-12-07 01:34 - 2012-05-08 00:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-12-06 14:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-12-05 18:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2012-12-05 17:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
    2012-12-03 15:08 - 2012-12-03 15:08 - 00000000 ____D C:\found.000
    2012-11-25 05:59 - 2012-11-25 05:59 - 00000920 ____A C:\Users\DeFragger\Desktop\Ventrilo.lnk
    2012-11-25 05:59 - 2012-11-25 05:59 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    2012-11-25 05:59 - 2012-11-25 05:59 - 00000000 ____D C:\Program Files\Ventrilo
    2012-11-25 05:58 - 2012-11-25 05:58 - 00000000 ____D C:\Users\DeFragger\Downloads\Ventrilo
    2012-11-24 03:31 - 2012-11-24 03:30 - 00000000 ____D C:\Users\DeFragger\Downloads\COD Patch
    2012-11-24 03:28 - 2012-11-24 03:26 - 00000000 ____D C:\Users\DeFragger\Downloads\Kindle Books and Software update
    2012-11-24 03:25 - 2012-11-24 03:22 - 00000000 ____D C:\Users\DeFragger\Downloads\Red Alert
    2012-11-23 15:00 - 2012-04-04 05:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-11-23 14:47 - 2012-11-23 14:47 - 00001882 ____A C:\Users\Public\Desktop\Call of Duty(R) 2 Single Player.lnk
    2012-11-23 14:47 - 2012-11-23 14:47 - 00001882 ____A C:\Users\Public\Desktop\Call of Duty(R) 2 Multiplayer.lnk
    2012-11-23 14:47 - 2012-11-23 14:47 - 00000293 ____A C:\Windows\game.ini
    2012-11-23 14:36 - 2012-11-23 14:36 - 00000000 ____D C:\Program Files (x86)\Activision
    2012-11-23 04:43 - 2012-04-15 23:46 - 00000000 ____D C:\Users\DeFragger\AppData\Local\VirtualStore
    2012-11-22 06:43 - 2012-05-18 11:50 - 00000000 ____D C:\Program Files (x86)\Diablo III
    2012-11-22 05:25 - 2012-11-22 04:48 - 00000000 ____D C:\Program Files (x86)\Google
    2012-11-22 05:25 - 2012-04-18 11:09 - 00000000 ____D C:\Users\DeFragger\AppData\Roaming\SoftGrid Client
    2012-11-22 04:48 - 2012-09-09 20:34 - 00000000 ____D C:\Users\DeFragger\AppData\Local\Google
    2012-11-22 04:48 - 2012-05-08 16:17 - 00000000 ____D C:\Users\All Users\Adobe
    2012-11-22 04:48 - 2012-04-16 00:17 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-11-22 04:48 - 2012-04-16 00:17 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-11-21 19:26 - 2012-12-15 03:54 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-11-19 01:40 - 2012-04-10 06:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2012-11-19 01:40 - 2012-04-10 06:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation


    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-11-29 01:40:50
    Restore point made on: 2012-12-05 18:07:21
    Restore point made on: 2012-12-09 07:19:50
    Restore point made on: 2012-12-10 14:19:13
    Restore point made on: 2012-12-11 12:17:54
    Restore point made on: 2012-12-11 12:19:23
    Restore point made on: 2012-12-15 03:39:37
    Restore point made on: 2012-12-15 07:37:21

    ==================== Memory info ===========================

    Percentage of memory in use: 9%
    Total physical RAM: 8173.21 MB
    Available physical RAM: 7389.9 MB
    Total Pagefile: 8171.41 MB
    Available Pagefile: 7378.13 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ==================== Partitions =============================

    1 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:830.15 GB) NTFS
    2 Drive e: (RA2) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
    3 Drive f: (USB20FD) (Removable) (Total:15.22 GB) (Free:15.21 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 2048 KB
    Disk 1 Online 15 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 31 KB
    Partition 2 Primary 931 GB 103 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Windows NTFS Partition 931 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 15 GB 24 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F USB20FD FAT32 Removable 15 GB Healthy

    =========================================================

    Last Boot: 2012-12-05 14:54

    ==================== End Of Log =============================

    FSS log

    Farbar Service Scanner Version: 10-12-2012
    Ran by DeFragger (administrator) on 17-12-2012 at 04:52:42
    Running from "E:\"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    afd Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
    Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.


    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Attempt to access Google IP returned error.
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error.
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.

