Trojan.zeroAccess

[markb50k]

Had McAfee detect this Trojan.ZeroAccess last weekend. Tried a bunch of solutions, but a system restore ended up fixing it, or at least i thought.

Now i have it again. Seems it showed up last night and i wasnt even home.

Ive been reading up and here is my OTL log

OTL logfile created on: 8/15/2012 3:31:18 PM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Berneti\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.31 Gb Available Physical Memory | 78.94% Memory free

15.98 Gb Paging File | 13.50 Gb Available in Paging File | 84.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 916.41 Gb Total Space | 486.85 Gb Free Space | 53.13% Space Free | Partition Type: NTFS

Computer Name: BERNETI-PC | User Name: Berneti | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 15:18:13 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Berneti\Desktop\OTL.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

PRC - [2011/05/14 14:35:53 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe

PRC - [2011/05/14 14:35:43 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2010/11/25 22:31:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

PRC - [2010/01/22 13:43:24 | 001,016,320 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

PRC - [2009/12/16 21:55:30 | 000,093,568 | ---- | M] (North Star com.) -- C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe

PRC - [2009/12/09 04:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe

PRC - [2009/11/17 17:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

PRC - [2009/11/17 17:18:16 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe

PRC - [2009/10/13 13:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/04/27 13:37:18 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe

PRC - [2009/04/27 13:37:16 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/15 03:30:09 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll

MOD - [2012/06/15 03:27:52 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll

MOD - [2012/06/15 03:27:42 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/15 03:27:37 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/06/15 03:27:34 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll

MOD - [2012/05/11 03:31:32 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll

MOD - [2012/05/11 03:31:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012/05/11 03:30:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/11 03:30:41 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/11 03:30:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/11 03:30:38 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/11 03:30:34 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/11/17 17:16:40 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll

MOD - [2009/09/02 12:28:56 | 000,175,616 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL

MOD - [2009/04/27 13:37:18 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe

MOD - [2009/04/27 13:37:16 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe

MOD - [2008/05/16 12:35:22 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Core.dll

MOD - [2008/05/16 12:35:22 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Common.dll

MOD - [2008/05/16 12:34:18 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll

MOD - [2007/04/30 08:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll

MOD - [2007/04/30 08:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll

MOD - [2007/04/30 08:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll

MOD - [2007/03/06 08:16:48 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxdddatr.dll

MOD - [2007/01/09 17:10:06 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddscw.dll

MOD - [2006/12/28 11:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2500 Series\lxddcats.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/11 12:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2012/04/19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)

SRV:64bit: - [2007/05/25 09:42:22 | 000,034,224 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxddserv.exe -- (lxddCATSCustConnectService)

SRV:64bit: - [2007/05/25 09:42:12 | 000,567,216 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxddcoms.exe -- (lxdd_device)

SRV - [2012/08/14 19:28:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/01/13 11:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)

SRV - [2011/05/14 14:35:53 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)

SRV - [2011/05/14 14:35:43 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2010/05/08 02:28:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2010/05/08 02:28:12 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/15 16:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009/12/09 04:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)

SRV - [2009/11/17 17:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)

SRV - [2009/06/30 10:28:28 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/05/25 09:42:22 | 000,034,224 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe -- (lxddCATSCustConnectService)

SRV - [2007/05/25 09:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxddcoms.exe -- (lxdd_device)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/06/11 13:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/06/11 11:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/23 07:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/03/04 08:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/11/17 18:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)

DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/09/29 20:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17360710z306p04f5v105k45l1r40o

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17360710z306p04f5v105k45l1r40o

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17360710z306p04f5v105k45l1r40o

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17360710z306p04f5v105k45l1r40o

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-908730824-577120901-3013648405-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17360710z306p04f5v105k45l1r40o

IE - HKU\S-1-5-21-908730824-577120901-3013648405-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKU\S-1-5-21-908730824-577120901-3013648405-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-908730824-577120901-3013648405-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKU\S-1-5-21-908730824-577120901-3013648405-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-908730824-577120901-3013648405-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS386

IE - HKU\S-1-5-21-908730824-577120901-3013648405-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-908730824-577120901-3013648405-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-908730824-577120901-3013648405-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/13 05:22:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/24 18:30:38 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - Extension: SiteAdvisor = C:\Users\Berneti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

CHR - Extension: Skype Extension = C:\Users\Berneti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120623032254.dll (McAfee, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623032254.dll (McAfee, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-908730824-577120901-3013648405-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [lxddamon] C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe ()

O4:64bit: - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [lxddamon] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe" File not found

O4 - HKLM..\Run: [lxddmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe" File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-908730824-577120901-3013648405-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKU\S-1-5-21-908730824-577120901-3013648405-1001..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)

O4 - HKU\S-1-5-21-908730824-577120901-3013648405-1001..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)

O4 - HKU\S-1-5-21-908730824-577120901-3013648405-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKU\S-1-5-21-908730824-577120901-3013648405-1001..\Run: [steam] C:\Games\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-908730824-577120901-3013648405-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{900C18A1-1703-4E8B-AF62-36FD5346A49E}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{d6929889-5a71-11df-b1d2-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{d6929889-5a71-11df-b1d2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup\rsrc\Autorun.exe

O33 - MountPoints2\{d6929889-5a71-11df-b1d2-806e6f6e6963}\Shell\dinstall\command - "" = D:\Directx\dxsetup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/15 15:20:06 | 004,731,145 | ---- | C] (Swearware) -- C:\Users\Berneti\Desktop\ComboFix.exe

[2012/08/15 15:19:14 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Berneti\Desktop\tdsskiller.exe

[2012/08/15 15:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012/08/15 15:18:09 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Berneti\Desktop\OTL.exe

[2012/08/15 06:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/15 06:35:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/08/15 03:28:09 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/08/11 14:08:47 | 000,000,000 | ---D | C] -- C:\Users\Berneti\AppData\Roaming\Malwarebytes

[2012/08/11 14:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/08/11 14:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/11 13:44:11 | 000,000,000 | ---D | C] -- C:\Users\Berneti\AppData\Roaming\McAfee

[2012/07/31 05:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield

[2012/07/29 14:00:50 | 000,000,000 | R--D | C] -- C:\Users\Berneti\Dropbox

[2012/07/29 13:59:13 | 000,000,000 | ---D | C] -- C:\Users\Berneti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2012/07/29 13:58:41 | 000,000,000 | ---D | C] -- C:\Users\Berneti\AppData\Roaming\Dropbox

[9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/15 15:28:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/15 15:21:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/15 15:21:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/15 15:21:47 | 004,731,145 | ---- | M] (Swearware) -- C:\Users\Berneti\Desktop\ComboFix.exe

[2012/08/15 15:20:49 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Berneti\Desktop\tdsskiller.exe

[2012/08/15 15:20:23 | 000,726,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/15 15:20:23 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/15 15:20:23 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/15 15:18:59 | 001,558,528 | ---- | M] () -- C:\Users\Berneti\Desktop\RogueKiller.exe

[2012/08/15 15:18:58 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk

[2012/08/15 15:18:13 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Berneti\Desktop\OTL.exe

[2012/08/15 15:14:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/15 15:14:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/15 15:14:00 | 2140,491,775 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/15 06:59:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/15 06:35:53 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/15 05:36:57 | 458,701,732 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/08/15 03:21:43 | 000,355,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/08/15 03:02:38 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI

[2012/08/04 14:53:37 | 000,000,892 | ---- | M] () -- C:\Users\Berneti\Desktop\ARMA2 - APOC TEST.lnk

[2012/07/29 14:00:50 | 000,001,051 | ---- | M] () -- C:\Users\Berneti\Desktop\Dropbox.lnk

[2012/07/29 13:55:29 | 000,007,605 | ---- | M] () -- C:\Users\Berneti\AppData\Local\Resmon.ResmonCfg

[2012/07/19 21:46:13 | 000,000,884 | ---- | M] () -- C:\Users\Berneti\Desktop\ARMA2 - LOBO ACE.lnk

[2012/07/19 21:46:05 | 000,000,866 | ---- | M] () -- C:\Users\Berneti\Desktop\ARMA2 - LOBO.lnk

[9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/15 15:18:25 | 001,558,528 | ---- | C] () -- C:\Users\Berneti\Desktop\RogueKiller.exe

[2012/08/15 06:35:53 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/15 03:22:05 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{3530c6b6-4c87-9c84-83e8-3c881e0a4eaf}\L\00000004.@

[2012/08/15 03:02:38 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI

[2012/07/29 14:00:50 | 000,001,051 | ---- | C] () -- C:\Users\Berneti\Desktop\Dropbox.lnk

[2012/07/29 13:55:29 | 000,007,605 | ---- | C] () -- C:\Users\Berneti\AppData\Local\Resmon.ResmonCfg

[2012/07/19 20:48:58 | 000,000,866 | ---- | C] () -- C:\Users\Berneti\Desktop\ARMA2 - LOBO.lnk

[2012/07/19 20:48:20 | 000,000,884 | ---- | C] () -- C:\Users\Berneti\Desktop\ARMA2 - LOBO ACE.lnk

[2012/04/05 20:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/04/05 20:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/01/11 15:28:47 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{3530c6b6-4c87-9c84-83e8-3c881e0a4eaf}\@

[2012/01/11 15:28:47 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{3530c6b6-4c87-9c84-83e8-3c881e0a4eaf}\@

[2012/01/11 15:28:47 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{3530c6b6-4c87-9c84-83e8-3c881e0a4eaf}\@

[2011/11/04 15:55:58 | 000,000,003 | ---- | C] () -- C:\Users\Berneti\AppData\Roaming\ispnetkey.dll

[2011/10/09 21:18:21 | 000,028,292 | ---- | C] () -- C:\Users\Berneti\AppData\Roaming\OFMissionEditorConfig.xml

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/08/09 17:05:48 | 000,146,304 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/05/14 14:35:45 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/05/14 14:35:43 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe

[2011/05/14 14:35:43 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/01/16 17:53:00 | 000,000,317 | ---- | C] () -- C:\Windows\game.ini

[2011/01/15 13:51:58 | 000,354,304 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll

[2011/01/15 13:51:58 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll

[2011/01/13 06:22:04 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

========== LOP Check ==========

[2012/08/15 06:48:58 | 000,000,000 | ---D | M] -- C:\Users\Berneti\AppData\Roaming\Dropbox

[2010/07/10 22:33:33 | 000,000,000 | ---D | M] -- C:\Users\Berneti\AppData\Roaming\Lexmark Productivity Studio

[2012/06/21 05:42:33 | 000,000,000 | ---D | M] -- C:\Users\Berneti\AppData\Roaming\six-updater

[2012/05/07 05:28:41 | 000,000,000 | ---D | M] -- C:\Users\Berneti\AppData\Roaming\six-zsync

[2011/04/10 15:43:03 | 000,000,000 | ---D | M] -- C:\Users\Berneti\AppData\Roaming\Windows Live Writer

[2011/09/29 20:35:15 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Please help

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[markb50k]

I actually had an Extras TXT as well. here it is along with the RKreport

OTL Extras logfile created on: 8/15/2012 3:31:18 PM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Berneti\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.31 Gb Available Physical Memory | 78.94% Memory free

15.98 Gb Paging File | 13.50 Gb Available in Paging File | 84.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 916.41 Gb Total Space | 486.85 Gb Free Space | 53.13% Space Free | Partition Type: NTFS

Computer Name: BERNETI-PC | User Name: Berneti | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- Reg Error: Key error. File not found

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-908730824-577120901-3013648405-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java 6 Update 23 (64-bit)

"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{698FB2DD-1D07-CF42-1196-782D03DE4226}" = AMD Drag and Drop Transcoding

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{EB982C77-A824-9C2C-BC71-89B36EFD2489}" = ATI AVIVO64 Codecs

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy Software Installer

"Lexmark 2500 Series" = Lexmark 2500 Series

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish

"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center

"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising

"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help

"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help

"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish

"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater

"{2F604147-A9FD-886E-59F7-96BDC3981632}" = HydraVision

"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed

"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French

"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor

"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek

"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM

"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{733C5FC0-F0C4-405B-A983-61C24CC60E39}_is1" = Photo Frame

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean

"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch

"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold

"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian

"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI

"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{b0941905-5fb6-42ad-9804-609e3ae602c6}" = Nero 9 Essentials

"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade

"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3

"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater

"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict: Soviet Assault

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1F5C7EE-23BB-47A3-943E-9F290DD267F0}" = THX TruStudio PC

"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter

"{F5FE4F51-9998-BC38-E32C-6C056ACA0BC1}" = Catalyst Control Center InstallProxy

"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English

"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool

"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"ArmA 2" = ArmA 2 Uninstall

"Arma 2 Army of The Czech Republic" = Arma 2 Army of The Czech Republic Uninstall

"Arma 2 British Armed Forces" = Arma 2 British Armed Forces Uninstall

"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall

"Arma 2 Private Military Company" = Arma 2 Private Military Company Uninstall

"BattlEye" = BattlEye Uninstall

"BattlEye for A2" = BattlEye Uninstall

"BattlEye for OA" = BattlEye for OA Uninstall

"Best Buy Software Installer" = Best Buy Software Installer

"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI

"comtypes-py2.6" = Python 2.6 comtypes-0.6.2

"Download Manager" = Download Manager 2.3.10

"EA Download Manager" = EA Download Manager

"Fraps" = Fraps (remove only)

"Gateway InfoCentre" = Gateway InfoCentre

"Gateway Registration" = Gateway Registration

"Gateway Screensaver" = Gateway ScreenSaver

"Gateway Welcome Center" = Welcome Center

"Harpoon 3 ANW v3943.9.4" = Harpoon 3 ANW v394

"Harpoon 3 Ultimate Advanced Naval Warfare3.10.1" = Harpoon 3 Ultimate Advanced Naval Warfare

"Harpoon 3 v3.6.33.6.3" = Harpoon 3 v3.6.3

"Harpoon Ultimate Commanders Edition2009.05" = Harpoon Ultimate Commanders Edition

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Identity Card" = Identity Card

"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"KeyExtender_is1" = KeyExtender 3.99