    BITS Service is not running. Checking service configuration:
    The start type of BITS service is set to Demand. The default start type is Auto.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-04-17 03:47] - [2012-12-16 07:43] - 0022368 ____A (AVG Technologies CZ, s.r.o. ) 42B7E1AA0C7EC54652A50585793F1885

    ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    MiniToolBox log

    MiniToolBox by Farbar Version: 25-11-2012
    Ran by DeFragger (administrator) on 17-12-2012 at 04:58:11
    Running from "C:\Users\DeFragger\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    "Reset IE Proxy Settings": IE Proxy Settings were reset.

    ========================= FF Proxy Settings: ==============================

    "network.proxy.type", 0

    "Reset FF Proxy Settings": Firefox Proxy settings were reset.

    ========================= Hosts content: =================================

    127.0.0.1 localhost

    ========================= IP Configuration: ================================

    Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Kims_Beast
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
    Physical Address. . . . . . . . . : C8-60-00-6C-8C-0D
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::5cb3:1268:b504:22e9%11(Preferred)
    Autoconfiguration IPv4 Address. . : 169.254.34.233(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{F1B89120-180F-4C2A-A43A-1B5E91D75DC6}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Server: UnKnown
    Address: fec0:0:0:ffff::1

    Ping request could not find host google.com. Please check the name and try again.
    Server: UnKnown
    Address: fec0:0:0:ffff::1

    Ping request could not find host yahoo.com. Please check the name and try again.

    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
    11...c8 60 00 6c 8c 0d ......Realtek PCIe GBE Family Controller
    1...........................Software Loopback Interface 1
    13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
    12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    169.254.0.0 255.255.0.0 On-link 169.254.34.233 276
    169.254.34.233 255.255.255.255 On-link 169.254.34.233 276
    169.254.255.255 255.255.255.255 On-link 169.254.34.233 276
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 169.254.34.233 276
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 169.254.34.233 276
    ===========================================================================
    Persistent Routes:
    None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    11 276 fe80::/64 On-link
    11 276 fe80::5cb3:1268:b504:22e9/128
    On-link
    1 306 ff00::/8 On-link
    11 276 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

    Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
    Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    x64-Catalog5 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

    x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
    x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
    x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
    x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (12/17/2012 04:52:53 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/17/2012 04:51:12 AM) (Source: Schedule) (User: )
    Description: Schedule error: 10050Initialize call failed, bailing out

    Error: (12/17/2012 04:38:08 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/17/2012 04:36:28 AM) (Source: Schedule) (User: )
    Description: Schedule error: 10050Initialize call failed, bailing out

    Error: (12/16/2012 11:28:10 AM) (Source: CVHSVC) (User: )
    Description: Information only.
    Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

    Error: (12/16/2012 11:18:00 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/16/2012 11:16:28 AM) (Source: Schedule) (User: )
    Description: Schedule error: 10050Initialize call failed, bailing out

    Error: (12/16/2012 08:37:18 AM) (Source: CVHSVC) (User: )
    Description: Information only.
    Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

    Error: (12/16/2012 08:27:09 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/16/2012 08:25:34 AM) (Source: Schedule) (User: )
    Description: Schedule error: 10050Initialize call failed, bailing out


    System errors:
    =============
    Error: (12/17/2012 04:58:14 AM) (Source: Service Control Manager) (User: )
    Description: The HTTP service failed to start due to the following error:
    %%22

    Error: (12/17/2012 04:53:29 AM) (Source: Service Control Manager) (User: )
    Description: The Windows Update service terminated with the following error:
    %%-2147014846

    Error: (12/17/2012 04:53:28 AM) (Source: Service Control Manager) (User: )
    Description: The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error:
    %%22

    Error: (12/17/2012 04:53:28 AM) (Source: Service Control Manager) (User: )
    Description: The HTTP service failed to start due to the following error:
    %%22

    Error: (12/17/2012 04:52:57 AM) (Source: Service Control Manager) (User: )
    Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.

    Error: (12/17/2012 04:52:57 AM) (Source: Microsoft-Windows-Bits-Client) (User: NT AUTHORITY)
    Description: The BITS service failed to start. Error 2147952450.