"Lexmark 2500 Series" = Lexmark 2500 Series

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"MSC" = McAfee SecurityCenter

"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12

"psyco-py2.6" = Python 2.6 psyco-1.6

"PunkBusterSvc" = PunkBuster Services

"pywin32-py2.6" = Python 2.6 pywin32-214

"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2

"Steam App 10180" = Call of Duty: Modern Warfare 2

"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer

"Steam App 32430" = Star Wars: The Force Unleashed

"Steam App 32470" = Star Wars: Empire at War Gold

"Steam App 42680" = Call of Duty: Modern Warfare 3

"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer

"Steam App 42700" = Call of Duty: Black Ops

"Steam App 42710" = Call of Duty: Black Ops - Multiplayer

"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"WinX Free WMV to MP4 Converter_is1" = WinX Free WMV to MP4 Converter 2.0.7

"wxPython2.8-ansi-py26_is1" = wxPython 2.8.11.0 (ansi) for Python 2.6

"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-908730824-577120901-3013648405-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 12/16/2011 9:49:38 AM | Computer Name = Berneti-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 12/16/2011 9:49:38 AM | Computer Name = Berneti-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 12/16/2011 9:49:38 AM | Computer Name = Berneti-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 12/16/2011 9:49:38 AM | Computer Name = Berneti-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 12/16/2011 9:49:38 AM | Computer Name = Berneti-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 12/16/2011 9:49:38 AM | Computer Name = Berneti-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 12/16/2011 9:49:38 AM | Computer Name = Berneti-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 12/16/2011 11:27:37 AM | Computer Name = Berneti-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 12/16/2011 11:27:37 AM | Computer Name = Berneti-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 12/16/2011 11:27:37 AM | Computer Name = Berneti-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

[ Media Center Events ]

Error - 10/12/2011 12:32:51 PM | Computer Name = Berneti-PC | Source = MCUpdate | ID = 0

Description = 11:32:51 AM - Failed to retrieve SportsSchedule (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

[ System Events ]

Error - 8/15/2012 4:14:17 PM | Computer Name = Berneti-PC | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

Error - 8/15/2012 4:14:17 PM | Computer Name = Berneti-PC | Source = Service Control Manager | ID = 7003

Description = The IKE and AuthIP IPsec Keying Modules service depends the following

service: BFE. This service might not be installed.

Error - 8/15/2012 4:14:19 PM | Computer Name = Berneti-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the lxddCATSCustConnectService

service to connect.

Error - 8/15/2012 4:14:19 PM | Computer Name = Berneti-PC | Source = Service Control Manager | ID = 7000

Description = The lxddCATSCustConnectService service failed to start due to the

following error: %%1053

Error - 8/15/2012 4:14:19 PM | Computer Name = Berneti-PC | Source = Service Control Manager | ID = 7003

Description = The McAfee Personal Firewall Service service depends the following

service: MpsSvc. This service might not be installed.

Error - 8/15/2012 4:14:23 PM | Computer Name = Berneti-PC | Source = Service Control Manager | ID = 7003

Description = The IPsec Policy Agent service depends the following service: BFE.

This service might not be installed.

Error - 8/15/2012 4:17:35 PM | Computer Name = Berneti-PC | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

Error - 8/15/2012 4:17:35 PM | Computer Name = Berneti-PC | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error: %%-2147024891

Error - 8/15/2012 4:17:35 PM | Computer Name = Berneti-PC | Source = Service Control Manager | ID = 7003

Description = The McAfee Personal Firewall Service service depends the following

service: MpsSvc. This service might not be installed.

Error - 8/15/2012 4:17:35 PM | Computer Name = Berneti-PC | Source = Service Control Manager | ID = 7003

Description = The McAfee Personal Firewall Service service depends the following

service: MpsSvc. This service might not be installed.

< End of report >

HERE IS THE RKREPORT

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Berneti [Admin rights]

Mode: Scan -- Date: 08/15/2012 15:46:58

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{3530c6b6-4c87-9c84-83e8-3c881e0a4eaf}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{3530c6b6-4c87-9c84-83e8-3c881e0a4eaf}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{3530c6b6-4c87-9c84-83e8-3c881e0a4eaf}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS +++++

--- User ---

[MBR] c4ff67c9bb9c85d2ebb7f99fd6bf4777

[bSP] ab65c45153570357c7b50fe11b0fb4ec : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 938407 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 807ab743ff0c452d22f30aa43d9ee090

[bSP] ab65c45153570357c7b50fe11b0fb4ec : Windows 7 MBR Code

Partition table:

1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 938407 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] 807ab743ff0c452d22f30aa43d9ee090

[bSP] ab65c45153570357c7b50fe11b0fb4ec : Windows 7 MBR Code

Partition table:

1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 938407 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.
  

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.
  

On the System Recovery Options menu you will get the following options:

• 
  
  • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
    

  [*]Select Command Prompt

  [*]In the command window type in notepad and press Enter.

  [*]The notepad opens. Under File menu select Open.

  [*]Select "Computer" and find your flash drive letter and close the notepad.

  [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

  Note: Replace letter e with the drive letter of your flash drive.

  [*]The tool will start to run.

  [*]When the tool opens click Yes to disclaimer.

  [*]Press Scan button.

  [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

  services.exe

  [*]Now press the Search button

  [*]When the search is complete, search.txt will also be written to your USB

  [*]Type exit and reboot the computer normally

  [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

[markb50k]

im trying to do the System Recovery Options

when i get to the dialog, i do the US Keyboard input method, but then it asks for a username/password. I explicity dont have a password on the user login, i have always just hit enter. But it wont let me leave it blank here.

[markb50k]

nevermind, got in. will post logs in a sec

[markb50k]

FRST file

Scan result of Farbar Recovery Scan Tool Version: 15-08-2012

Ran by SYSTEM at 15-08-2012 16:17:10

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10060320 2010-02-09] (Realtek Semiconductor)

HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-09-30] (Creative Technology Ltd.)

HKLM\...\Run: [lxddmon.exe] "C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe" [291496 2009-04-27] ()

HKLM\...\Run: [lxddamon] "C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe" [25256 2009-04-27] ()

HKLM-x32\...\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k [244480 2009-11-17] (NewTech Infosystems, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2011-01-31] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [1016320 2010-01-22] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [lxddmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe" [x]

HKLM-x32\...\Run: [lxddamon] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe" [x]

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)

HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKU\Berneti\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-04-20] (Google Inc.)

HKU\Berneti\...\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork [1103216 2009-10-27] (IGN Entertainment)

HKU\Berneti\...\Run: [steam] "C:\Games\Steam\Steam.exe" -silent [1353080 2012-08-15] (Valve Corporation)

HKU\Berneti\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

HKU\Berneti\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)

HKU\Berneti\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2010-11-25] (AMD)

HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)

HKU\Default\...\RunOnce: [scrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [1475584 2010-11-20] (Microsoft Corporation)

HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)

HKU\Default User\...\RunOnce: [scrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [1475584 2010-11-20] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Photo Frame.lnk

ShortcutTarget: Photo Frame.lnk -> C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe (North Star com.)

Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy Software Installer.lnk

ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy Software Installer.lnk

ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)

==================== Services (Whitelisted) ======

2 lxdd_device; C:\Windows\system32\lxddcoms.exe -service [567216 2007-05-25] ( )

2 lxdd_device; C:\Windows\SysWow64\lxddcoms.exe -service [537520 2007-05-25] ( )

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

2 McAfee SiteAdvisor Service; "C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe" [103440 2012-01-13] (McAfee, Inc.)

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)

2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2011-05-14] ()

2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2011-05-14] ()

2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)

1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)

0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)

3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-15 12:46 - 2012-08-15 12:46 - 00002690 ____A C:\Users\Berneti\Desktop\RKreport[1].txt

2012-08-15 12:45 - 2012-08-15 12:46 - 00000000 ____D C:\Users\Berneti\Desktop\RK_Quarantine

2012-08-15 12:39 - 2012-08-15 12:39 - 00056552 ____A C:\Users\Berneti\Desktop\Extras.Txt

2012-08-15 12:38 - 2012-08-15 12:38 - 00095794 ____A C:\Users\Berneti\Desktop\OTL.Txt

2012-08-15 12:20 - 2012-08-15 12:21 - 04731145 ____A (Swearware) C:\Users\Berneti\Desktop\ComboFix.exe

2012-08-15 12:19 - 2012-08-15 12:20 - 02208856 ____A (Kaspersky Lab ZAO) C:\Users\Berneti\Desktop\tdsskiller.exe

2012-08-15 12:18 - 2012-08-15 12:18 - 01558528 ____A C:\Users\Berneti\Desktop\RogueKiller.exe

2012-08-15 12:18 - 2012-08-15 12:18 - 00596992 ____A (OldTimer Tools) C:\Users\Berneti\Desktop\OTL.exe

2012-08-15 12:15 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

2012-08-15 03:35 - 2012-08-15 03:35 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-15 03:35 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-15 02:37 - 2012-08-15 02:37 - 00274728 ____A C:\Windows\Minidump\081512-30669-01.dmp

2012-08-15 02:18 - 2012-08-15 02:18 - 00274728 ____A C:\Windows\Minidump\081512-33587-01.dmp

2012-08-15 00:28 - 2012-08-15 00:28 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-08-15 00:03 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-15 00:03 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-15 00:03 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-15 00:03 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-15 00:03 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-15 00:03 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-15 00:03 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-15 00:03 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-15 00:03 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-15 00:03 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-15 00:03 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-15 00:03 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-15 00:03 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-15 00:03 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-08-15 00:03 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-08-15 00:03 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-08-15 00:03 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-08-15 00:03 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-08-15 00:03 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-08-15 00:03 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-08-15 00:03 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-08-15 00:03 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-08-15 00:03 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-08-15 00:03 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-08-15 00:03 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-08-15 00:03 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-08-15 00:03 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-08-15 00:03 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-08-15 00:02 - 2012-08-15 00:02 - 00000129 ____A C:\Windows\System32\MRT.INI

2012-08-14 22:27 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-08-14 22:27 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-08-14 22:27 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-08-14 22:27 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-08-14 22:27 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-08-14 22:27 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-08-14 22:27 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll

2012-08-14 22:27 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll

2012-08-14 22:27 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2012-08-14 22:27 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2012-08-14 22:27 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe

2012-08-14 22:27 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe

2012-08-14 22:27 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2012-08-12 14:01 - 2012-08-12 14:01 - 02198701 ____A C:\Users\Berneti\Downloads\Apocalypse_29.zip

2012-08-12 11:48 - 2012-08-12 11:48 - 00000000 ____D C:\Users\Public\OEM

2012-08-12 07:51 - 2012-08-12 07:51 - 00001109 ____A C:\Users\Berneti\Downloads\SuperDAT.log

2012-08-12 07:27 - 2012-08-12 11:23 - 00000000 ____D C:\Users\Berneti\Downloads\562354_2

2012-08-12 07:27 - 2012-08-12 07:27 - 00064009 ____A C:\Users\Berneti\Downloads\562354_2.zip

2012-08-11 11:08 - 2012-08-15 03:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-11 11:08 - 2012-08-11 11:08 - 00000000 ____D C:\Users\Berneti\AppData\Roaming\Malwarebytes

2012-08-11 11:08 - 2012-08-11 11:08 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-08-11 10:44 - 2012-08-11 10:44 - 00000000 ____D C:\Users\Berneti\AppData\Roaming\McAfee

2012-08-10 15:52 - 2012-08-10 15:52 - 00000000 ____D C:\Users\Berneti\Downloads\rhs_decals_1.3

2012-08-10 14:38 - 2012-08-10 14:38 - 00000000 ____D C:\Users\Berneti\Downloads\SNR_M109A6_V1.1

2012-08-10 14:36 - 2012-08-10 14:38 - 35137578 ____A C:\Users\Berneti\Downloads\SNR_M109A6_V1.1.rar

2012-08-10 14:35 - 2012-08-10 14:35 - 00000000 ____D C:\Users\Berneti\Downloads\rhs_afrf_0.1.0.1355

2012-08-10 04:20 - 2012-08-10 14:34 - 405233020 ____A C:\Users\Berneti\Downloads\rhs_afrf_0.1.0.1355.7z

2012-08-10 02:13 - 2012-08-10 02:13 - 00000000 ____D C:\Users\Berneti\Downloads\TGWVehicleFixes_v1.56

2012-08-09 16:36 - 2012-08-10 02:13 - 00017794 ____A C:\Users\Berneti\Downloads\TGWVehicleFixes_v1.56.rar

2012-08-09 02:16 - 2012-08-09 02:16 - 00000000 ____D C:\Users\Berneti\Downloads\ukf_shared_v1.12

2012-08-09 02:16 - 2012-08-09 02:16 - 00000000 ____D C:\Users\Berneti\Downloads\ukf_misc_v1.12

2012-08-09 02:16 - 2012-08-09 02:16 - 00000000 ____D C:\Users\Berneti\Downloads\UKF_Challenger2

2012-08-09 02:15 - 2012-08-09 02:16 - 11350151 ____A C:\Users\Berneti\Downloads\ukf_shared_v1.12.rar

2012-08-09 02:15 - 2012-08-09 02:15 - 00087993 ____A C:\Users\Berneti\Downloads\ukf_misc_v1.12.rar

2012-08-09 02:14 - 2012-08-09 02:16 - 27170228 ____A C:\Users\Berneti\Downloads\UKF_Challenger2.7z

2012-08-03 03:06 - 2012-08-03 03:06 - 00000000 ____D C:\Users\Berneti\Downloads\Hazar-Kotv1 (1)

2012-08-03 02:22 - 2012-08-03 02:26 - 79536481 ____A C:\Users\Berneti\Downloads\Hazar-Kotv1 (1).zip

2012-07-31 02:16 - 2012-07-31 02:16 - 00000000 ____D C:\Users\All Users\Solidshield

2012-07-30 19:08 - 2012-07-30 19:08 - 00000000 ____D C:\Users\Berneti\Downloads\ARMA2OACORFT_Update_162

2012-07-30 16:25 - 2012-07-30 16:25 - 00000912 ____A C:\Users\Berneti\Downloads\A2_ACR_Setup_FULL.exe.md5

2012-07-30 15:28 - 2012-07-30 16:25 - 1179827641 ____A (Oleg N. Scherbakov) C:\Users\Berneti\Downloads\A2_ACR_Setup_FULL.exe

2012-07-30 15:27 - 2012-07-30 19:08 - 54744235 ____A C:\Users\Berneti\Downloads\ARMA2OACORFT_Update_162.zip

2012-07-29 13:49 - 2012-07-29 13:49 - 00000000 ____D C:\Users\Berneti\Downloads\A2020DutchForcesv5.2

2012-07-29 11:00 - 2012-08-15 12:40 - 00000000 ___RD C:\Users\Berneti\Dropbox

2012-07-29 11:00 - 2012-07-29 11:00 - 00001051 ____A C:\Users\Berneti\Desktop\Dropbox.lnk

2012-07-29 10:58 - 2012-08-15 12:48 - 00000000 ____D C:\Users\Berneti\AppData\Roaming\Dropbox

2012-07-29 10:55 - 2012-07-29 10:55 - 00007605 ____A C:\Users\Berneti\AppData\Local\Resmon.ResmonCfg

2012-07-27 02:19 - 2012-07-27 02:19 - 00000000 ____D C:\Users\Berneti\Downloads\sfp_6h_june (1)

2012-07-27 02:18 - 2012-07-27 02:19 - 00000000 ____D C:\Users\Berneti\Downloads\DDAM_FullRelease_MarkB50k

2012-07-27 02:18 - 2012-07-27 02:18 - 00000000 ____D C:\Users\Berneti\Downloads\Operation_Nortstar_CO_v05 (1)

2012-07-27 02:17 - 2012-07-27 02:17 - 00000000 ____D C:\Users\Berneti\Downloads\@LoBoGulfWarModv2.0

2012-07-26 02:21 - 2012-07-26 03:26 - 402093455 ____A C:\Users\Berneti\Downloads\@LoBoGulfWarModv2.0.7z

2012-07-26 02:19 - 2012-07-26 04:15 - 662054359 ____A C:\Users\Berneti\Downloads\DDAM_FullRelease (1).7z

2012-07-26 02:14 - 2012-07-26 03:30 - 219429537 ____A C:\Users\Berneti\Downloads\Operation_Nortstar_CO_v05 (1).7z

2012-07-26 02:12 - 2012-07-26 04:26 - 761406470 ____A C:\Users\Berneti\Downloads\sfp_6h_june (1).7z

2012-07-25 18:36 - 2012-07-25 18:36 - 00274728 ____A C:\Windows\Minidump\072512-30841-01.dmp

2012-07-25 02:40 - 2012-07-25 02:40 - 01108636 ____A C:\Users\Berneti\Downloads\Apocalypse_26.zip

2012-07-24 02:57 - 2012-07-24 02:57 - 00000000 ____D C:\Users\Berneti\Downloads\VME_PLA_MOD

2012-07-24 02:26 - 2012-07-24 02:57 - 506821002 ____A C:\Users\Berneti\Downloads\VME_PLA_MOD.7z

2012-07-24 02:26 - 2012-07-24 02:26 - 00000000 ____D C:\Users\Berneti\Downloads\JSDFMOD_143

2012-07-23 04:04 - 2012-07-24 02:26 - 239230026 ____A C:\Users\Berneti\Downloads\JSDFMOD_143.7z

2012-07-20 12:41 - 2012-07-20 12:43 - 00000000 ____D C:\Users\Berneti\Downloads\@PCDF_106

2012-07-20 12:41 - 2012-07-20 12:41 - 00000000 ____D C:\Users\Berneti\Downloads\@RAAFC130V1.2

2012-07-20 12:41 - 2012-07-20 12:41 - 00000000 ____D C:\Users\Berneti\Downloads\@PCDF_105

2012-07-19 17:48 - 2012-07-19 18:46 - 00000884 ____A C:\Users\Berneti\Desktop\ARMA2 - LOBO ACE.lnk

2012-07-19 17:48 - 2012-07-19 18:46 - 00000866 ____A C:\Users\Berneti\Desktop\ARMA2 - LOBO.lnk

2012-07-19 16:03 - 2012-07-19 16:17 - 82891461 ____A C:\Users\Berneti\Downloads\@PCDF_106.rar

2012-07-19 16:03 - 2012-07-19 16:16 - 206643856 ____A C:\Users\Berneti\Downloads\@PCDF_105.rar

2012-07-19 16:03 - 2012-07-19 16:04 - 03676823 ____A C:\Users\Berneti\Downloads\@RAAFC130V1.2.zip

2012-07-19 04:07 - 2012-07-19 04:07 - 00517472 ____A C:\Users\Berneti\Downloads\JayArmA2Lib_V1.4.38.zip

2012-07-19 04:07 - 2012-07-19 04:07 - 00000000 ____D C:\Users\Berneti\Downloads\JayArmA2Lib_V1.4.38

2012-07-19 03:52 - 2012-07-19 03:52 - 00000000 ____D C:\Users\Berneti\Downloads\@ACEX_v1.13.0.353

2012-07-19 03:39 - 2012-07-19 03:39 - 00000000 ____D C:\Users\Berneti\Downloads\@bet_addons_1.47

2012-07-19 03:11 - 2012-07-19 03:39 - 192353257 ____A C:\Users\Berneti\Downloads\@bet_addons_1.47.7z

2012-07-19 02:35 - 2012-07-19 02:35 - 01848655 ____A C:\Users\Berneti\Downloads\@M1AusV1.1.zip

2012-07-19 02:35 - 2012-07-19 02:35 - 00000000 ____D C:\Users\Berneti\Downloads\@M1AusV1.1

2012-07-18 02:41 - 2012-07-18 02:41 - 00000000 ____D C:\Users\Berneti\Downloads\ACRE_V1.4.7_TS307_plugins

2012-07-18 02:40 - 2012-07-18 02:42 - 00000000 ____D C:\Users\Berneti\Downloads\LoBo_ArmA2_IDFpackVer1_0

2012-07-17 18:54 - 2012-07-17 19:02 - 160700803 ____A C:\Users\Berneti\Downloads\LoBo_ArmA2_IDFpackVer1_0.7z

2012-07-17 18:54 - 2012-07-17 18:54 - 03817125 ____A C:\Users\Berneti\Downloads\ACRE_V1.4.7_TS307_plugins.zip

============ 3 Months Modified Files ========================

2012-08-15 13:08 - 2009-07-13 20:51 - 00068184 ____A C:\Windows\setupact.log

2012-08-15 13:01 - 2010-05-07 23:22 - 01601383 ____A C:\Windows\WindowsUpdate.log

2012-08-15 12:59 - 2010-07-04 07:04 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-08-15 12:46 - 2012-08-15 12:46 - 00002690 ____A C:\Users\Berneti\Desktop\RKreport[1].txt

2012-08-15 12:40 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-15 12:39 - 2012-08-15 12:39 - 00056552 ____A C:\Users\Berneti\Desktop\Extras.Txt

2012-08-15 12:38 - 2012-08-15 12:38 - 00095794 ____A C:\Users\Berneti\Desktop\OTL.Txt

2012-08-15 12:28 - 2012-06-20 02:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-15 12:21 - 2012-08-15 12:20 - 04731145 ____A (Swearware) C:\Users\Berneti\Desktop\ComboFix.exe

2012-08-15 12:21 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-15 12:21 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-15 12:20 - 2012-08-15 12:19 - 02208856 ____A (Kaspersky Lab ZAO) C:\Users\Berneti\Desktop\tdsskiller.exe

2012-08-15 12:18 - 2012-08-15 12:18 - 01558528 ____A C:\Users\Berneti\Desktop\RogueKiller.exe

2012-08-15 12:18 - 2012-08-15 12:18 - 00596992 ____A (OldTimer Tools) C:\Users\Berneti\Desktop\OTL.exe

2012-08-15 12:18 - 2010-09-04 08:03 - 00001835 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk

2012-08-15 12:14 - 2010-07-04 07:04 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-08-15 12:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-15 03:50 - 2010-04-20 23:46 - 00079940 ____A C:\Windows\PFRO.log

2012-08-15 03:35 - 2012-08-15 03:35 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-15 02:37 - 2012-08-15 02:37 - 00274728 ____A C:\Windows\Minidump\081512-30669-01.dmp

2012-08-15 02:36 - 2011-02-05 15:39 - 458701732 ____A C:\Windows\MEMORY.DMP

2012-08-15 02:18 - 2012-08-15 02:18 - 00274728 ____A C:\Windows\Minidump\081512-33587-01.dmp

2012-08-15 00:21 - 2009-07-13 20:45 - 00355112 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-15 00:02 - 2012-08-15 00:02 - 00000129 ____A C:\Windows\System32\MRT.INI

2012-08-15 00:00 - 2010-07-07 03:06 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-08-14 16:28 - 2012-04-13 02:01 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-14 16:28 - 2011-07-29 02:04 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-12 14:01 - 2012-08-12 14:01 - 02198701 ____A C:\Users\Berneti\Downloads\Apocalypse_29.zip

2012-08-12 07:51 - 2012-08-12 07:51 - 00001109 ____A C:\Users\Berneti\Downloads\SuperDAT.log

2012-08-12 07:27 - 2012-08-12 07:27 - 00064009 ____A C:\Users\Berneti\Downloads\562354_2.zip

2012-08-10 14:38 - 2012-08-10 14:36 - 35137578 ____A C:\Users\Berneti\Downloads\SNR_M109A6_V1.1.rar

2012-08-10 14:34 - 2012-08-10 04:20 - 405233020 ____A C:\Users\Berneti\Downloads\rhs_afrf_0.1.0.1355.7z

2012-08-10 02:13 - 2012-08-09 16:36 - 00017794 ____A C:\Users\Berneti\Downloads\TGWVehicleFixes_v1.56.rar

2012-08-09 02:16 - 2012-08-09 02:15 - 11350151 ____A C:\Users\Berneti\Downloads\ukf_shared_v1.12.rar

2012-08-09 02:16 - 2012-08-09 02:14 - 27170228 ____A C:\Users\Berneti\Downloads\UKF_Challenger2.7z

2012-08-09 02:15 - 2012-08-09 02:15 - 00087993 ____A C:\Users\Berneti\Downloads\ukf_misc_v1.12.rar

2012-08-04 11:53 - 2012-07-14 10:13 - 00000892 ____A C:\Users\Berneti\Desktop\ARMA2 - APOC TEST.lnk

2012-08-03 02:26 - 2012-08-03 02:22 - 79536481 ____A C:\Users\Berneti\Downloads\Hazar-Kotv1 (1).zip

2012-07-30 19:08 - 2012-07-30 15:27 - 54744235 ____A C:\Users\Berneti\Downloads\ARMA2OACORFT_Update_162.zip

2012-07-30 16:25 - 2012-07-30 16:25 - 00000912 ____A C:\Users\Berneti\Downloads\A2_ACR_Setup_FULL.exe.md5

2012-07-30 16:25 - 2012-07-30 15:28 - 1179827641 ____A (Oleg N. Scherbakov) C:\Users\Berneti\Downloads\A2_ACR_Setup_FULL.exe

2012-07-30 16:25 - 2012-04-08 06:25 - 00005842 ____A C:\Users\Berneti\Downloads\sprocket.log

2012-07-29 11:00 - 2012-07-29 11:00 - 00001051 ____A C:\Users\Berneti\Desktop\Dropbox.lnk

2012-07-29 10:55 - 2012-07-29 10:55 - 00007605 ____A C:\Users\Berneti\AppData\Local\Resmon.ResmonCfg

2012-07-26 04:26 - 2012-07-26 02:12 - 761406470 ____A C:\Users\Berneti\Downloads\sfp_6h_june (1).7z

2012-07-26 04:15 - 2012-07-26 02:19 - 662054359 ____A C:\Users\Berneti\Downloads\DDAM_FullRelease (1).7z

2012-07-26 03:30 - 2012-07-26 02:14 - 219429537 ____A C:\Users\Berneti\Downloads\Operation_Nortstar_CO_v05 (1).7z

2012-07-26 03:26 - 2012-07-26 02:21 - 402093455 ____A C:\Users\Berneti\Downloads\@LoBoGulfWarModv2.0.7z

2012-07-25 18:36 - 2012-07-25 18:36 - 00274728 ____A C:\Windows\Minidump\072512-30841-01.dmp

2012-07-25 02:40 - 2012-07-25 02:40 - 01108636 ____A C:\Users\Berneti\Downloads\Apocalypse_26.zip

2012-07-24 02:57 - 2012-07-24 02:26 - 506821002 ____A C:\Users\Berneti\Downloads\VME_PLA_MOD.7z

2012-07-24 02:26 - 2012-07-23 04:04 - 239230026 ____A C:\Users\Berneti\Downloads\JSDFMOD_143.7z

2012-07-19 18:46 - 2012-07-19 17:48 - 00000884 ____A C:\Users\Berneti\Desktop\ARMA2 - LOBO ACE.lnk

2012-07-19 18:46 - 2012-07-19 17:48 - 00000866 ____A C:\Users\Berneti\Desktop\ARMA2 - LOBO.lnk

2012-07-19 16:17 - 2012-07-19 16:03 - 82891461 ____A C:\Users\Berneti\Downloads\@PCDF_106.rar

2012-07-19 16:16 - 2012-07-19 16:03 - 206643856 ____A C:\Users\Berneti\Downloads\@PCDF_105.rar

2012-07-19 16:04 - 2012-07-19 16:03 - 03676823 ____A C:\Users\Berneti\Downloads\@RAAFC130V1.2.zip

2012-07-19 04:07 - 2012-07-19 04:07 - 00517472 ____A C:\Users\Berneti\Downloads\JayArmA2Lib_V1.4.38.zip

2012-07-19 03:39 - 2012-07-19 03:11 - 192353257 ____A C:\Users\Berneti\Downloads\@bet_addons_1.47.7z

2012-07-19 02:35 - 2012-07-19 02:35 - 01848655 ____A C:\Users\Berneti\Downloads\@M1AusV1.1.zip

2012-07-18 10:15 - 2012-08-14 22:27 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-17 19:02 - 2012-07-17 18:54 - 160700803 ____A C:\Users\Berneti\Downloads\LoBo_ArmA2_IDFpackVer1_0.7z

2012-07-17 18:54 - 2012-07-17 18:54 - 03817125 ____A C:\Users\Berneti\Downloads\ACRE_V1.4.7_TS307_plugins.zip

2012-07-15 06:23 - 2012-07-15 06:23 - 00003454 ____A C:\Users\Berneti\Downloads\@Klu_GLT_Missilebox_ACE_Enhancement.rar

2012-07-13 15:07 - 2012-07-13 14:54 - 137137888 ____A C:\Users\Berneti\Downloads\@bet_huertgen_1.11.7z

2012-07-13 15:04 - 2012-07-13 14:49 - 79536481 ____A C:\Users\Berneti\Downloads\Hazar-Kotv1.zip

2012-07-13 15:01 - 2012-07-13 14:51 - 93131370 ____A C:\Users\Berneti\Downloads\Ovaron1.3.7z

2012-07-13 14:55 - 2012-07-13 14:49 - 82163805 ____A C:\Users\Berneti\Downloads\MCN_Aliabadv11.7z

2012-07-11 03:31 - 2012-07-11 02:36 - 211517572 ____A C:\Users\Berneti\Downloads\@ACEX_RU_v1.13.0.64.7z

2012-07-11 03:29 - 2012-07-11 02:39 - 567894761 ____A C:\Users\Berneti\Downloads\@ACEX_v1.13.0.353.7z

2012-07-11 03:08 - 2012-07-11 02:37 - 85638470 ____A C:\Users\Berneti\Downloads\@ACEX_USNavy_v1.13.0.67.7z

2012-07-11 03:01 - 2012-07-11 02:36 - 119990114 ____A C:\Users\Berneti\Downloads\@ACEX_SM_v1.13.0.100.7z

2012-07-10 03:22 - 2012-07-10 03:22 - 00002573 ____A C:\Users\Public\Desktop\Six Updater.lnk

2012-07-10 03:22 - 2012-07-10 03:22 - 00002573 ____A C:\Users\Public\Desktop\Six Launcher.lnk

2012-07-09 02:38 - 2012-07-09 02:38 - 03570789 ____A C:\Users\Berneti\Downloads\Lost_55.rar

2012-07-04 14:16 - 2012-08-14 22:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-07-04 14:13 - 2012-08-14 22:27 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-07-04 14:13 - 2012-08-14 22:27 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-07-04 13:16 - 2012-08-14 22:27 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-07-04 13:14 - 2012-08-14 22:27 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-07-03 10:46 - 2012-08-15 03:35 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-03 02:11 - 2012-07-02 19:53 - 219323521 ____A C:\Users\Berneti\Downloads\TMT_BETA001.7z

2012-07-01 10:30 - 2012-07-01 10:27 - 11843348 ____A C:\Users\Berneti\Downloads\GLT_JAS39.7z

2012-07-01 10:30 - 2012-07-01 10:26 - 01302634 ____A C:\Users\Berneti\Downloads\Nogovan_Jas39_v11.7z

2012-07-01 09:35 - 2012-07-01 08:07 - 237089258 ____A C:\Users\Berneti\Downloads\@NAF_v10b.7z

2012-07-01 08:00 - 2012-07-01 07:56 - 19273748 ____A C:\Users\Berneti\Downloads\NAF_hotfix.7z

2012-06-30 13:07 - 2012-06-30 08:21 - 49761273 ____A C:\Users\Berneti\Downloads\SWM_Swiss_Armory_v2.0.7z

2012-06-30 13:06 - 2012-06-30 08:20 - 33352650 ____A C:\Users\Berneti\Downloads\DanishArmyV1.1.7z

2012-06-30 13:06 - 2012-06-30 08:18 - 182996958 ____A C:\Users\Berneti\Downloads\A2020DutchForcesv5.2.7z

2012-06-30 12:57 - 2012-06-30 08:12 - 30047610 ____A C:\Users\Berneti\Downloads\ua_mp_2011.rar

2012-06-30 09:28 - 2012-06-30 08:11 - 20741317 ____A C:\Users\Berneti\Downloads\rozvidkaua_eng.rar

2012-06-30 09:20 - 2012-06-30 08:10 - 29296963 ____A C:\Users\Berneti\Downloads\TR_specialforce.rar

2012-06-30 09:18 - 2012-06-30 08:05 - 49687573 ____A C:\Users\Berneti\Downloads\_dshg_vdv_desert_sarmat_02.7z

2012-06-30 09:06 - 2012-06-30 08:05 - 47857533 ____A C:\Users\Berneti\Downloads\@DSHG_sarmat_03.7z

2012-06-30 09:04 - 2012-06-30 08:03 - 142646106 ____A C:\Users\Berneti\Downloads\RH_aks 1.2.7z

2012-06-30 08:44 - 2012-06-30 08:03 - 61306141 ____A C:\Users\Berneti\Downloads\ua_zs_2010_eng.rar

2012-06-30 08:30 - 2012-06-30 08:01 - 50147865 ____A C:\Users\Berneti\Downloads\SBE_ACR.7z

2012-06-30 08:13 - 2012-06-30 08:07 - 02827061 ____A C:\Users\Berneti\Downloads\BINK_OMON_v1.2.7z

2012-06-30 08:13 - 2012-06-30 08:00 - 34043748 ____A C:\Users\Berneti\Downloads\_SG_IRA_v12.rar

2012-06-29 02:17 - 2012-06-29 02:16 - 04580985 ____A C:\Users\Berneti\Downloads\TGW_M2A2_Woodland_v1_1.rar

2012-06-29 02:15 - 2012-06-28 18:46 - 14507806 ____A C:\Users\Berneti\Downloads\TGWRAH66v1.1.rar

2012-06-29 02:14 - 2012-06-28 18:46 - 58197720 ____A C:\Users\Berneti\Downloads\trh_lyx_v12.7z

2012-06-29 02:14 - 2012-06-28 18:45 - 16692451 ____A C:\Users\Berneti\Downloads\trh_lr_v13.7z

2012-06-29 02:14 - 2012-06-28 18:44 - 50475822 ____A C:\Users\Berneti\Downloads\trh_tm_v13.7z

2012-06-29 02:14 - 2012-06-28 18:44 - 13462966 ____A C:\Users\Berneti\Downloads\trh_lrfc_v12.7z

2012-06-29 02:13 - 2012-06-28 18:43 - 24273995 ____A C:\Users\Berneti\Downloads\trh_mj_v11.7z

2012-06-29 02:13 - 2012-06-28 18:43 - 16694742 ____A C:\Users\Berneti\Downloads\trh_stolly_v11.7z

2012-06-29 02:13 - 2012-06-28 15:09 - 14330887 ____A C:\Users\Berneti\Downloads\trh_sar_v10.7z

2012-06-29 02:13 - 2012-06-28 15:09 - 13071738 ____A C:\Users\Berneti\Downloads\trh_frt_v13.7z

2012-06-29 02:12 - 2012-06-28 15:09 - 12227399 ____A C:\Users\Berneti\Downloads\trh_fox.7z

2012-06-29 02:12 - 2012-06-28 15:08 - 82516700 ____A C:\Users\Berneti\Downloads\rhs_btr70_1.0.7z

2012-06-29 02:12 - 2012-06-28 15:08 - 03156837 ____A C:\Users\Berneti\Downloads\rhs_decals_1.3.rar

2012-06-29 02:11 - 2012-06-28 15:07 - 96565039 ____A C:\Users\Berneti\Downloads\rhs_bmd2_1.6.rar

2012-06-28 20:55 - 2012-08-15 00:03 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-28 20:09 - 2012-08-15 00:03 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-28 19:56 - 2012-08-15 00:03 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-28 19:49 - 2012-08-15 00:03 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-28 19:49 - 2012-08-15 00:03 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-28 19:48 - 2012-08-15 00:03 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-28 19:47 - 2012-08-15 00:03 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-28 19:45 - 2012-08-15 00:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-28 19:44 - 2012-08-15 00:03 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-28 19:43 - 2012-08-15 00:03 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-28 19:42 - 2012-08-15 00:03 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-28 19:40 - 2012-08-15 00:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-28 19:39 - 2012-08-15 00:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-28 19:35 - 2012-08-15 00:03 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-28 16:52 - 2012-08-15 00:03 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-28 16:27 - 2012-08-15 00:03 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-28 16:16 - 2012-08-15 00:03 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-28 16:09 - 2012-08-15 00:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-28 16:09 - 2012-08-15 00:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-28 16:08 - 2012-08-15 00:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-28 16:07 - 2012-08-15 00:03 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-28 16:06 - 2012-08-15 00:03 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-28 16:04 - 2012-08-15 00:03 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-28 16:04 - 2012-08-15 00:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-28 16:01 - 2012-08-15 00:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-28 16:01 - 2012-08-15 00:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-28 16:00 - 2012-08-15 00:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-28 15:57 - 2012-08-15 00:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-28 03:54 - 2012-06-28 03:31 - 26757983 ____A C:\Users\Berneti\Downloads\trh_warr_v14.7z

2012-06-28 02:22 - 2012-06-27 19:34 - 16056800 ____A C:\Users\Berneti\Downloads\trh_fv_v15.7z

2012-06-28 02:21 - 2012-06-27 19:33 - 29259585 ____A C:\Users\Berneti\Downloads\@cleggy_1.1_fixed.7z

2012-06-28 02:21 - 2012-06-27 19:33 - 12911688 ____A C:\Users\Berneti\Downloads\trh_scorp_v13.7z

2012-06-28 02:21 - 2012-06-27 19:32 - 10676340 ____A C:\Users\Berneti\Downloads\trh_ctt.7z

2012-06-28 02:20 - 2012-06-27 19:32 - 40999343 ____A C:\Users\Berneti\Downloads\trh_cent_v11.7z

2012-06-28 02:20 - 2012-06-27 19:31 - 45456588 ____A C:\Users\Berneti\Downloads\Neo-asiaMBTpack_v3.0.7z

2012-06-28 02:17 - 2012-06-27 02:45 - 131184477 ____A C:\Users\Berneti\Downloads\amt_v_1.41.rar

2012-06-27 20:02 - 2012-06-27 19:34 - 131184477 ____A C:\Users\Berneti\Downloads\amt_v_1.41 (1).rar

2012-06-27 02:18 - 2012-06-26 16:14 - 84771629 ____A C:\Users\Berneti\Downloads\PatchTo0.85.7z

2012-06-27 02:18 - 2012-06-26 16:14 - 402280213 ____A C:\Users\Berneti\Downloads\AnzacMod0.8.7z

2012-06-27 02:17 - 2012-06-26 16:15 - 1837791626 ____A C:\Users\Berneti\Downloads\@DSO7.zip

2012-06-27 02:16 - 2012-06-26 16:16 - 802941646 ____A C:\Users\Berneti\Downloads\@DSO8.zip

2012-06-26 02:55 - 2012-06-26 02:25 - 122661428 ____A C:\Users\Berneti\Downloads\FFAA_ARMAS_Arma2OA_v5.1.7z

2012-06-26 02:45 - 2012-06-26 02:17 - 111322537 ____A C:\Users\Berneti\Downloads\mar_2MAW_V2.1.zip

2012-06-26 02:29 - 2012-06-26 02:22 - 06452449 ____A C:\Users\Berneti\Downloads\FFAA_MOE_Arma2OA_v5.1.7z

2012-06-26 02:29 - 2012-06-26 02:20 - 59514532 ____A C:\Users\Berneti\Downloads\FFAA_BRILAT_Arma2OA_v5.1.7z

2012-06-26 02:28 - 2012-06-26 02:20 - 59769894 ____A C:\Users\Berneti\Downloads\FFAA_ET_Arma2OA_v5.1.7z

2012-06-26 02:12 - 2012-06-25 18:32 - 1063933635 ____A C:\Users\Berneti\Downloads\ffaa_mod_v5.zip

2012-06-25 18:40 - 2012-06-25 18:32 - 44236529 ____A C:\Users\Berneti\Downloads\ffaa_im.7z

2012-06-24 12:30 - 2012-06-24 12:12 - 106587667 ____A C:\Users\Berneti\Downloads\@Greek_Units.rar

2012-06-24 12:12 - 2012-06-24 12:12 - 01987168 ____A C:\Users\Berneti\Downloads\@Greek_units_FIX.rar

2012-06-24 12:11 - 2012-06-24 12:10 - 09226538 ____A C:\Users\Berneti\Downloads\@Greek_Units_upd_1_1.rar

2012-06-24 12:04 - 2012-06-24 12:01 - 30553438 ____A C:\Users\Berneti\Downloads\@blx_ridgeback_v1.1.7z

2012-06-24 11:44 - 2012-06-24 11:44 - 01006803 ____A C:\Users\Berneti\Downloads\Apocalypse_15.zip

2012-06-24 07:38 - 2012-06-24 07:15 - 250346628 ____A C:\Users\Berneti\Downloads\@APM.rar

2012-06-23 07:36 - 2012-06-23 07:35 - 05551031 ____A C:\Users\Berneti\Downloads\rkttu22m3_beta2.7z

2012-06-23 07:36 - 2012-06-23 07:33 - 04317190 ____A C:\Users\Berneti\Downloads\Gnat_B52_Beta3.7z

2012-06-21 02:25 - 2010-07-10 18:58 - 00162389 ____A C:\lxdd.log

2012-06-20 02:31 - 2012-06-20 02:22 - 81003353 ____A C:\Users\Berneti\Downloads\GLT_Missilebox_complete_v351.7z

2012-06-20 02:27 - 2012-06-20 02:21 - 66972518 ____A C:\Users\Berneti\Downloads\TomcatV1.4.rar

2012-06-15 15:51 - 2012-06-15 15:08 - 89970088 ____A C:\Users\Berneti\Downloads\dingor_v10.7z

2012-06-15 15:34 - 2012-06-15 15:11 - 62542067 ____A C:\Users\Berneti\Downloads\_SG_FSB_v20.rar

2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys

2012-06-11 10:50 - 2012-06-11 10:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll

2012-06-11 10:50 - 2012-06-11 10:50 - 00187392 ____A C:\Windows\System32\clinfo.exe

2012-06-11 10:50 - 2012-06-11 10:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll

2012-06-11 10:50 - 2012-06-11 10:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll

2012-06-11 10:50 - 2012-06-11 10:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll

2012-06-11 10:50 - 2012-06-11 10:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll

2012-06-11 10:49 - 2012-06-11 10:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll

2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll

2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll

2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll

2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb

2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb

2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe

2012-06-11 09:24 - 2010-11-25 18:58 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll

2012-06-11 09:23 - 2010-11-25 18:57 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll

2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll

2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe

2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe

2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll

2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll

2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll

2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll

2012-06-11 09:16 - 2010-11-25 18:49 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll

2012-06-11 09:01 - 2010-11-25 18:40 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll

2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll

2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap

2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll

2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll

2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll

2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll

2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll

2012-06-11 08:45 - 2010-11-25 18:30 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll

2012-06-11 08:43 - 2010-11-25 18:22 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll

2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap

2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll

2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll

2012-06-11 08:27 - 2012-06-11 08:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll

2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll

2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys

2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll

2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll

2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll

2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll

2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll

2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll

2012-06-11 08:25 - 2010-11-25 18:16 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll

2012-06-11 08:25 - 2010-11-25 18:15 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll

2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll

2012-06-11 08:24 - 2010-11-25 18:15 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll

2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll

2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll

2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll

2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll

2012-06-08 21:43 - 2012-07-10 23:34 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-10 23:34 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-06 17:59 - 2012-06-06 17:59 - 01070152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX

2012-06-05 22:06 - 2012-07-10 23:34 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-10 23:34 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-10 23:32 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-10 23:34 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-10 23:34 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-10 23:33 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-02 14:19 - 2012-06-18 20:54 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-18 20:54 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-18 20:54 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-18 20:54 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-18 20:54 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-18 20:54 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-18 20:54 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 12:19 - 2012-06-18 20:54 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 12:15 - 2012-06-18 20:54 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 11:14 - 2012-06-02 03:22 - 176243517 ____A C:\Users\Berneti\Downloads\csla_a2co_ver.2.13.zip

2012-06-01 21:50 - 2012-07-10 23:34 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-10 23:34 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-10 23:34 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-10 23:34 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-10 23:34 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-10 23:34 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-10 23:33 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-10 23:34 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-10 23:33 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-30 02:06 - 2012-05-29 15:44 - 35510970 ____A C:\Users\Berneti\Downloads\PRACS Mohawk v3.5.7z

2012-05-30 02:05 - 2012-05-29 15:44 - 67930413 ____A C:\Users\Berneti\Downloads\PRACS F16 v3.5.7z

2012-05-30 02:05 - 2012-05-29 15:44 - 37476418 ____A C:\Users\Berneti\Downloads\PRACS A4 v3.5.7z

2012-05-30 02:04 - 2012-05-29 15:44 - 36836701 ____A C:\Users\Berneti\Downloads\PRACS F15 v3.5.7z

2012-05-30 02:04 - 2012-05-29 15:44 - 35874267 ____A C:\Users\Berneti\Downloads\PRACS Mirage3 v3.5.7z

2012-05-30 02:03 - 2012-05-29 15:44 - 40802860 ____A C:\Users\Berneti\Downloads\PRACS Etendard v3.5.7z

2012-05-30 02:02 - 2012-05-29 15:44 - 48827018 ____A C:\Users\Berneti\Downloads\PRACS C130 v3.5.7z

2012-05-23 02:07 - 2012-05-23 02:07 - 00000806 ____A C:\Users\Berneti\Desktop\ARMA2.lnk

2012-05-19 06:51 - 2012-05-19 06:50 - 00000858 ____A C:\Users\Berneti\Desktop\ARMA2 - APOC.lnk

2012-05-19 05:15 - 2012-05-19 05:15 - 00000900 ____A C:\Users\Berneti\Desktop\ARMA2 - APOC ALL.lnk

2012-05-18 02:00 - 2012-05-17 18:29 - 433678141 ____A C:\Users\Berneti\Downloads\lingor_v14_lite.7z

ZeroAccess:

C:\Windows\Installer\{3530c6b6-4c87-9c84-83e8-3c881e0a4eaf}

C:\Windows\Installer\{3530c6b6-4c87-9c84-83e8-3c881e0a4eaf}\@

C:\Windows\Installer\{3530c6b6-4c87-9c84-83e8-3c881e0a4eaf}\L

C:\Windows\Installer\{3530c6b6-4c87-9c84-83e8-3c881e0a4eaf}\U

C:\Windows\Installer\{3530c6b6-4c87-9c84-83e8-3c881e0a4eaf}\L\00000004.@

C:\Windows\Installer\{3530c6b6-4c87-9c84-83e8-3c881e0a4eaf}\L\201d3dde

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

Type 00 partition infection:

C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%

Total physical RAM: 8183.11 MB

Available physical RAM: 7242.93 MB

Total Pagefile: 8181.26 MB

Available Pagefile: 7238.34 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Gateway) (Fixed) (Total:916.41 GB) (Free:486.31 GB) NTFS

2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:5.36 GB) NTFS

4 Drive g: (KINGSTON) (Removable) (Total:0.95 GB) (Free:0.93 GB) FAT

10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

11 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 974 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Disk 6 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 15 GB 1024 KB

Partition 2 Primary 100 MB 15 GB

Partition 3 Primary 916 GB 15 GB

==================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E PQSERVICE NTFS Partition 15 GB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C Gateway NTFS Partition 916 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 973 MB 120 KB

==================================================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G KINGSTON FAT Removable 973 MB Healthy

==================================================================================

Last Boot: 2012-08-06 21:13

======================= End Of Log ==========================

Search.txt

Farbar Recovery Scan Tool Version: 15-08-2012

Ran by SYSTEM at 2012-08-15 16:18:54

Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

[MrCharlie]

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

[markb50k]

FIXLOG

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-08-2012

Ran by SYSTEM at 2012-08-15 16:45:08 Run:1

Running from G:\

==============================================

C:\Windows\Installer\{3530c6b6-4c87-9c84-83e8-3c881e0a4eaf} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====

[MrCharlie]

A couple of more scans to run.........

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[markb50k]

Just want to say THANK YOU for all the help so far...

TDSSKiller Log

16:51:19.0669 4164 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05

16:51:19.0747 4164 ============================================================

16:51:19.0747 4164 Current date / time: 2012/08/15 16:51:19.0747

16:51:19.0747 4164 SystemInfo:

16:51:19.0747 4164

16:51:19.0747 4164 OS Version: 6.1.7601 ServicePack: 1.0

16:51:19.0747 4164 Product type: Workstation

16:51:19.0747 4164 ComputerName: BERNETI-PC

16:51:19.0747 4164 UserName: Berneti

16:51:19.0747 4164 Windows directory: C:\Windows

16:51:19.0747 4164 System windows directory: C:\Windows

16:51:19.0747 4164 Running under WOW64

16:51:19.0747 4164 Processor architecture: Intel x64

16:51:19.0747 4164 Number of processors: 8

16:51:19.0747 4164 Page size: 0x1000

16:51:19.0747 4164 Boot type: Normal boot

16:51:19.0747 4164 ============================================================

16:51:23.0803 4164 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:51:23.0850 4164 ============================================================

16:51:23.0850 4164 \Device\Harddisk0\DR0:

16:51:23.0850 4164 MBR partitions:

16:51:23.0850 4164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000

16:51:23.0850 4164 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x728D3800

16:51:23.0850 4164 ============================================================

16:51:23.0881 4164 C: <-> \Device\Harddisk0\DR0\Partition2

16:51:23.0881 4164 ============================================================

16:51:23.0881 4164 Initialize success

16:51:23.0881 4164 ============================================================

16:52:09.0272 4136 ============================================================

16:52:09.0272 4136 Scan started

16:52:09.0272 4136 Mode: Manual; SigCheck; TDLFS;

16:52:09.0272 4136 ============================================================

16:52:09.0959 4136 ================ Scan services =============================

16:52:10.0271 4136 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

16:52:10.0411 4136 1394ohci - ok

16:52:10.0474 4136 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

16:52:10.0520 4136 ACPI - ok

16:52:10.0567 4136 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

16:52:10.0645 4136 AcpiPmi - ok

16:52:10.0754 4136 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

16:52:10.0786 4136 AdobeFlashPlayerUpdateSvc - ok

16:52:10.0832 4136 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

16:52:10.0848 4136 adp94xx - ok

16:52:10.0864 4136 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

16:52:10.0879 4136 adpahci - ok

16:52:10.0895 4136 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

16:52:10.0910 4136 adpu320 - ok

16:52:10.0942 4136 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

16:52:11.0082 4136 AeLookupSvc - ok

16:52:11.0207 4136 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys

16:52:11.0332 4136 AFD - ok

16:52:11.0394 4136 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

16:52:11.0410 4136 agp440 - ok

16:52:11.0441 4136 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe

16:52:11.0534 4136 ALG - ok

16:52:11.0581 4136 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys

16:52:11.0612 4136 aliide - ok

16:52:11.0659 4136 [ 9c616ba191b80f5cd1a1b9553e107100 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

16:52:11.0800 4136 AMD External Events Utility - ok

16:52:11.0800 4136 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys

16:52:11.0831 4136 amdide - ok

16:52:11.0862 4136 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

16:52:11.0971 4136 AmdK8 - ok

16:52:12.0502 4136 [ 5165e83751b8ff40e5e4925996fcc506 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

16:52:12.0751 4136 amdkmdag - ok

16:52:12.0814 4136 [ 86ab3cf484260c4318f3a6e8b035f422 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

16:52:12.0876 4136 amdkmdap - ok

16:52:12.0954 4136 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

16:52:13.0016 4136 AmdPPM - ok

16:52:13.0110 4136 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

16:52:13.0141 4136 amdsata - ok

16:52:13.0204 4136 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

16:52:13.0235 4136 amdsbs - ok

16:52:13.0266 4136 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

16:52:13.0282 4136 amdxata - ok

16:52:13.0391 4136 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys

16:52:14.0233 4136 AppID - ok

16:52:14.0264 4136 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

16:52:14.0405 4136 AppIDSvc - ok

16:52:14.0436 4136 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll

16:52:14.0530 4136 Appinfo - ok

16:52:14.0623 4136 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

16:52:14.0639 4136 Apple Mobile Device - ok

16:52:14.0670 4136 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys

16:52:14.0701 4136 arc - ok

16:52:14.0732 4136 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

16:52:14.0732 4136 arcsas - ok

16:52:14.0748 4136 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

16:52:14.0826 4136 AsyncMac - ok

16:52:14.0873 4136 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys

16:52:14.0888 4136 atapi - ok

16:52:14.0935 4136 [ 24464b908e143d2561e9e452fee97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

16:52:14.0966 4136 AtiHDAudioService - ok

16:52:14.0998 4136 [ fb7602c5c508be281368aae0b61b51c6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

16:52:15.0013 4136 AtiHdmiService - ok

16:52:15.0060 4136 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

16:52:15.0185 4136 AudioEndpointBuilder - ok

16:52:15.0185 4136 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

16:52:15.0216 4136 AudioSrv - ok

16:52:15.0263 4136 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll

16:52:15.0372 4136 AxInstSV - ok

16:52:15.0419 4136 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

16:52:15.0481 4136 b06bdrv - ok

16:52:15.0528 4136 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

16:52:15.0575 4136 b57nd60a - ok

16:52:15.0653 4136 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll

16:52:15.0684 4136 BDESVC - ok

16:52:15.0700 4136 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

16:52:15.0762 4136 Beep - ok

16:52:15.0793 4136 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

16:52:15.0809 4136 blbdrive - ok

16:52:15.0902 4136 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

16:52:15.0934 4136 Bonjour Service - ok

16:52:15.0965 4136 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

16:52:15.0996 4136 bowser - ok

16:52:16.0027 4136 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

16:52:16.0090 4136 BrFiltLo - ok

16:52:16.0105 4136 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

16:52:16.0121 4136 BrFiltUp - ok

16:52:16.0199 4136 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll

16:52:16.0261 4136 Browser - ok

16:52:16.0277 4136 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys

16:52:16.0355 4136 Brserid - ok

16:52:16.0370 4136 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

16:52:16.0386 4136 BrSerWdm - ok

16:52:16.0402 4136 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

16:52:16.0448 4136 BrUsbMdm - ok

16:52:16.0464 4136 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

16:52:16.0480 4136 BrUsbSer - ok

16:52:16.0495 4136 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

16:52:16.0526 4136 BTHMODEM - ok

16:52:16.0573 4136 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll

16:52:16.0636 4136 bthserv - ok

16:52:16.0636 4136 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

16:52:16.0698 4136 cdfs - ok

16:52:16.0760 4136 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

16:52:16.0807 4136 cdrom - ok

16:52:16.0870 4136 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll

16:52:16.0948 4136 CertPropSvc - ok

16:52:16.0979 4136 [ 274ce03459896006f7a5069266e0469e ] cfwids C:\Windows\system32\drivers\cfwids.sys

16:52:16.0994 4136 cfwids - ok

16:52:17.0010 4136 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys

16:52:17.0057 4136 circlass - ok

16:52:17.0088 4136 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys

16:52:17.0119 4136 CLFS - ok

16:52:17.0166 4136 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:52:17.0197 4136 clr_optimization_v2.0.50727_32 - ok

16:52:17.0197 4136 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:52:17.0213 4136 clr_optimization_v2.0.50727_64 - ok

16:52:17.0291 4136 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:52:17.0353 4136 clr_optimization_v4.0.30319_32 - ok

16:52:17.0400 4136 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:52:17.0416 4136 clr_optimization_v4.0.30319_64 - ok

16:52:17.0431 4136 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

16:52:17.0494 4136 CmBatt - ok

16:52:17.0525 4136 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys

16:52:17.0540 4136 cmdide - ok

16:52:17.0587 4136 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys

16:52:17.0634 4136 CNG - ok

16:52:17.0634 4136 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

16:52:17.0650 4136 Compbatt - ok

16:52:17.0712 4136 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

16:52:17.0759 4136 CompositeBus - ok

16:52:17.0759 4136 COMSysApp - ok

16:52:17.0790 4136 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

16:52:17.0806 4136 crcdisk - ok

16:52:17.0837 4136 [ c8bd651e13895b93ed9ec5b4f1df42bc ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

16:52:17.0852 4136 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning

16:52:17.0852 4136 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)

16:52:17.0884 4136 [ c0ead9f8ab83d41ff07303c75589c2b8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

16:52:17.0915 4136 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning

16:52:17.0915 4136 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)

16:52:17.0962 4136 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

16:52:17.0993 4136 CryptSvc - ok

16:52:18.0055 4136 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll

16:52:18.0133 4136 DcomLaunch - ok

16:52:18.0164 4136 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll

16:52:18.0227 4136 defragsvc - ok

16:52:18.0258 4136 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

16:52:18.0320 4136 DfsC - ok

16:52:18.0336 4136 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll

16:52:18.0367 4136 Dhcp - ok

16:52:18.0398 4136 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys

16:52:18.0430 4136 discache - ok

16:52:18.0461 4136 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys

16:52:18.0476 4136 Disk - ok

16:52:18.0508 4136 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

16:52:18.0570 4136 Dnscache - ok

16:52:18.0601 4136 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll

16:52:18.0664 4136 dot3svc - ok

16:52:18.0664 4136 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll

16:52:18.0726 4136 DPS - ok

16:52:18.0757 4136 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

16:52:18.0804 4136 drmkaud - ok

16:52:18.0851 4136 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

16:52:18.0882 4136 DXGKrnl - ok

16:52:18.0913 4136 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll

16:52:18.0944 4136 EapHost - ok

16:52:19.0007 4136 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

16:52:19.0116 4136 ebdrv - ok

16:52:19.0147 4136 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe

16:52:19.0225 4136 EFS - ok

16:52:19.0256 4136 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

16:52:19.0350 4136 ehRecvr - ok

16:52:19.0366 4136 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe

16:52:19.0444 4136 ehSched - ok

16:52:19.0475 4136 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

16:52:19.0506 4136 elxstor - ok

16:52:19.0537 4136 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys

16:52:19.0584 4136 ErrDev - ok

16:52:19.0615 4136 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll

16:52:19.0662 4136 EventSystem - ok

16:52:19.0678 4136 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys

16:52:19.0740 4136 exfat - ok

16:52:19.0756 4136 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys

16:52:19.0787 4136 fastfat - ok

16:52:19.0802 4136 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe

16:52:19.0865 4136 Fax - ok

16:52:19.0880 4136 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys

16:52:19.0927 4136 fdc - ok

16:52:19.0943 4136 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll

16:52:20.0021 4136 fdPHost - ok

16:52:20.0036 4136 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

16:52:20.0068 4136 FDResPub - ok

16:52:20.0083 4136 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

16:52:20.0099 4136 FileInfo - ok

16:52:20.0099 4136 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

16:52:20.0177 4136 Filetrace - ok

16:52:20.0192 4136 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

16:52:20.0208 4136 flpydisk - ok

16:52:20.0224 4136 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

16:52:20.0239 4136 FltMgr - ok

16:52:20.0302 4136 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll

16:52:20.0348 4136 FontCache - ok

16:52:20.0426 4136 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:52:20.0442 4136 FontCache3.0.0.0 - ok

16:52:20.0473 4136 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

16:52:20.0504 4136 FsDepends - ok

16:52:20.0551 4136 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

16:52:20.0567 4136 Fs_Rec - ok

16:52:20.0629 4136 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

16:52:20.0645 4136 fvevol - ok

16:52:20.0676 4136 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

16:52:20.0692 4136 gagp30kx - ok

16:52:20.0723 4136 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

16:52:20.0723 4136 GEARAspiWDM - ok

16:52:20.0770 4136 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll

16:52:20.0848 4136 gpsvc - ok

16:52:20.0926 4136 [ 816fd5a6f3c2f3d600900096632fc60e ] Greg_Service C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

16:52:20.0957 4136 Greg_Service - ok

16:52:20.0988 4136 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:52:21.0004 4136 gupdate - ok

16:52:21.0050 4136 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:52:21.0066 4136 gupdatem - ok

16:52:21.0113 4136 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

16:52:21.0128 4136 gusvc - ok

16:52:21.0144 4136 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

16:52:21.0206 4136 hcw85cir - ok

16:52:21.0253 4136 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

16:52:21.0284 4136 HdAudAddService - ok

16:52:21.0316 4136 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

16:52:21.0362 4136 HDAudBus - ok

16:52:21.0394 4136 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

16:52:21.0409 4136 HidBatt - ok

16:52:21.0425 4136 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

16:52:21.0456 4136 HidBth - ok

16:52:21.0472 4136 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

16:52:21.0487 4136 HidIr - ok

16:52:21.0534 4136 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll

16:52:21.0612 4136 hidserv - ok

16:52:21.0628 4136 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys

16:52:21.0643 4136 HidUsb - ok

16:52:21.0674 4136 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll

16:52:21.0737 4136 hkmsvc - ok

16:52:21.0752 4136 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll

16:52:21.0830 4136 HomeGroupListener - ok

16:52:21.0862 4136 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

16:52:21.0908 4136 HomeGroupProvider - ok

16:52:21.0940 4136 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

16:52:21.0971 4136 HpSAMD - ok

16:52:22.0096 4136 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

16:52:22.0361 4136 HTTP - ok

16:52:22.0392 4136 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

16:52:22.0392 4136 hwpolicy - ok

16:52:22.0454 4136 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

16:52:22.0486 4136 i8042prt - ok

16:52:22.0610 4136 [ 660bf3255a1eb18ed803fd2fba6ae400 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

16:52:22.0673 4136 IAANTMON - ok

16:52:22.0860 4136 [ be7d72fcf442c26975942007e0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

16:52:22.0891 4136 iaStor - ok

16:52:22.0954 4136 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

16:52:22.0985 4136 iaStorV - ok

16:52:23.0156 4136 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:52:23.0203 4136 idsvc - ok

16:52:23.0281 4136 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

16:52:23.0312 4136 iirsp - ok

16:52:23.0453 4136 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll

16:52:23.0562 4136 IKEEXT - ok

16:52:23.0999 4136 [ 2e3b99e8c23be2bf32ebe1db5261f275 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

16:52:24.0061 4136 IntcAzAudAddService - ok

16:52:24.0092 4136 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys

16:52:24.0108 4136 intelide - ok

16:52:24.0155 4136 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

16:52:24.0202 4136 intelppm - ok

16:52:24.0233 4136 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll

16:52:24.0248 4136 IPBusEnum - ok

16:52:24.0295 4136 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:52:24.0342 4136 IpFilterDriver - ok

16:52:24.0358 4136 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

16:52:24.0373 4136 IPMIDRV - ok

16:52:24.0389 4136 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

16:52:24.0514 4136 IPNAT - ok

16:52:24.0576 4136 [ 755e4ba6dce627a2683bb7640553c8d6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

16:52:24.0623 4136 iPod Service - ok

16:52:24.0638 4136 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

16:52:24.0716 4136 IRENUM - ok

16:52:24.0763 4136 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

16:52:24.0794 4136 isapnp - ok

16:52:24.0841 4136 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

16:52:24.0872 4136 iScsiPrt - ok

16:52:24.0904 4136 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

16:52:24.0919 4136 kbdclass - ok

16:52:24.0950 4136 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

16:52:24.0997 4136 kbdhid - ok

16:52:25.0028 4136 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe

16:52:25.0060 4136 KeyIso - ok

16:52:25.0075 4136 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

16:52:25.0091 4136 KSecDD - ok

16:52:25.0138 4136 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

16:52:25.0138 4136 KSecPkg - ok

16:52:25.0153 4136 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

16:52:25.0231 4136 ksthunk - ok

16:52:25.0262 4136 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll

16:52:25.0309 4136 KtmRm - ok

16:52:25.0340 4136 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll

16:52:25.0387 4136 LanmanServer - ok

16:52:25.0450 4136 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

16:52:25.0512 4136 LanmanWorkstation - ok

16:52:25.0543 4136 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

16:52:25.0606 4136 lltdio - ok

16:52:25.0637 4136 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll

16:52:25.0668 4136 lltdsvc - ok

16:52:25.0684 4136 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll

16:52:25.0715 4136 lmhosts - ok

16:52:25.0730 4136 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

16:52:25.0746 4136 LSI_FC - ok

16:52:25.0762 4136 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

16:52:25.0762 4136 LSI_SAS - ok

16:52:25.0777 4136 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

16:52:25.0793 4136 LSI_SAS2 - ok

16:52:25.0793 4136 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

16:52:25.0808 4136 LSI_SCSI - ok

16:52:25.0824 4136 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys

16:52:25.0871 4136 luafv - ok

16:52:25.0949 4136 [ b712940a0a11d8c70c36b06135ec3ffa ] lxddCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe

16:52:25.0980 4136 lxddCATSCustConnectService - ok

16:52:25.0980 4136 lxdd_device - ok

16:52:26.0042 4136 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

16:52:26.0058 4136 MBAMProtector - ok

16:52:26.0136 4136 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

16:52:26.0167 4136 MBAMService - ok

16:52:26.0198 4136 [ 8ff2d95cba49b405c5de27039ff0bf35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys

16:52:26.0230 4136 MBfilt - ok

16:52:26.0292 4136 [ be8c524313db75fa26fb2b0c0aaff88e ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

16:52:26.0308 4136 McAfee SiteAdvisor Service - ok

16:52:26.0386 4136 [ acb01bf1a905356ab7f978c7fe852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

16:52:26.0401 4136 McMPFSvc - ok

16:52:26.0417 4136 [ acb01bf1a905356ab7f978c7fe852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

16:52:26.0432 4136 mcmscsvc - ok

16:52:26.0448 4136 [ acb01bf1a905356ab7f978c7fe852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

16:52:26.0464 4136 McNaiAnn - ok

16:52:26.0464 4136 [ acb01bf1a905356ab7f978c7fe852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

16:52:26.0479 4136 McNASvc - ok

16:52:26.0557 4136 [ dd2321925274f2902929d76ce2b0eb45 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

16:52:26.0588 4136 McODS - ok

16:52:26.0604 4136 [ acb01bf1a905356ab7f978c7fe852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

16:52:26.0620 4136 McProxy - ok

16:52:26.0666 4136 [ e998e3b12101288d716558466cbf6ae1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

16:52:26.0698 4136 McShield - ok

16:52:26.0744 4136 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

16:52:26.0760 4136 Mcx2Svc - ok

16:52:26.0776 4136 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

16:52:26.0791 4136 megasas - ok

16:52:26.0822 4136 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

16:52:26.0854 4136 MegaSR - ok

16:52:26.0885 4136 [ 01884cb7655c8908b43ff5e364fe6fd2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

16:52:26.0900 4136 mfeapfk - ok

16:52:26.0932 4136 [ dab9a9cdfb04e4d68924492aa043019d ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

16:52:26.0947 4136 mfeavfk - ok

16:52:26.0947 4136 mfeavfk01 - ok

16:52:26.0978 4136 [ b26782c3d6045b4464017d7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

16:52:26.0994 4136 mfefire - ok

16:52:27.0025 4136 [ ce9a3680675c0907ade16404ca967b49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys

16:52:27.0041 4136 mfefirek - ok

16:52:27.0072 4136 [ 60cf67458dd29cd17e77f2327b1a9a54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

16:52:27.0088 4136 mfehidk - ok

16:52:27.0103 4136 [ a8129cfb919347f8533c934b365e9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys

16:52:27.0119 4136 mfenlfk - ok

16:52:27.0134 4136 [ 5041fa2bd2b3a2693b015771bfbf6dca ] mferkdet C:\Windows\system32\drivers\mferkdet.sys

16:52:27.0150 4136 mferkdet - ok

16:52:27.0166 4136 [ 723a5eb6cef7f408c3d0f15a82a6bff8 ] mfevtp C:\Windows\system32\mfevtps.exe

16:52:27.0181 4136 mfevtp - ok

16:52:27.0181 4136 [ 919c56db14a0e1e2ab6da5d2821dc26e ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys

16:52:27.0197 4136 mfewfpk - ok

16:52:27.0212 4136 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll

16:52:27.0259 4136 MMCSS - ok

16:52:27.0275 4136 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys

16:52:27.0337 4136 Modem - ok

16:52:27.0384 4136 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys

16:52:27.0431 4136 monitor - ok

16:52:27.0478 4136 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\drivers\mouclass.sys

16:52:27.0509 4136 mouclass - ok

16:52:27.0540 4136 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

16:52:27.0587 4136 mouhid - ok

16:52:27.0634 4136 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

16:52:27.0665 4136 mountmgr - ok

16:52:27.0696 4136 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys

16:52:27.0727 4136 mpio - ok

16:52:27.0743 4136 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

16:52:27.0758 4136 mpsdrv - ok

16:52:27.0805 4136 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

16:52:27.0852 4136 MRxDAV - ok

16:52:27.0899 4136 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

16:52:27.0930 4136 mrxsmb - ok

16:52:27.0977 4136 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:52:28.0024 4136 mrxsmb10 - ok

16:52:28.0039 4136 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:52:28.0055 4136 mrxsmb20 - ok

16:52:28.0070 4136 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys

16:52:28.0086 4136 msahci - ok

16:52:28.0102 4136 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

16:52:28.0117 4136 msdsm - ok

16:52:28.0133 4136 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe

16:52:28.0148 4136 MSDTC - ok

16:52:28.0164 4136 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

16:52:28.0180 4136 Msfs - ok

16:52:28.0195 4136 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

16:52:28.0226 4136 mshidkmdf - ok

16:52:28.0226 4136 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

16:52:28.0242 4136 msisadrv - ok

16:52:28.0258 4136 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

16:52:28.0304 4136 MSiSCSI - ok

16:52:28.0304 4136 msiserver - ok

16:52:28.0336 4136 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

16:52:28.0367 4136 MSKSSRV - ok

16:52:28.0382 4136 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

16:52:28.0429 4136 MSPCLOCK - ok

16:52:28.0445 4136 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

16:52:28.0523 4136 MSPQM - ok

16:52:28.0585 4136 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

16:52:28.0616 4136 MsRPC - ok

16:52:28.0632 4136 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

16:52:28.0648 4136 mssmbios - ok

16:52:28.0663 4136 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

16:52:28.0694 4136 MSTEE - ok

16:52:28.0710 4136 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

16:52:28.0726 4136 MTConfig - ok

16:52:28.0772 4136 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys

16:52:28.0788 4136 Mup - ok

16:52:28.0804 4136 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll

16:52:28.0835 4136 napagent - ok

16:52:28.0850 4136 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

16:52:28.0882 4136 NativeWifiP - ok

16:52:28.0928 4136 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys

16:52:28.0975 4136 NDIS - ok

16:52:28.0991 4136 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

16:52:29.0006 4136 NdisCap - ok

16:52:29.0038 4136 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

16:52:29.0100 4136 NdisTapi - ok

16:52:29.0162 4136 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

16:52:29.0209 4136 Ndisuio - ok

16:52:29.0240 4136 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

16:52:29.0318 4136 NdisWan - ok

16:52:29.0365 4136 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

16:52:29.0381 4136 NDProxy - ok

16:52:29.0443 4136 [ 7d2633295eb6ff2b938185874884059d ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

16:52:29.0474 4136 Nero BackItUp Scheduler 4.0 - ok

16:52:29.0490 4136 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

16:52:29.0552 4136 NetBIOS - ok

16:52:29.0568 4136 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

16:52:29.0630 4136 NetBT - ok

16:52:29.0662 4136 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe

16:52:29.0662 4136 Netlogon - ok

16:52:29.0693 4136 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll

16:52:29.0740 4136 Netman - ok

16:52:29.0771 4136 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll

16:52:29.0818 4136 netprofm - ok

16:52:29.0849 4136 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:52:29.0880 4136 NetTcpPortSharing - ok

16:52:29.0896 4136 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

16:52:29.0911 4136 nfrd960 - ok

16:52:29.0942 4136 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

16:52:30.0005 4136 NlaSvc - ok

16:52:30.0020 4136 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

16:52:30.0052 4136 Npfs - ok

16:52:30.0052 4136 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll

16:52:30.0083 4136 nsi - ok

16:52:30.0083 4136 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

16:52:30.0114 4136 nsiproxy - ok

16:52:30.0192 4136 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

16:52:30.0270 4136 Ntfs - ok

16:52:30.0286 4136 [ 070ec05d5b1447e9bbf4167980ad7518 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

16:52:30.0301 4136 NTI IScheduleSvc - ok

16:52:30.0317 4136 [ 64ddd0dee976302f4bd93e5efcc2f013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys

16:52:30.0317 4136 NTIDrvr - ok

16:52:30.0332 4136 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys

16:52:30.0379 4136 Null - ok

16:52:30.0442 4136 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys

16:52:30.0457 4136 nvraid - ok

16:52:30.0473 4136 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys

16:52:30.0504 4136 nvstor - ok

16:52:30.0520 4136 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

16:52:30.0535 4136 nv_agp - ok

16:52:30.0613 4136 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

16:52:30.0644 4136 odserv - ok

16:52:30.0644 4136 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

16:52:30.0660 4136 ohci1394 - ok

16:52:30.0691 4136 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:52:30.0707 4136 ose - ok

16:52:30.0722 4136 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

16:52:30.0785 4136 p2pimsvc - ok

16:52:30.0800 4136 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll

16:52:30.0832 4136 p2psvc - ok

16:52:30.0863 4136 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

16:52:30.0894 4136 Parport - ok

16:52:30.0925 4136 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys

16:52:30.0956 4136 partmgr - ok

16:52:30.0972 4136 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

16:52:31.0003 4136 PcaSvc - ok

16:52:31.0034 4136 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys

16:52:31.0034 4136 pci - ok

16:52:31.0050 4136 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys

16:52:31.0066 4136 pciide - ok

16:52:31.0081 4136 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

16:52:31.0097 4136 pcmcia - ok

16:52:31.0112 4136 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys

16:52:31.0128 4136 pcw - ok

16:52:31.0144 4136 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys

16:52:31.0206 4136 PEAUTH - ok

16:52:31.0284 4136 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe

16:52:31.0315 4136 PerfHost - ok

16:52:31.0346 4136 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll

16:52:31.0456 4136 pla - ok

16:52:31.0534 4136 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

16:52:31.0612 4136 PlugPlay - ok

16:52:31.0643 4136 PnkBstrA - ok

16:52:31.0658 4136 PnkBstrB - ok

16:52:31.0690 4136 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

16:52:31.0736 4136 PNRPAutoReg - ok

16:52:31.0768 4136 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

16:52:31.0783 4136 PNRPsvc - ok

16:52:31.0799 4136 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

16:52:31.0846 4136 PolicyAgent - ok

16:52:31.0877 4136 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll

16:52:31.0924 4136 Power - ok

16:52:31.0939 4136 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

16:52:31.0986 4136 PptpMiniport - ok

16:52:32.0017 4136 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys

16:52:32.0064 4136 Processor - ok

16:52:32.0095 4136 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll

16:52:32.0158 4136 ProfSvc - ok

16:52:32.0158 4136 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe

16:52:32.0173 4136 ProtectedStorage - ok

16:52:32.0220 4136 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys

16:52:32.0267 4136 Psched - ok

16:52:32.0314 4136 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

16:52:32.0376 4136 ql2300 - ok

16:52:32.0392 4136 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

16:52:32.0407 4136 ql40xx - ok

16:52:32.0423 4136 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll

16:52:32.0438 4136 QWAVE - ok

16:52:32.0454 4136 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

16:52:32.0485 4136 QWAVEdrv - ok

16:52:32.0501 4136 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

16:52:32.0532 4136 RasAcd - ok

16:52:32.0548 4136 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

16:52:32.0563 4136 RasAgileVpn - ok

16:52:32.0579 4136 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll

16:52:32.0610 4136 RasAuto - ok

16:52:32.0610 4136 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

16:52:32.0657 4136 Rasl2tp - ok

16:52:32.0688 4136 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll

16:52:32.0719 4136 RasMan - ok

16:52:32.0735 4136 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

16:52:32.0766 4136 RasPppoe - ok

16:52:32.0797 4136 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

16:52:32.0813 4136 RasSstp - ok

16:52:32.0828 4136 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

16:52:32.0891 4136 rdbss - ok

16:52:32.0922 4136 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

16:52:32.0938 4136 rdpbus - ok

16:52:32.0953 4136 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

16:52:32.0969 4136 RDPCDD - ok

16:52:32.0984 4136 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

16:52:33.0031 4136 RDPENCDD - ok

16:52:33.0047 4136 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

16:52:33.0062 4136 RDPREFMP - ok

16:52:33.0109 4136 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

16:52:33.0172 4136 RDPWD - ok

16:52:33.0203 4136 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

16:52:33.0234 4136 rdyboost - ok

16:52:33.0281 4136 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll

16:52:33.0343 4136 RemoteAccess - ok

16:52:33.0359 4136 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

16:52:33.0406 4136 RemoteRegistry - ok

16:52:33.0421 4136 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

16:52:33.0484 4136 RpcEptMapper - ok

16:52:33.0515 4136 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe

16:52:33.0546 4136 RpcLocator - ok

16:52:33.0608 4136 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll

16:52:33.0655 4136 RpcSs - ok

16:52:33.0655 4136 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

16:52:33.0702 4136 rspndr - ok

16:52:33.0733 4136 [ 7ea8d2eb9bbfd2ab8a3117a1e96d3b3a ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

16:52:33.0749 4136 RTL8167 - ok

16:52:33.0749 4136 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe

16:52:33.0764 4136 SamSs - ok

16:52:33.0796 4136 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

16:52:33.0811 4136 sbp2port - ok

16:52:33.0811 4136 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll

16:52:33.0842 4136 SCardSvr - ok

16:52:33.0874 4136 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

16:52:33.0952 4136 scfilter - ok

16:52:33.0983 4136 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll

16:52:34.0045 4136 Schedule - ok

16:52:34.0076 4136 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll

16:52:34.0123 4136 SCPolicySvc - ok

16:52:34.0139 4136 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

16:52:34.0217 4136 SDRSVC - ok

16:52:34.0217 4136 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

16:52:34.0295 4136 secdrv - ok

16:52:34.0310 4136 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll

16:52:34.0342 4136 seclogon - ok

16:52:34.0357 4136 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll

16:52:34.0373 4136 SENS - ok

16:52:34.0404 4136 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

16:52:34.0466 4136 SensrSvc - ok

16:52:34.0482 4136 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

16:52:34.0529 4136 Serenum - ok

16:52:34.0560 4136 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

16:52:34.0607 4136 Serial - ok

16:52:34.0638 4136 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

16:52:34.0685 4136 sermouse - ok

16:52:34.0716 4136 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll

16:52:34.0778 4136 SessionEnv - ok

16:52:34.0794 4136 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

16:52:34.0856 4136 sffdisk - ok

16:52:34.0888 4136 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

16:52:34.0919 4136 sffp_mmc - ok

16:52:34.0966 4136 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

16:52:35.0012 4136 sffp_sd - ok

16:52:35.0044 4136 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

16:52:35.0090 4136 sfloppy - ok

16:52:35.0122 4136 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll

16:52:35.0153 4136 ShellHWDetection - ok

16:52:35.0184 4136 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

16:52:35.0184 4136 SiSRaid2 - ok

16:52:35.0200 4136 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

16:52:35.0215 4136 SiSRaid4 - ok

16:52:35.0246 4136 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

16:52:35.0262 4136 Smb - ok

16:52:35.0293 4136 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe

16:52:35.0340 4136 SNMPTRAP - ok

16:52:35.0371 4136 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys

16:52:35.0387 4136 spldr - ok

16:52:35.0434 4136 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe

16:52:35.0480 4136 Spooler - ok

16:52:35.0558 4136 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe

16:52:35.0668 4136 sppsvc - ok

16:52:35.0683 4136 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

16:52:35.0699 4136 sppuinotify - ok

16:52:35.0746 4136 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys

16:52:35.0792 4136 srv - ok

16:52:35.0808 4136 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

16:52:35.0839 4136 srv2 - ok

16:52:35.0870 4136 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

16:52:35.0917 4136 srvnet - ok

16:52:35.0933 4136 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

16:52:35.0980 4136 SSDPSRV - ok

16:52:35.0995 4136 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll

16:52:36.0011 4136 SstpSvc - ok

16:52:36.0058 4136 Steam Client Service - ok

16:52:36.0073 4136 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

16:52:36.0089 4136 stexstor - ok

16:52:36.0151 4136 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll

16:52:36.0214 4136 stisvc - ok

16:52:36.0245 4136 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys

16:52:36.0276 4136 swenum - ok

16:52:36.0292 4136 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll

16:52:36.0370 4136 swprv - ok

16:52:36.0416 4136 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll

16:52:36.0494 4136 SysMain - ok

16:52:36.0526 4136 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

16:52:36.0541 4136 TabletInputService - ok

16:52:36.0588 4136 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

16:52:36.0650 4136 TapiSrv - ok

16:52:36.0682 4136 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll

16:52:36.0697 4136 TBS - ok

16:52:36.0775 4136 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

16:52:36.0838 4136 Tcpip - ok

16:52:36.0869 4136 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

16:52:36.0900 4136 TCPIP6 - ok

16:52:36.0916 4136 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

16:52:36.0978 4136 tcpipreg - ok

16:52:36.0994 4136 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

16:52:37.0056 4136 TDPIPE - ok

16:52:37.0103 4136 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

16:52:37.0118 4136 TDTCP - ok

16:52:37.0150 4136 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

16:52:37.0196 4136 tdx - ok

16:52:37.0212 4136 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys

16:52:37.0228 4136 TermDD - ok

16:52:37.0243 4136 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll

16:52:37.0306 4136 TermService - ok

16:52:37.0321 4136 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll

16:52:37.0368 4136 Themes - ok

16:52:37.0384 4136 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll

16:52:37.0415 4136 THREADORDER - ok

16:52:37.0430 4136 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll

16:52:37.0446 4136 TrkWks - ok

16:52:37.0462 4136 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

16:52:37.0508 4136 TrustedInstaller - ok

16:52:37.0524 4136 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

16:52:37.0555 4136 tssecsrv - ok

16:52:37.0618 4136 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

16:52:37.0680 4136 TsUsbFlt - ok

16:52:37.0742 4136 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

16:52:37.0805 4136 tunnel - ok

16:52:37.0852 4136 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

16:52:37.0852 4136 uagp35 - ok

16:52:37.0867 4136 [ 2e22c1fd397a5a9ffef55e9d1fc96c00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys

16:52:37.0883 4136 UBHelper - ok

16:52:37.0914 4136 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

16:52:37.0945 4136 udfs - ok

16:52:37.0961 4136 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

16:52:37.0976 4136 UI0Detect - ok

16:52:38.0008 4136 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

16:52:38.0008 4136 uliagpkx - ok

16:52:38.0054 4136 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\drivers\umbus.sys

16:52:38.0101 4136 umbus - ok

16:52:38.0132 4136 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

16:52:38.0164 4136 UmPass - ok

16:52:38.0226 4136 [ f9ec9acd504d823d9b9ca98a4f8d3ca2 ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

16:52:38.0257 4136 Updater Service - ok

16:52:38.0273 4136 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll

16:52:38.0335 4136 upnphost - ok

16:52:38.0398 4136 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

16:52:38.0444 4136 USBAAPL64 - ok

16:52:38.0460 4136 [ 82e8f44688e6fac57b5b7c6fc7adbc2a ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

16:52:38.0507 4136 usbaudio - ok

16:52:38.0522 4136 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

16:52:38.0569 4136 usbccgp - ok

16:52:38.0585 4136 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

16:52:38.0616 4136 usbcir - ok

16:52:38.0632 4136 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\drivers\usbehci.sys

16:52:38.0647 4136 usbehci - ok

16:52:38.0663 4136 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

16:52:38.0694 4136 usbhub - ok

16:52:38.0710 4136 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

16:52:38.0725 4136 usbohci - ok

16:52:38.0741 4136 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

16:52:38.0803 4136 usbprint - ok

16:52:38.0897 4136 [ b5e6c4f280ebf0b16f74a5b415f2e0df ] USBS3S4Detection C:\OEM\USBDECTION\USBS3S4Detection.exe

16:52:38.0912 4136 USBS3S4Detection - ok

16:52:38.0944 4136 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

16:52:38.0990 4136 usbscan - ok

16:52:39.0006 4136 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:52:39.0068 4136 USBSTOR - ok

16:52:39.0100 4136 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

16:52:39.0131 4136 usbuhci - ok

16:52:39.0178 4136 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

16:52:39.0209 4136 usbvideo - ok

16:52:39.0224 4136 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll

16:52:39.0302 4136 UxSms - ok

16:52:39.0318 4136 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe

16:52:39.0334 4136 VaultSvc - ok

16:52:39.0334 4136 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

16:52:39.0349 4136 vdrvroot - ok

16:52:39.0365 4136 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe

16:52:39.0412 4136 vds - ok

16:52:39.0443 4136 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

16:52:39.0443 4136 vga - ok

16:52:39.0458 4136 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys

16:52:39.0536 4136 VgaSave - ok

16:52:39.0552 4136 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

16:52:39.0568 4136 vhdmp - ok

16:52:39.0583 4136 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys

16:52:39.0599 4136 viaide - ok

16:52:39.0614 4136 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

16:52:39.0630 4136 volmgr - ok

16:52:39.0677 4136 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

16:52:39.0708 4136 volmgrx - ok

16:52:39.0724 4136 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

16:52:39.0739 4136 volsnap - ok

16:52:39.0755 4136 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

16:52:39.0770 4136 vsmraid - ok

16:52:39.0833 4136 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe

16:52:39.0926 4136 VSS - ok

16:52:39.0958 4136 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

16:52:40.0004 4136 vwifibus - ok

16:52:40.0051 4136 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll

16:52:40.0098 4136 W32Time - ok

16:52:40.0114 4136 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

16:52:40.0160 4136 WacomPen - ok

16:52:40.0192 4136 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

16:52:40.0270 4136 WANARP - ok

16:52:40.0270 4136 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

16:52:40.0285 4136 Wanarpv6 - ok

16:52:40.0363 4136 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

16:52:40.0426 4136 WatAdminSvc - ok

16:52:40.0472 4136 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe

16:52:40.0582 4136 wbengine - ok

16:52:40.0597 4136 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

16:52:40.0613 4136 WbioSrvc - ok

16:52:40.0628 4136 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll

16:52:40.0644 4136 wcncsvc - ok

16:52:40.0660 4136 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

16:52:40.0675 4136 WcsPlugInService - ok

16:52:40.0691 4136 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys

16:52:40.0691 4136 Wd - ok

16:52:40.0722 4136 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

16:52:40.0738 4136 Wdf01000 - ok

16:52:40.0738 4136 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll

16:52:40.0847 4136 WdiServiceHost - ok

16:52:40.0847 4136 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll

16:52:40.0862 4136 WdiSystemHost - ok

16:52:40.0909 4136 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll

16:52:40.0956 4136 WebClient - ok

16:52:40.0987 4136 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll

16:52:41.0050 4136 Wecsvc - ok

16:52:41.0050 4136 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

16:52:41.0081 4136 wercplsupport - ok

16:52:41.0112 4136 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll

16:52:41.0143 4136 WerSvc - ok

16:52:41.0143 4136 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

16:52:41.0174 4136 WfpLwf - ok

16:52:41.0190 4136 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys

16:52:41.0206 4136 WIMMount - ok

16:52:41.0206 4136 WinHttpAutoProxySvc - ok

16:52:41.0252 4136 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

16:52:41.0299 4136 Winmgmt - ok

16:52:41.0330 4136 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll

16:52:41.0393 4136 WinRM - ok

16:52:41.0455 4136 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

16:52:41.0502 4136 WinUsb - ok

16:52:41.0533 4136 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll

16:52:41.0611 4136 Wlansvc - ok

16:52:41.0736 4136 [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:52:41.0798 4136 wlidsvc - ok

16:52:41.0814 4136 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

16:52:41.0845 4136 WmiAcpi - ok

16:52:41.0861 4136 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

16:52:41.0876 4136 wmiApSrv - ok

16:52:41.0908 4136 WMPNetworkSvc - ok

16:52:41.0923 4136 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll

16:52:41.0954 4136 WPCSvc - ok

16:52:41.0954 4136 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

16:52:41.0986 4136 WPDBusEnum - ok

16:52:42.0001 4136 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

16:52:42.0032 4136 ws2ifsl - ok

16:52:42.0032 4136 WSearch - ok

16:52:42.0048 4136 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

16:52:42.0095 4136 WudfPf - ok

16:52:42.0126 4136 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

16:52:42.0188 4136 WUDFRd - ok

16:52:42.0235 4136 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

16:52:42.0266 4136 wudfsvc - ok

16:52:42.0282 4136 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll

16:52:42.0313 4136 WwanSvc - ok

16:52:42.0329 4136 ================ Scan global ===============================

16:52:42.0344 4136 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll

16:52:42.0391 4136 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

16:52:42.0407 4136 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

16:52:42.0422 4136 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll

16:52:42.0469 4136 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe

16:52:42.0485 4136 [Global] - ok

16:52:42.0485 4136 ================ Scan MBR ==================================

16:52:42.0500 4136 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

16:52:42.0500 4136 Suspicious mbr (Forged): \Device\Harddisk0\DR0

16:52:42.0547 4136 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

16:52:42.0547 4136 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

16:52:42.0610 4136 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

16:52:42.0610 4136 \Device\Harddisk0\DR0 - detected TDSS File System (1)

16:52:42.0610 4136 ================ Scan VBR ==================================

16:52:42.0625 4136 Boot (0x1200) (f9040fa587ab174cd1eeba94e3b7e94d) \Device\Harddisk0\DR0\Partition1

16:52:42.0625 4136 \Device\Harddisk0\DR0\Partition1 - ok

16:52:42.0656 4136 Boot (0x1200) (56eb10721371344568e27546e17fab33) \Device\Harddisk0\DR0\Partition2

16:52:42.0656 4136 \Device\Harddisk0\DR0\Partition2 - ok

16:52:42.0656 4136 ============================================================

16:52:42.0656 4136 Scan finished

16:52:42.0656 4136 ============================================================

16:52:42.0672 5116 Detected object count: 4

16:52:42.0672 5116 Actual detected object count: 4

16:54:01.0967 5116 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

16:54:01.0967 5116 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:54:01.0967 5116 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

16:54:01.0967 5116 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:54:05.0711 5116 \Device\Harddisk0\DR0\# - copied to quarantine

16:54:05.0727 5116 \Device\Harddisk0\DR0 - copied to quarantine

16:54:06.0382 5116 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

16:54:06.0429 5116 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

16:54:06.0444 5116 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

16:54:06.0460 5116 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

16:54:06.0491 5116 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

16:54:06.0538 5116 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

16:54:06.0553 5116 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

16:54:06.0553 5116 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

16:54:06.0553 5116 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

16:54:06.0569 5116 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

16:54:06.0631 5116 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

16:54:07.0505 5116 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

16:54:07.0552 5116 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

16:54:07.0567 5116 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

16:54:07.0677 5116 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

16:54:08.0238 5116 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

16:54:08.0238 5116 \Device\Harddisk0\DR0 - ok

16:54:08.0441 5116 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

16:54:08.0457 5116 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

16:54:08.0457 5116 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

16:54:17.0473 4124 Deinitialize success

[MrCharlie]

Run TDSSKiller again and choose Delete for this one only: (no need to post the log)

16:54:08.0457 5116 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

16:54:08.0457 5116 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

~~~~~~~~~~~~~~~~~~~~~

Next.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[markb50k]

crossing my fingers

COMBOFIX LOG

ComboFix 12-08-15.01 - Berneti 08/15/2012 17:16:21.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6654 [GMT -5:00]

Running from: c:\users\Berneti\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\$recycle.bin\S-1-5-21-908730824-577120901-3013648405-1001\$RZ9KLGX\@DSHG_sarmat_03\_desktop.ini

c:\$recycle.bin\S-1-5-21-908730824-577120901-3013648405-1001\$RZ9KLGX\@DSHG_sarmat_03\addons\_desktop.ini

c:\programdata\SPL1F8C.tmp

c:\programdata\SPL3AC7.tmp

c:\programdata\SPL4243.tmp

c:\programdata\SPL44FB.tmp

c:\programdata\SPL7177.tmp

c:\programdata\SPL7E7E.tmp

c:\programdata\SPL82C0.tmp

c:\programdata\SPLB91D.tmp

c:\programdata\SPLECF8.tmp

c:\users\Berneti\AppData\Roaming\ispnetkey.dll

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))

.

.

2012-08-16 00:17 . 2012-08-16 00:17 -------- d-----w- C:\FRST

2012-08-15 22:24 . 2012-08-15 22:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-15 21:54 . 2012-08-15 22:03 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-15 11:35 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-15 08:28 . 2012-08-15 08:28 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-08-15 06:27 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-15 06:27 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-15 06:27 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-15 06:27 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-15 06:27 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe

2012-08-15 06:27 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-15 06:27 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-15 06:27 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll

2012-08-15 06:27 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-15 06:27 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-15 06:27 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 06:27 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

2012-08-12 19:48 . 2012-08-12 19:48 -------- d-----w- c:\users\Public\OEM

2012-08-11 19:08 . 2012-08-11 19:08 -------- d-----w- c:\users\Berneti\AppData\Roaming\Malwarebytes

2012-08-11 19:08 . 2012-08-11 19:08 -------- d-----w- c:\programdata\Malwarebytes

2012-08-11 19:08 . 2012-08-15 11:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-11 18:44 . 2012-08-11 18:44 -------- d-----w- c:\users\Berneti\AppData\Roaming\McAfee

2012-07-31 10:16 . 2012-07-31 10:16 -------- d-----w- c:\programdata\Solidshield

2012-07-29 19:00 . 2012-08-15 20:40 -------- d-----r- c:\users\Berneti\Dropbox

2012-07-29 18:58 . 2012-08-15 21:57 -------- d-----w- c:\users\Berneti\AppData\Roaming\Dropbox

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 08:00 . 2010-07-07 11:06 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-08-15 00:28 . 2012-04-13 10:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-15 00:28 . 2011-07-29 10:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-06-11 18:50 . 2012-06-11 18:50 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-06-11 18:50 . 2012-06-11 18:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-06-11 18:50 . 2012-06-11 18:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-06-11 18:50 . 2012-06-11 18:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-06-11 18:50 . 2012-06-11 18:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-06-11 18:50 . 2012-06-11 18:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll

2012-06-11 18:49 . 2012-06-11 18:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll

2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll

2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-06-11 17:24 . 2010-11-26 02:58 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-06-11 17:23 . 2010-11-26 02:57 1090560 ----a-w- c:\windows\system32\aticfx64.dll

2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe

2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-06-11 17:16 . 2010-11-26 02:49 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-06-11 17:01 . 2010-11-26 02:40 6914560 ----a-w- c:\windows\system32\atidxx64.dll

2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll

2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-06-11 16:45 . 2010-11-26 02:30 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll

2012-06-11 16:43 . 2010-11-26 02:22 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll

2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-06-11 16:25 . 2010-11-26 02:16 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-06-11 16:25 . 2010-11-26 02:15 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll

2012-06-11 16:24 . 2010-11-26 02:15 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-06-09 05:43 . 2012-07-11 07:34 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06 . 2012-07-11 07:34 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 07:34 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 07:32 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 07:34 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 07:34 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 07:33 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-19 04:54 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-19 04:54 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-19 04:54 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-19 04:54 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-19 04:54 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-19 04:54 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-19 04:54 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-19 04:54 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:15 . 2012-06-19 04:54 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-11 07:34 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 07:34 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-11 07:34 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-11 07:34 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 07:34 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 07:33 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 07:34 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 07:34 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 07:33 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Berneti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Berneti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Berneti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Berneti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-21 39408]

"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]

"Steam"="c:\games\Steam\Steam.exe" [2012-08-15 1353080]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-11-17 244480]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2010-01-22 1016320]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Photo Frame.lnk - c:\program files (x86)\Northstar\Photo Frame\Photo Frame.exe [2010-4-21 93568]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-2-15 1135560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 135664]

R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe [2007-05-25 34224]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-08 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-08 79360]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 135664]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-05 1255736]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]

S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 567216]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-01-13 103440]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-11-17 255744]

S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]

S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 00:28]

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 15:04]

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 15:04]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Berneti\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Berneti\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Berneti\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Berneti\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]

"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-09-30 17920]

"lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2009-04-27 291496]

"lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2009-04-27 25256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17360710z306p04f5v105k45l1r40o

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-lxddmon.exe - c:\program files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe

Wow6432Node-HKLM-Run-lxddamon - c:\program files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe

SafeBoot-62147874.sys

Toolbar-Locked - (no file)

AddRemove-BattlEye - c:\games\ArmA 2BattlEye\UnInstallBE.exe

AddRemove-BattlEye for A2 - c:\games\ArmA 2BattlEye\UnInstallBE.exe

AddRemove-Lexmark 2500 Series - c:\program files (x86) (x86)\Lexmark 2500 Series\Install\x64\Uninst.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,

0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,

79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,

b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:4e,99,ee,ed,1d,6b,cd,01

.

[HKEY_USERS\S-1-5-21-908730824-577120901-3013648405-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-908730824-577120901-3013648405-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\SysWOW64\PnkBstrB.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

.

**************************************************************************

.

Completion time: 2012-08-15 17:31:51 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-15 22:31

.

Pre-Run: 523,161,387,008 bytes free

Post-Run: 542,649,720,832 bytes free

.

- - End Of File - - 98BBCE5CF8B5E3EFF360C7868CBF932C

[MrCharlie]

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!