    Error: (12/17/2012 04:51:27 AM) (Source: Service Control Manager) (User: )
    Description: The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error:
    %%1068

    Error: (12/17/2012 04:51:27 AM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
    %%1068

    Error: (12/17/2012 04:51:27 AM) (Source: Service Control Manager) (User: )
    Description: The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error:
    %%1068

    Error: (12/17/2012 04:51:27 AM) (Source: Service Control Manager) (User: )
    Description: The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error:
    %%1068


    Microsoft Office Sessions:
    =========================
    Error: (12/17/2012 04:52:53 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/17/2012 04:51:12 AM) (Source: Schedule)(User: )
    Description: Schedule error: 10050Initialize call failed, bailing out

    Error: (12/17/2012 04:38:08 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/17/2012 04:36:28 AM) (Source: Schedule)(User: )
    Description: Schedule error: 10050Initialize call failed, bailing out

    Error: (12/16/2012 11:28:10 AM) (Source: CVHSVC)(User: )
    Description: Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

    Error: (12/16/2012 11:18:00 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/16/2012 11:16:28 AM) (Source: Schedule)(User: )
    Description: Schedule error: 10050Initialize call failed, bailing out

    Error: (12/16/2012 08:37:18 AM) (Source: CVHSVC)(User: )
    Description: Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.

    Error: (12/16/2012 08:27:09 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/16/2012 08:25:34 AM) (Source: Schedule)(User: )
    Description: Schedule error: 10050Initialize call failed, bailing out


    CodeIntegrity Errors:
    ===================================
    Date: 2012-12-15 06:42:38.194
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-12-15 06:42:38.178
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ========================= Devices: ================================

    Name: HTTP
    Description: HTTP
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: HTTP
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ========================= Memory info: ===================================

    Percentage of memory in use: 16%
    Total physical RAM: 8173.21 MB
    Available physical RAM: 6789.85 MB
    Total Pagefile: 16344.62 MB
    Available Pagefile: 14935.52 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3978.86 MB

    ========================= Partitions: =====================================

    1 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:830.14 GB) NTFS
    2 Drive d: (RA2) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
    3 Drive e: (USB20FD) (Removable) (Total:15.22 GB) (Free:15.21 GB) FAT32

    ========================= Users: ========================================

    User accounts for \\

    Administrator DeFragger Guest
    UpdatusUser


    **** End of log ****
     
  14. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hi Defragger,

    You're doing great. :)
    We need to search for another file.

    Boot into Recovery Environment

    1. Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    2. Type afd.sys;WS2IFSL.SYS into the Search: box in FRST
    3. Click the Search Files button.
    4. FRST will scan your machine looking for files.
    5. When finished scanning it will make a log Search.txt on the flash drive.
    6. Close the command window.
    7. Boot back into normal mode and post me the Search.txt log please.

    Please reply with:
    • FRST log (Search.txt)
     
  15. Defragger

    Defragger Thread Starter

    Joined:
    Dec 12, 2012
    Messages:
    40
    Here is the Search Log you requested. And thanks for the encouraging word and all your help.

    Farbar Recovery Scan Tool (x64) Version: 11-12-2012
    Ran by SYSTEM at 2012-12-18 04:51:51
    Running from F:\

    ================== Search: "afd.sys;WS2IFSL.SYS" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
    [2012-04-17 00:47] - [2011-12-27 20:01] - 0498176 ____A (Microsoft Corporation) 36A14FD1A23F57046361733B792CA8DB

    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
    [2011-11-22 08:30] - [2011-04-24 19:09] - 0499200 ____A (Microsoft Corporation) F4AD06143EAC303F55D0E86C40802976

    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
    [2012-04-17 00:47] - [2011-12-27 19:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825

    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
    [2011-11-22 08:30] - [2011-04-24 18:34] - 0499200 ____A (Microsoft Corporation) D5B031C308A409A0A576BFF4CF083D30

    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

    C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
    [2009-07-13 16:10] - [2009-07-13 16:10] - 0021504 ____A (Microsoft Corporation) 6BCC1D7D2FD2453957C5479A32364E52

    C:\Windows\System32\drivers\AFD.SYS
    [2012-04-17 00:47] - [2012-12-16 04:43] - 0022368 ____A (AVG Technologies CZ, s.r.o. ) 42B7E1AA0C7EC54652A50585793F1885

    C:\Windows\System32\drivers\WS2IFSL.SYS
    [2009-07-13 16:10] - [2012-12-16 04:43] - 0022368 ____A (AVG Technologies CZ, s.r.o. ) 42B7E1AA0C7EC54652A50585793F1885

    ====== End Of Search ======
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1080690

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice