1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Desktop Attacked By Malware Requesting Help

Discussion in 'Virus & Other Malware Removal' started by NATOPS, Dec 12, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. NATOPS

    NATOPS Thread Starter

    Joined:
    Dec 12, 2011
    Messages:
    15
    While surfing the web, clicked on a webpage and immediately was inundated by uncontrollable popups. I believe a false positive add for a malware removal program poped up. It took control of my computer. I immediately turned the power off. After powerup, I was able to get "Malwarebyte Anti-malware s/w to run a quick scan. Three trojans were removed. Then ran Microsoft Essentials full scan and it removed 38 additional trojans/malware. However, all icons were removed from desktop and all other files deleted. Attempted 'recovery', but only one date was available. Recovery had failure after start. This just seems hopeless. I would very much appreciate any help. This is primarily a gaming desktop used for aviation sims.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:16:05 PM, on 12/12/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Razer\Tarantula\razertra.exe
    C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
    C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\WWNatops\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=16148
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: 94.63.240.156 www.bing.com
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    O4 - HKLM\..\Run: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe
    O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\AlienRespawn\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe"
    O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C3730AFF-50F7-41AB-92E3-AF3D8AB8A33C}: NameServer = 65.32.5.111,65.32.5.112
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BPowMon\BPowMon.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\AlienRespawn\sftservice.EXE
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8882 bytes

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by WWNatops at 16:15:37 on 2011-12-12
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.9692 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Broadcom\BPowMon\BPowMon.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\AlienRespawn\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
    C:\Program Files (x86)\Razer\Tarantula\razertra.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    C:\Program Files\Alienware\Command Center\ThermalController.exe
    C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
    C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Alienware\Command Center\AlienFusionService.exe
    C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=16148
    uDefault_Page_URL = hxxp://www.alienware.com/
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    mRun: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [<NO NAME>]
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe
    mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\AlienRespawn\Components\DSUpdate" /RUNAS "C:\Program Files

    64-bit computer, so no ark file.

    Thanks,
    NATOPS

    EDIT: New to forum...can't find process for Attachment
     
  2. Scolabar

    Scolabar

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi NATOPS,

    Firstly, welcome to the TSG - Virus & Other Malware Removal Forum. :)
    My name is Scolabar, and I'll be helping you with your malware problems.
    Logs can take a while to research, so please be patient.
    If you no longer require help i would be grateful if you would let me know.

    I am currently working under the guidance of teachers, everything I post to you, will need to be reviewed by them.
    This additional review process can add some extra time to my responses, but hopefully not too much.
    ;)

    Please note the following important guidelines before proceeding:

    1. The instructions that will be provided are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
      !
    2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
    3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
    4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
      Absence of symptoms does not necessarily mean that everything is clear.
    5. DO NOT run any other fix or removal tools unless instructed to do so!
    6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
    8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    Windows 7 Advice:
    Please Note: The programs I ask you to use will need to be run in Administrator Mode.
    In order to do this Right-click on the program file and select the Run as Administrator option.
    Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
    If prompted, please click on the Allow button.
    Reference: User Account Control (UAC) and Running as Administrator

    In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.

    If you follow these guidelines, things should proceed smoothly. :)
    I am currently reviewing your log and will return, as soon as possible, with additional instructions.

    Thank you for your patience.

    Scolabar
     
  3. NATOPS

    NATOPS Thread Starter

    Joined:
    Dec 12, 2011
    Messages:
    15
    Your warning is noted. This attack has already wiped all my files and applications clean, so this is the last ditch effort before major hardware action. After Malwarebyte's Anti-Malware removed 3 trojans and Microsoft Security Essentials removed 38 other trojans and malware, I installed CCleaner, Rise of Flight(application) and TeamSpeak. Then MAM was taken down again, CCleaner was attacked, and RoF stopped working. Also, extraneous popups appeared including music from the microsoft player without my taking any action. That's when I asked for advice and was referred to this site.

    I appreciate any help that you could offer including catching the culprit and banishing them to the moon!
     
  4. Scolabar

    Scolabar

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi NATOPS,

    Please bear with us. I am waiting for a Teacher to check over my next set of instructions.
    As you will no doubt appreciate, the Teachers are very busy.

    Thank you again for your patience. :)

    Scolabar
     
  5. NATOPS

    NATOPS Thread Starter

    Joined:
    Dec 12, 2011
    Messages:
    15
    Thanks for the update!
     
  6. Scolabar

    Scolabar

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi NATOPS,

    Thank you again for your patience. :)

    Please Note: HijackThis is not a tool that should ever be used with 64-bit systems as it is incompatible given that it is unable to read 64-bit Registry Entries correctly and therefore provides misleading results. In addition, the tool no longer provides sufficient detail in order to effectively analyse the current status of a system and is why helpers ask for alternative scanning tools to be used.

    Also, the DDS log is incomplete. Please make sure you copy and paste the entire contents of the logs requested. ;)

    Please read these instructions carefully before executing and perform the steps, in the order given.
    lf you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    MalwareBytes' AntiMalware Log

    I would like to see the contents of the last MalwareBytes' AntiMaware log.
    You should be able to retrieve the log from the following location:
    C:\Documents and Settings\Account Name\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Please Copy and Paste the entire contents of mbam-log-date (time).txt into your next reply.

    Step 2:
    SystemLook

    1. Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
      Alternate download site.
    2. Right-click on SystemLook_x64.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. Copy and Paste the text in the code box below into SystemLook's main text entry window:
      Code:
      :filefind
      *mpdetection*
    4. Click on the Look button to start the scan.
      Note: Because of the Registry searches involved this scan may take 15 minutes or longer to run on a large system. Please be patient and wait for the scan to complete.
    5. When SystemLook has completed its task a Notepad window will automatically open showing the results of the scan.
      A log file will be created on your Desktop named SystemLook.txt.
    6. Please post the contents of the SystemLook.txt file in your next reply.
    Step 3:
    Security Check

    1. Please download Security Check by screen317 and Save it to your Desktop.
      Alternate download site: Link 2
    2. Right-click on SecurityCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. Press the Space Bar when you see the Press any key to continue... message.
      Please Note: This scan will take a short while to complete, so please be patient.
    4. When the scan has completed, a Notepad file will automatically open called checkup.txt.
    5. Save the file checkup.txt to your Desktop.
      Please Note: This output file is NOT automatically saved!
    6. Then Copy and Paste the entire contents of the checkup.txt file into your next reply.
    Step 4:
    OTL - Scan

    1. Please download OTL by Old Timer. Save it to your Desktop.
    2. Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. Under Output, ensure that the Standard Output option is selected.
    4. Under the Extra Registry section, select the Use SafeList option.
    5. Click the Scan All Users checkbox.
      Note: Please leave the remaining selections on the default settings.
    6. Click the LOP Check and Purity Check checkboxes.
    7. Then click on the Run Scan button in the top left-hand corner of the program window.
    8. When done, two Notepad files will automatically open:
      • OTL.txt <-- Will be opened, maximized.
      • Extras.txt <-- Will be minimized on task bar.
    9. Please Copy and Paste the entire contents of both OTL.txt and Extras.txt files into your next reply.
    Step 5:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. mbam-log-date (time).txt.
    3. SystemLook.txt.
    4. checkup.txt.
    5. OTL.txt.
    6. Extras.txt.
    7. Do you have the original Windows installation media for your PC?

    Scolabar
     
  7. NATOPS

    NATOPS Thread Starter

    Joined:
    Dec 12, 2011
    Messages:
    15
    Received your instructions. I'm working on it now.
     
  8. NATOPS

    NATOPS Thread Starter

    Joined:
    Dec 12, 2011
    Messages:
    15
    1. Problems carrying out the instructions: The path to the MalwareBytes' AntiMalware Log did not match yours. No 'Full' logs were listed...only 'Quick' logs. Otherwise, no problems noted.

    2. mbam-log-date (time).txt

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8388

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    12/18/2011 12:05:49 AM
    mbam-log-2011-12-18 (00-05-49).txt

    Scan type: Quick scan
    Objects scanned: 164965
    Time elapsed: 1 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    3. SystemLook.txt:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 13:07 on 19/12/2011 by WWNatops
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*mpdetection*"
    C:\ProgramData\Microsoft\Microsoft Antimalware\Support\MPDetection-12012011-114631.log ------- 66822 bytes [16:46 01/12/2011] [15:31 19/12/2011] 8311BF9BB7EC4271DD72EC9963023B94
    C:\Users\All Users\Microsoft\Microsoft Antimalware\Support\MPDetection-12012011-114631.log ------- 66822 bytes [16:46 01/12/2011] [15:31 19/12/2011] 8311BF9BB7EC4271DD72EC9963023B94

    -= EOF =-

    4. checkup.txt:

    Results of screen317's Security Check version 0.99.29
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 20
    Java(TM) 6 Update 29
    Java version out of date!
    Adobe Reader X (10.1.1)
    Mozilla Firefox (8.0.)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    Alienware Command Center ThermalController.exe
    ``````````End of Log````````````

    5. OTL.txt:

    OTL logfile created on: 12/19/2011 5:56:33 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\WWNatops\Downloads
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    11.99 Gb Total Physical Memory | 9.78 Gb Available Physical Memory | 81.60% Memory free
    23.98 Gb Paging File | 21.50 Gb Available in Paging File | 89.65% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 271.40 Gb Total Space | 158.00 Gb Free Space | 58.22% Space Free | Partition Type: NTFS

    Computer Name: HAL2010 | User Name: WWNatops | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/19 17:53:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\WWNatops\Downloads\OTL.exe
    PRC - [2011/11/05 01:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2010/11/05 16:50:08 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
    PRC - [2010/11/05 16:46:10 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    PRC - [2010/11/05 16:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    PRC - [2010/08/20 15:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\AlienRespawn\SftService.exe
    PRC - [2010/07/21 10:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
    PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2009/10/13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2007/05/07 09:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
    PRC - [2007/03/05 17:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/13 08:23:58 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    MOD - [2011/11/05 01:53:18 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2011/10/13 09:30:08 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
    MOD - [2011/10/13 00:43:41 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
    MOD - [2011/10/13 00:43:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
    MOD - [2011/10/13 00:43:16 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
    MOD - [2011/10/13 00:43:12 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
    MOD - [2011/10/13 00:43:03 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
    MOD - [2011/10/13 00:42:59 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
    MOD - [2011/10/13 00:42:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
    MOD - [2011/10/13 00:42:56 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
    MOD - [2011/10/13 00:42:53 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2011/10/13 00:03:58 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7c4eea005578d9990f604fda345fb2b4\System.Management.ni.dll
    MOD - [2011/10/13 00:02:38 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\44d18693baaee5ee0e6f6fd4910e8f81\System.Runtime.Remoting.ni.dll
    MOD - [2011/10/13 00:02:30 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll
    MOD - [2011/10/12 23:51:50 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\813a0913bea1269e48613509609e72b4\PresentationFramework.ni.dll
    MOD - [2011/10/12 23:51:41 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll
    MOD - [2011/10/12 23:51:40 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll
    MOD - [2011/10/12 23:51:39 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\14d8a7579839b11151cd901b846d0afb\System.Data.ni.dll
    MOD - [2011/10/12 23:51:33 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll
    MOD - [2011/10/12 23:51:32 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
    MOD - [2011/10/12 23:51:32 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll
    MOD - [2011/10/12 23:51:31 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll
    MOD - [2011/10/12 23:51:29 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
    MOD - [2011/10/12 23:51:27 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
    MOD - [2011/10/12 23:51:27 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\97126244f88693adb36f94116d8d0dda\System.Numerics.ni.dll
    MOD - [2011/10/12 23:51:22 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
    MOD - [2010/11/05 16:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    MOD - [2010/07/21 10:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
    MOD - [2010/07/21 10:34:20 | 000,079,168 | -H-- | M] () -- C:\Program Files (x86)\AlienRespawn\zlib1.dll
    MOD - [2010/07/21 10:34:00 | 000,075,072 | -H-- | M] () -- C:\Program Files (x86)\AlienRespawn\STRegistry.dll
    MOD - [2010/07/21 10:33:58 | 000,111,936 | -H-- | M] () -- C:\Program Files (x86)\AlienRespawn\STPE.dll
    MOD - [2010/07/21 10:33:52 | 000,121,152 | -H-- | M] () -- C:\Program Files (x86)\AlienRespawn\STNLS.dll
    MOD - [2010/07/21 10:33:50 | 000,128,320 | -H-- | M] () -- C:\Program Files (x86)\AlienRespawn\STLog.dll
    MOD - [2010/07/21 10:33:46 | 000,234,816 | -H-- | M] () -- C:\Program Files (x86)\AlienRespawn\STFiles.dll
    MOD - [2010/07/21 10:33:22 | 001,123,648 | -H-- | M] () -- C:\Program Files (x86)\AlienRespawn\libxml2.dll
    MOD - [2007/03/05 17:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/05/24 22:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/11/05 16:42:44 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
    SRV:64bit: - [2009/10/27 14:56:14 | 000,117,608 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/09/16 06:02:58 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/08/20 15:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\AlienRespawn\sftservice.EXE -- (SftService)
    SRV - [2010/08/18 02:24:48 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2009/10/13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/05/24 23:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2011/05/24 23:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/05/24 21:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2011/03/30 13:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/10/13 11:39:52 | 000,014,928 | ---- | M] (Dell/Alienware) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mio.sys -- (mio)
    DRV:64bit: - [2010/03/22 18:29:12 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/01/13 19:30:56 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
    DRV:64bit: - [2009/12/17 15:49:02 | 000,045,600 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\npusbio_x64.sys -- (npusbio)
    DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
    DRV:64bit: - [2009/08/23 13:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/07/29 21:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
    DRV:64bit: - [2009/07/29 21:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
    DRV:64bit: - [2009/07/29 21:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/01/12 19:16:56 | 000,248,928 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr01.sys -- (chdrvr01)
    DRV:64bit: - [2008/11/25 03:21:46 | 000,015,200 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr03.sys -- (chdrvr03)
    DRV:64bit: - [2008/11/25 03:21:30 | 000,010,720 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr02.sys -- (chdrvr02)
    DRV:64bit: - [2007/08/02 08:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
    DRV:64bit: - [2007/04/11 15:23:48 | 000,049,664 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (TarFltr)
    DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2011/12/19 11:27:48 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDC205C8-824D-4342-9DD7-2EB80CAC233B}\MpKsl73aff495.sys -- (MpKsl73aff495)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2007/04/11 15:23:48 | 000,045,440 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\UsbFltr.sys -- (TarFltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3084169383-4271637612-2322562091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
    IE - HKU\S-1-5-21-3084169383-4271637612-2322562091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
    IE - HKU\S-1-5-21-3084169383-4271637612-2322562091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://support.alienware.com/ [binary data]
    IE - HKU\S-1-5-21-3084169383-4271637612-2322562091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=16148
    IE - HKU\S-1-5-21-3084169383-4271637612-2322562091-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-3084169383-4271637612-2322562091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
    FF - prefs.js..extensions.enabledItems: [email protected]:4.51
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/26 20:53:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/27 09:44:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/26 20:53:11 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/26 20:53:12 | 000,000,000 | ---D | M]

    [2011/07/16 04:37:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\WWNatops\AppData\Roaming\Mozilla\Extensions
    [2011/11/29 10:13:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\WWNatops\AppData\Roaming\Mozilla\Firefox\Profiles\psjsodob.default\extensions
    [2011/07/15 16:56:38 | 000,002,568 | -H-- | M] () -- C:\Users\WWNatops\AppData\Roaming\Mozilla\Firefox\Profiles\psjsodob.default\searchplugins\askcom.xml
    [2011/12/09 19:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/12/09 19:04:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2011/11/05 01:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2010/11/08 14:03:28 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nphssb.dll
    [2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2010/09/05 05:34:31 | 000,002,024 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
    [2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
    CHR - plugin: Homestead SiteBuilder Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nphssb.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2011/11/24 09:53:52 | 000,000,856 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 94.63.240.156 www.bing.com
    O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
    O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe (Razer USA Ltd.)
    O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe (Dell)
    O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe (Softthinks)
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\WWNatops\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3084169383-4271637612-2322562091-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3730AFF-50F7-41AB-92E3-AF3D8AB8A33C}: NameServer = 65.32.5.111,65.32.5.112
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECBCC3BC-7134-496E-B737-621E47D266CE}: DhcpNameServer = 65.32.5.111 65.32.5.112
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/19 17:53:14 | 000,000,000 | ---D | C] -- C:\Users\WWNatops\Desktop\OTL
    [2011/12/19 13:48:18 | 000,000,000 | ---D | C] -- C:\Users\WWNatops\Desktop\Security Check
    [2011/12/19 13:04:02 | 000,000,000 | ---D | C] -- C:\Users\WWNatops\Desktop\SystemLook
    [2011/12/19 10:31:48 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/12/12 15:14:36 | 000,000,000 | ---D | C] -- C:\Users\WWNatops\Desktop\HiJackThis Log
    [2011/12/12 15:09:10 | 000,000,000 | ---D | C] -- C:\Users\WWNatops\Desktop\RoF B-U
    [2011/12/12 09:20:21 | 000,000,000 | ---D | C] -- C:\Users\WWNatops\AppData\Roaming\Malwarebytes
    [2011/12/12 09:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/12/12 09:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/12/11 23:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/12/11 21:36:41 | 000,000,000 | ---D | C] -- C:\Users\WWNatops\AppData\Local\Citrix
    [2011/12/11 02:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/12/11 02:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/12/06 12:00:30 | 000,000,000 | ---D | C] -- C:\38790e7d772b037b4a
    [2011/12/06 12:00:03 | 000,000,000 | ---D | C] -- C:\97ffcdfee4cd8b0940bee905ffb3318e
    [2011/12/03 13:39:13 | 000,000,000 | ---D | C] -- C:\perflogs
    [2011/12/03 13:37:39 | 000,000,000 | ---D | C] -- C:\Users\WWNatops\AppData\Local\Apps
    [2011/12/01 11:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2011/12/01 11:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2011/11/29 18:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrackIR v5
    [2011/11/29 18:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrackIR v4
    [2011/11/29 14:50:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rise of Flight
    [2011/11/28 23:26:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\temp_RoF
    [2011/11/28 15:24:06 | 000,000,000 | ---D | C] -- C:\Users\WWNatops\AppData\Local\Babylon
    [2011/11/28 15:24:05 | 000,000,000 | ---D | C] -- C:\Users\WWNatops\AppData\Roaming\Babylon
    [2011/11/28 15:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2011/11/27 16:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
    [2011/11/25 11:22:33 | 000,000,000 | -H-D | C] -- C:\Users\WWNatops\AppData\Local\WinZip
    [2011/11/22 20:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2011/11/22 20:43:57 | 000,000,000 | -H-D | C] -- C:\Program Files\7-Zip

    ========== Files - Modified Within 30 Days ==========

    [2011/12/19 17:52:25 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
    [2011/12/19 17:51:55 | 000,001,434 | ---- | M] () -- C:\Users\WWNatops\Documents\Checkup WordPad.rtf
    [2011/12/19 17:47:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/19 13:00:12 | 000,001,370 | ---- | M] () -- C:\Users\WWNatops\Documents\Malwarebyte Log 12-18-11.rtf
    [2011/12/19 12:48:15 | 000,004,727 | ---- | M] () -- C:\Users\WWNatops\Documents\Scholobar instructions 12-19-11.rtf
    [2011/12/19 10:47:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/19 10:31:57 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/12/19 10:03:12 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/12/19 10:03:12 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/12/19 10:00:16 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/12/19 10:00:16 | 000,626,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/12/19 10:00:16 | 000,107,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/12/19 09:56:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/12/19 09:56:03 | 1066,602,494 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/14 13:56:28 | 000,654,202 | ---- | M] () -- C:\Users\WWNatops\Documents\CREDIT_CARD_AUTHORIZATION_FORM.rtf
    [2011/12/12 15:19:49 | 000,009,760 | ---- | M] () -- C:\Users\WWNatops\Documents\hijackthis.rtf
    [2011/12/11 09:01:28 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/12/10 02:46:46 | 000,030,738 | ---- | M] () -- C:\Users\WWNatops\Documents\BKD-7361847412 Malwarebyte Receipt.pdf
    [2011/12/05 23:53:58 | 000,000,000 | ---- | M] () -- C:\Users\WWNatops\AppData\Local\{14735306-DEE4-4B7B-AE8E-9363D181758D}
    [2011/12/05 13:37:23 | 000,000,000 | ---- | M] () -- C:\Users\WWNatops\AppData\Local\{147AA7DA-D7C0-4FD0-AC02-5125B38DFC6F}
    [2011/12/03 14:05:08 | 000,007,679 | -H-- | M] () -- C:\Users\WWNatops\AppData\Local\resmon.resmoncfg
    [2011/12/02 08:24:38 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\Regwork.job
    [2011/12/01 11:46:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2011/12/01 11:46:30 | 000,743,538 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/11/29 18:58:32 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\TrackIR v5.lnk
    [2011/11/29 14:57:48 | 000,001,285 | ---- | M] () -- C:\Users\Public\Desktop\Rise of Flight.lnk
    [2011/11/29 14:41:08 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
    [2011/11/28 15:24:11 | 000,000,059 | ---- | M] () -- C:\user.js
    [2011/11/27 17:38:49 | 000,001,303 | ---- | M] () -- C:\Users\WWNatops\Desktop\7z.lnk
    [2011/11/27 09:44:41 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/11/27 09:41:06 | 000,000,000 | ---- | M] () -- C:\Users\WWNatops\AppData\Local\{6EC9EAE1-7097-4F47-A6E8-DA94BFCAB90C}
    [2011/11/24 09:53:52 | 000,000,856 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

    ========== Files Created - No Company Name ==========

    [2011/12/19 17:51:55 | 000,001,434 | ---- | C] () -- C:\Users\WWNatops\Documents\Checkup WordPad.rtf
    [2011/12/19 13:00:12 | 000,001,370 | ---- | C] () -- C:\Users\WWNatops\Documents\Malwarebyte Log 12-18-11.rtf
    [2011/12/19 12:48:15 | 000,004,727 | ---- | C] () -- C:\Users\WWNatops\Documents\Scholobar instructions 12-19-11.rtf
    [2011/12/14 13:32:09 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2011/12/14 13:31:54 | 000,654,202 | ---- | C] () -- C:\Users\WWNatops\Documents\CREDIT_CARD_AUTHORIZATION_FORM.rtf
    [2011/12/14 12:27:25 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/12/12 15:19:49 | 000,009,760 | ---- | C] () -- C:\Users\WWNatops\Documents\hijackthis.rtf
    [2011/12/11 02:26:03 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/12/10 02:46:46 | 000,030,738 | ---- | C] () -- C:\Users\WWNatops\Documents\BKD-7361847412 Malwarebyte Receipt.pdf
    [2011/12/05 23:53:58 | 000,000,000 | ---- | C] () -- C:\Users\WWNatops\AppData\Local\{14735306-DEE4-4B7B-AE8E-9363D181758D}
    [2011/12/05 13:37:23 | 000,000,000 | ---- | C] () -- C:\Users\WWNatops\AppData\Local\{147AA7DA-D7C0-4FD0-AC02-5125B38DFC6F}
    [2011/12/01 11:46:40 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2011/12/01 11:46:30 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/12/01 11:46:29 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2011/11/29 18:58:32 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\TrackIR v5.lnk
    [2011/11/29 14:57:48 | 000,001,285 | ---- | C] () -- C:\Users\Public\Desktop\Rise of Flight.lnk
    [2011/11/29 14:41:08 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
    [2011/11/28 15:24:11 | 000,000,059 | ---- | C] () -- C:\user.js
    [2011/11/27 17:38:03 | 000,001,303 | ---- | C] () -- C:\Users\WWNatops\Desktop\7z.lnk
    [2011/11/27 09:44:41 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/11/27 09:44:41 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/11/27 09:41:06 | 000,000,000 | ---- | C] () -- C:\Users\WWNatops\AppData\Local\{6EC9EAE1-7097-4F47-A6E8-DA94BFCAB90C}
    [2011/11/15 19:39:50 | 000,000,000 | -H-- | C] () -- C:\Users\WWNatops\AppData\Local\{0F9B0B5E-9C75-421B-B2DE-FD5A1313EC73}
    [2011/11/15 19:37:57 | 000,000,000 | -H-- | C] () -- C:\Users\WWNatops\AppData\Local\{0007277C-F6E2-4488-BDA2-868E119C0BFD}
    [2011/11/15 16:58:24 | 000,000,000 | -H-- | C] () -- C:\Users\WWNatops\AppData\Local\{42293D49-2F79-4BB6-AF52-BA904265BF3E}
    [2011/11/15 16:53:16 | 000,000,000 | -H-- | C] () -- C:\Users\WWNatops\AppData\Local\{B5A9E2CC-77D2-475D-B648-A10AA1CE5917}
    [2011/09/05 16:38:30 | 000,134,564 | ---- | C] () -- C:\Windows\hpwins10.dat.temp
    [2011/09/05 16:38:30 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat.temp
    [2011/09/05 16:16:48 | 000,182,453 | ---- | C] () -- C:\Windows\hpwins10.dat
    [2011/07/31 22:22:28 | 000,000,000 | -H-- | C] () -- C:\Users\WWNatops\AppData\Local\{F8A9B161-B524-4EF3-89DA-2EE504874767}
    [2011/07/11 20:42:14 | 000,007,679 | -H-- | C] () -- C:\Users\WWNatops\AppData\Local\resmon.resmoncfg
    [2011/07/10 10:56:48 | 000,000,272 | -H-- | C] () -- C:\Users\WWNatops\AppData\Roaming\.backup.dm
    [2011/05/24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2010/11/08 14:02:33 | 000,098,136 | ---- | C] () -- C:\Windows\gzip.exe
    [2010/11/05 16:49:42 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
    [2010/09/21 12:40:19 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\dl47dxh3f.dat
    [2010/08/18 02:25:05 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/08/18 02:25:05 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2010/08/18 02:25:05 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
    [2010/08/18 02:25:05 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
    [2010/08/18 02:25:05 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
    [2010/08/18 01:17:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2007/02/28 05:19:55 | 000,000,372 | ---- | C] () -- C:\Windows\hpwmdl10.dat

    ========== LOP Check ==========

    [2011/11/28 15:24:05 | 000,000,000 | ---D | M] -- C:\Users\WWNatops\AppData\Roaming\Babylon
    [2011/06/23 14:25:43 | 000,000,000 | -H-D | M] -- C:\Users\WWNatops\AppData\Roaming\FileZilla
    [2011/11/26 20:52:57 | 000,000,000 | -H-D | M] -- C:\Users\WWNatops\AppData\Roaming\gtk-2.0
    [2011/11/26 20:52:57 | 000,000,000 | -H-D | M] -- C:\Users\WWNatops\AppData\Roaming\HyperLobby
    [2011/11/26 19:12:17 | 000,000,000 | -H-D | M] -- C:\Users\WWNatops\AppData\Roaming\OpenOffice.org
    [2011/11/26 20:52:57 | 000,000,000 | -H-D | M] -- C:\Users\WWNatops\AppData\Roaming\Thunderbird
    [2011/12/14 16:02:58 | 000,000,000 | -H-D | M] -- C:\Users\WWNatops\AppData\Roaming\TS3Client
    [2011/11/26 20:52:57 | 000,000,000 | -H-D | M] -- C:\Users\WWNatops\AppData\Roaming\ts3overlay
    [2011/12/02 08:24:38 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\Regwork.job
    [2011/11/16 07:48:26 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >

    6. Extras.txt:

    OTL Extras logfile created on: 12/19/2011 5:56:33 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\WWNatops\Downloads
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    11.99 Gb Total Physical Memory | 9.78 Gb Available Physical Memory | 81.60% Memory free
    23.98 Gb Paging File | 21.50 Gb Available in Paging File | 89.65% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 271.40 Gb Total Space | 158.00 Gb Free Space | 58.22% Space Free | Partition Type: NTFS

    Computer Name: HAL2010 | User Name: WWNatops | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-3084169383-4271637612-2322562091-1000\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
    "{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{54E192A6-AA33-1963-C96A-26AA7A3B41B4}" = ccc-utility64
    "{5857E7BE-2F6F-D41A-42B2-B668B19A5F30}" = AMD Media Foundation Decoders
    "{688758A2-8520-4470-8FA6-765BAC86FC53}" = Broadcom Management Programs
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8A70B027-4813-B42B-FF66-04E58417028A}" = ccc-utility64
    "{AD522D37-B0FD-45A4-8695-6F24DF5336FC}" = Command Center
    "{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
    "{D3A65B0A-403B-4C20-A488-BFED2BC5D2EF}" = HP OfficeJet J5700
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "CCleaner" = CCleaner
    "Defraggler" = Defraggler
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Shop for HP Supplies" = Shop for HP Supplies
    "TeamSpeak 3 Client" = TeamSpeak 3 Client

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{065FD621-FE29-F086-8B68-26C40F2568F6}" = CCC Help Spanish
    "{075315E8-E9E1-4DB3-8CBD-0BEBA9E2BAC3}" = ProductContext
    "{07B0A8BD-DC56-9391-029D-901B537C0EE5}" = CCC Help Finnish
    "{0A4DBC25-3DD9-9503-24D9-268112B62076}" = CCC Help Hungarian
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = AlienRespawn
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{1518157C-607B-2B60-B121-EAB7042C75AB}" = Skins
    "{157AB353-60BB-E1A7-4E79-15C35655C694}" = CCC Help English
    "{1742DE47-1693-4E7C-8121-8E1D6AED5B25}" = J5700
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
    "{1B70920B-70FC-C906-623C-F366B0F7DB53}" = Catalyst Control Center InstallProxy
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
    "{22E76329-0ED8-E755-2C14-07C80621DF7E}" = CCC Help Portuguese
    "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
    "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
    "{27427D07-F798-0398-997C-525E982BF0BE}" = Catalyst Control Center Core Implementation
    "{28A25B98-A2E9-89A5-FCF3-DF93B9564775}" = CCC Help Italian
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
    "{333F3B34-0374-4B2C-9A23-EA6294D82772}" = HyperLobby client
    "{33B436A1-64C1-1726-2209-E69BF2DFE138}" = CCC Help Czech
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{41AA8F20-FD30-4878-9080-6D5BE575FD41}" = Dell InHome Service Agreement
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{44047051-85A6-83A1-0B76-0A4EF34F82B2}" = Catalyst Control Center Localization All
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{482A6D85-E279-9B0F-8D36-091F3B64B787}" = Catalyst Control Center Graphics Previews Common
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4FB805E5-9716-C5D0-9114-65C78E3098DD}" = CCC Help Swedish
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
    "{5A3B69A7-C63E-7F9B-55DD-CD65F7440FED}" = CCC Help Danish
    "{5B1EF562-C533-9035-D6BB-7BD5C6D9DC3F}" = Catalyst Control Center Graphics Full Existing
    "{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
    "{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
    "{60DE7978-4F13-5584-5E53-DCEE1CB115A5}" = Catalyst Control Center
    "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
    "{63892687-346C-6868-029C-A1BCCCACC4C0}" = CCC Help Chinese Traditional
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{655B9514-3963-490B-9EE1-431E80444889}" = Razer Tarantula
    "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6C3BF763-2CC5-2E20-4491-DF399C05C547}" = CCC Help Greek
    "{6F4ED9D9-0854-C415-7BD6-908380D81518}" = Catalyst Control Center Graphics Full New
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{70CAF6DA-C2F4-40C4-A0A4-10FB04701669}" = bpd_scan
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
    "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{877335C1-A573-6B0B-9635-DFD043E4445A}" = CCC Help Norwegian
    "{8B0B72BC-3007-45E9-BBA3-7B7EF8819FA3}" = 5700_Help
    "{8EBA7A74-9CB9-1336-8F32-2E503E6D530F}" = CCC Help French
    "{90F1906E-C084-9499-DFC3-E8A191B1E259}" = Catalyst Control Center Graphics Light
    "{934328D5-F05A-8749-2915-EDCBE9DBBC61}" = CCC Help Polish
    "{995C73F0-2853-45DF-030F-DFEEB000BC10}" = CCC Help German
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{a1639c56-3004-4fdf-84a8-2ca68dacc6cd}" = Nero 9 Essentials
    "{A2767DE2-385F-2A50-592F-FB7B041926DE}" = CCC Help Chinese Standard
    "{A4601B40-79E2-4E67-EB56-8A77B9D03839}" = CCC Help Dutch
    "{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = AlienRespawn - Support Software
    "{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
    "{AACCF0A0-B426-9DA1-7900-7CDA55C674BE}" = CCC Help Korean
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
    "{B1AFAA4E-AE88-3B08-E40A-FB1D64F0F880}" = CCC Help Thai
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B6C07454-A9BC-D101-1DA7-B41E95008200}" = CCC Help Turkish
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BE6E6BF7-6A81-4EC2-AD29-4580025149F1}" = TrackIR4
    "{C2B9D3E1-B7FB-00FB-A14C-664B13174ED4}" = CCC Help Russian
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
    "{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
    "{D43B1A55-6957-4E93-A674-338F78B4A202}" = BPDSoftware
    "{DA52CFD6-183B-4C45-B36F-4A59750427CB}_is1" = Rise of Flight
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{E0A1335B-3D84-413B-B92C-DF2D4BAACA0C}" = BPDSoftware_Ini
    "{E41E6CB8-AD30-A818-EA5D-0C6A92E51D0C}" = CCC Help Japanese
    "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{EA8F8D1C-0565-BD71-BFC3-57A21E8AA6FD}" = Catalyst Control Center Graphics Previews Vista
    "{EC409A8A-525C-3F44-5266-13FAE4E5BF7B}" = ccc-core-static
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
    "{F3CA05B7-B4C0-4C9B-AAA6-16B868B35DF2}" = TrackIR5
    "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
    "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "CHControlManager_is1" = CH Control Manager Software
    "Google Chrome" = Google Chrome
    "InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
    "InstallShield_{AD522D37-B0FD-45A4-8695-6F24DF5336FC}" = Command Center
    "JoyIDs" = PJP's JoyIDs
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
    "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
    "RegWork" = RegWork
    "Steam App 400" = Portal
    "Steam App 63950" = IL-2 Sturmovik: Cliffs of Dover
    "WinGimp-2.0_is1" = Gimp 2.6.2 Debug

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/11/2011 12:57:56 AM | Computer Name = HAL2010 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The directory name is invalid. .

    Error - 12/11/2011 1:30:13 AM | Computer Name = HAL2010 | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 12/11/2011 1:44:11 AM | Computer Name = HAL2010 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The directory name is invalid. .

    Error - 12/11/2011 2:47:59 AM | Computer Name = HAL2010 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The directory name is invalid. .

    Error - 12/11/2011 9:23:30 AM | Computer Name = HAL2010 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The directory name is invalid. .

    Error - 12/11/2011 9:29:30 AM | Computer Name = HAL2010 | Source = Application Error | ID = 1000
    Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
    time stamp: 0x4d672ee4 Faulting module name: MSHTML.dll, version: 9.0.8112.16437,
    time stamp: 0x4e5f1784 Exception code: 0xc0000005 Fault offset: 0x00000000002d6a3f
    Faulting
    process id: 0x9e0 Faulting application start time: 0x01ccb8077ae2d3ea Faulting application
    path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\MSHTML.dll
    Report
    Id: 270b3f48-23fc-11e1-bcbf-0025648cb296

    Error - 12/11/2011 10:02:04 AM | Computer Name = HAL2010 | Source = Application Error | ID = 1000
    Description = Faulting application name: CCleaner64.exe, version: 3.13.0.1600, time
    stamp: 0x4ed3ac80 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
    time stamp: 0x4e21213c Exception code: 0xe06d7363 Fault offset: 0x000000000000cacd
    Faulting
    process id: 0x10c0 Faulting application start time: 0x01ccb80d68b89d21 Faulting application
    path: C:\Program Files\CCleaner\CCleaner64.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
    Report
    Id: b3aeb669-2400-11e1-bcbf-0025648cb296

    Error - 12/11/2011 10:23:56 AM | Computer Name = HAL2010 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The directory name is invalid. .

    Error - 12/11/2011 1:01:10 PM | Computer Name = HAL2010 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The directory name is invalid. .

    Error - 12/11/2011 1:11:23 PM | Computer Name = HAL2010 | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The directory name is invalid. .

    [ Media Center Events ]
    Error - 10/25/2011 9:04:45 AM | Computer Name = HAL2010 | Source = MCUpdate | ID = 0
    Description = 9:04:45 AM - Error connecting to the internet. 9:04:45 AM - Unable
    to contact server..

    Error - 10/25/2011 9:04:55 AM | Computer Name = HAL2010 | Source = MCUpdate | ID = 0
    Description = 9:04:50 AM - Error connecting to the internet. 9:04:50 AM - Unable
    to contact server..

    Error - 12/6/2011 12:52:46 PM | Computer Name = HAL2010 | Source = MCUpdate | ID = 0
    Description = 11:52:46 AM - Error connecting to the internet. 11:52:46 AM - Unable
    to contact server..

    Error - 12/6/2011 12:52:56 PM | Computer Name = HAL2010 | Source = MCUpdate | ID = 0
    Description = 11:52:51 AM - Error connecting to the internet. 11:52:51 AM - Unable
    to contact server..

    Error - 12/6/2011 1:53:00 PM | Computer Name = HAL2010 | Source = MCUpdate | ID = 0
    Description = 12:53:00 PM - Error connecting to the internet. 12:53:00 PM - Unable
    to contact server..

    Error - 12/6/2011 1:53:05 PM | Computer Name = HAL2010 | Source = MCUpdate | ID = 0
    Description = 12:53:05 PM - Error connecting to the internet. 12:53:05 PM - Unable
    to contact server..

    Error - 12/6/2011 2:53:10 PM | Computer Name = HAL2010 | Source = MCUpdate | ID = 0
    Description = 1:53:10 PM - Error connecting to the internet. 1:53:10 PM - Unable
    to contact server..

    Error - 12/6/2011 2:53:15 PM | Computer Name = HAL2010 | Source = MCUpdate | ID = 0
    Description = 1:53:15 PM - Error connecting to the internet. 1:53:15 PM - Unable
    to contact server..

    Error - 12/8/2011 1:46:50 PM | Computer Name = HAL2010 | Source = MCUpdate | ID = 0
    Description = 12:46:50 PM - Failed to retrieve SportsSchedule (Error: The underlying
    connection was closed: Could not establish trust relationship for the SSL/TLS secure
    channel.)

    [ System Events ]
    Error - 12/19/2011 1:30:44 PM | Computer Name = HAL2010 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk0\DR0.

    Error - 12/19/2011 1:30:44 PM | Computer Name = HAL2010 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk0\DR0.

    Error - 12/19/2011 1:30:44 PM | Computer Name = HAL2010 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk0\DR0.

    Error - 12/19/2011 1:30:44 PM | Computer Name = HAL2010 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk0\DR0.

    Error - 12/19/2011 1:30:44 PM | Computer Name = HAL2010 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk0\DR0.

    Error - 12/19/2011 1:30:44 PM | Computer Name = HAL2010 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk0\DR0.

    Error - 12/19/2011 1:30:44 PM | Computer Name = HAL2010 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk0\DR0.

    Error - 12/19/2011 1:30:44 PM | Computer Name = HAL2010 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk0\DR0.

    Error - 12/19/2011 1:30:44 PM | Computer Name = HAL2010 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk0\DR0.

    Error - 12/19/2011 1:30:44 PM | Computer Name = HAL2010 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk0\DR0.


    < End of report >

    7. Do you have the original Windows installation media for your PC? NO

    I hope that this is a proper report.

    NATOPS
     
  9. NATOPS

    NATOPS Thread Starter

    Joined:
    Dec 12, 2011
    Messages:
    15
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by WWNatops at 8:01:41 on 2011-12-20
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.10630 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Broadcom\BPowMon\BPowMon.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\AlienRespawn\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
    C:\Windows\System32\vds.exe
    C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
    C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Razer\Tarantula\razertra.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    C:\Program Files\Alienware\Command Center\ThermalController.exe
    C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=16148
    uDefault_Page_URL = hxxp://www.alienware.com/
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    mRun: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [<NO NAME>]
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe
    mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\AlienRespawn\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe"
    StartupFolder: C:\Users\WWNatops\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: Interfaces\{C3730AFF-50F7-41AB-92E3-AF3D8AB8A33C} : NameServer = 65.32.5.111,65.32.5.112
    TCP: Interfaces\{ECBCC3BC-7134-496E-B737-621E47D266CE} : DhcpNameServer = 65.32.5.111 65.32.5.112
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    mRun-x64: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [(Default)]
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe
    mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\AlienRespawn\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe"
    Hosts: 94.63.240.156 www.bing.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\WWNatops\AppData\Roaming\Mozilla\Firefox\Profiles\psjsodob.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nphssb.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(extentions.y2layers.installId, afdff3f0-5d29-4262-b24e-d07eac41a817
    FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,
    FF - user.js: extentions.y2layers.installId - f0863764-c42e-4eaf-ab3c-e76513cb2bdd
    FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 BPowMon;Broadcom Power monitoring service;C:\Program Files\Broadcom\BPowMon\BPowMon.exe [2009-10-27 117608]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2010-8-18 689472]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 chdrvr01;CH Control Manager Driver 1;C:\Windows\system32\DRIVERS\chdrvr01.sys --> C:\Windows\system32\DRIVERS\chdrvr01.sys [?]
    R3 chdrvr02;CH Control Manager Driver 2;C:\Windows\system32\DRIVERS\chdrvr02.sys --> C:\Windows\system32\DRIVERS\chdrvr02.sys [?]
    R3 chdrvr03;chdrvr03;C:\Windows\system32\DRIVERS\chdrvr03.sys --> C:\Windows\system32\DRIVERS\chdrvr03.sys [?]
    R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 mio;Master IO Filter Driver;C:\Windows\system32\DRIVERS\mio.sys --> C:\Windows\system32\DRIVERS\mio.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    R3 npusbio;npusbio;C:\Windows\system32\Drivers\npusbio_x64.sys --> C:\Windows\system32\Drivers\npusbio_x64.sys [?]
    R3 TarFltr;Razer Tarantula USB Keyboard;C:\Windows\System32\drivers\UsbFltr.sys [2011-8-15 45440]
    S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-11-5 15296]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-27 136176]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-18 13336]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-14 366152]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-27 136176]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-12-20 13:00:32 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDC205C8-824D-4342-9DD7-2EB80CAC233B}\offreg.dll
    2011-12-19 15:30:58 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDC205C8-824D-4342-9DD7-2EB80CAC233B}\mpengine.dll
    2011-12-12 14:20:21 -------- d-----w- C:\Users\WWNatops\AppData\Roaming\Malwarebytes
    2011-12-12 14:20:04 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-12-12 14:19:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-12-12 02:36:41 -------- d-----w- C:\Users\WWNatops\AppData\Local\Citrix
    2011-12-11 07:26:02 -------- d-----w- C:\Program Files\CCleaner
    2011-12-06 17:00:30 -------- d-----w- C:\38790e7d772b037b4a
    2011-12-06 17:00:03 -------- d-----w- C:\97ffcdfee4cd8b0940bee905ffb3318e
    2011-12-03 18:39:13 -------- d-----w- C:\perflogs
    2011-12-03 18:37:39 -------- d-----w- C:\Users\WWNatops\AppData\Local\Apps
    2011-12-02 05:02:55 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-12-01 16:47:31 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A29F9007-320A-4A45-A2C6-F8DAC4ED294D}\gapaengine.dll
    2011-12-01 16:46:30 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2011-12-01 16:46:29 -------- d-----w- C:\Program Files\Microsoft Security Client
    2011-11-29 19:50:05 -------- d-----w- C:\Program Files (x86)\Rise of Flight
    2011-11-29 04:26:56 -------- d-----w- C:\Windows\SysWow64\temp_RoF
    2011-11-28 20:24:06 -------- d-----w- C:\Users\WWNatops\AppData\Local\Babylon
    2011-11-28 20:24:05 -------- d-----w- C:\Users\WWNatops\AppData\Roaming\Babylon
    2011-11-28 20:24:05 -------- d-----w- C:\ProgramData\Babylon
    2011-11-25 16:22:33 -------- d--h--w- C:\Users\WWNatops\AppData\Local\WinZip
    .
    ==================== Find3M ====================
    .
    2011-11-13 13:23:58 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-03 10:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 8:09:30.84 ===============
     
  10. Scolabar

    Scolabar

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi NATOPS,

    Apologies for the delay in responding and thank you for the logs and feedback. :)

    Please confirm whether or not you knowingly disabled User Access Control (UAC).

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    Program Removals

    Registry Cleaners Advisory

    I notice that the RegWork Registry Cleaner is installed on this computer.

    I don't personally recommend the use of ANY registry cleaners.
    Here is an excerpt from a discussion on regcleaners
    http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
    http://forums.whatthetech.com/Regcleaner_t42862.html

    Please follow the instructions below to remove this and other unwanted programs:

    1. Select Start > Control Panel > Programs > Programs and Features.
    2. Under the Programs heading, click on Uninstall a program.
    3. Scroll down the list of installed programs and locate the following program:

      Ask Toolbar
      HijackThis
      Java(TM) 6 Update 20 (64-bit)
      RegWorks

    4. Right-click on Uninstall to uninstall it.
    5. Repeat steps 3 - 4 for each program in the list.
    6. When finished Close the Control Panel window.
    7. Restart the computer to complete removal of the program.
    Step 2:
    SystemLook

    I need to ask you to run SystemLook again.

    1. Right-click on SystemLook_x64.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    2. Copy and Paste the text in the code box below into SystemLook's main text entry window:
      Code:
      :filefind
      *mbam-log-date*
      
      :contents
      C:\Users\All Users\Microsoft\Microsoft Antimalware\Support\[b][color=blue]MPDetection-12012011-114631.log
      
      
    3. Click on the Look button to start the scan.
      Note: Because of the Registry searches involved this scan may take 15 minutes or longer to run on a large system. Please be patient and wait for the scan to complete.
    4. When SystemLook has completed its task a Notepad window will automatically open showing the results of the scan.
      A log file will be created on your Desktop named SystemLook.txt.
    5. Please post the contents of the SystemLook.txt file in your next reply.
    Step 3:
    Unhide Tool

    Let's see if this tool will reveal your missing programs and data.

    1. Please download Unhide and Save it to your Desktop.
    2. Right-click on unhide.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. Please let me know the result of running this tool in your next post.
    Step 4:
    Check Hard Disk For Errors

    1. Click on Start and then click on the Start Search box in the Start Menu.
    2. Copy and Paste the following value into the open text entry box:

      notepad

    3. Then click on the magnifying glass symbol or press Enter.
    4. This will open an empty Notepad file.
    5. Copy and Paste the contents of the box below into the Notepad window:
      Code:
      @echo off
      cmd /c chkdsk c: |find /v  "percent" >> "%userprofile%\desktop\checkhd.txt"
      notepad.exe "%userprofile%"\desktop\checkhd.txt
      del %0
      exit
    6. Click Format and ensure Wordwrap is Unchecked.
    7. Save as testhd.bat to the Desktop.
    8. Save as file type All Files or it won't work.
    9. Right-click on testhd.bat and select "Run As Administrator" to launch the script. If you receive a UAC prompt, please allow it.
      (A command prompt window will flash on the screen briefly.)
    10. A file and icon named checkhd.txt should appear on your Desktop.
    11. Copy and Paste the entire contents of checkhd.txt into your next reply.
    Step 5:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. Did you knowingly disable User Access Control (UAC)?
    3. SystemLook.txt.
    4. Did the Unhide tool reveal your missing programs and data?
    5. checkhd.txt.

    Scolabar
     
  11. NATOPS

    NATOPS Thread Starter

    Joined:
    Dec 12, 2011
    Messages:
    15
    I purposely turned the UAC off after reading the original instructions. Now, I rightclick the application and select 'Run as Administrator.'

    I am now working on the next assignment.
     
  12. NATOPS

    NATOPS Thread Starter

    Joined:
    Dec 12, 2011
    Messages:
    15
    1. Problems carrying out the instructions? The Checkhd.txt appeared as advertised, but the chkdsk was not allowed. Instructions followed to the letter...wordwrap unchecked, 'all files' format, 'run as administrator' selected, icon 'checkhd.txt' appeared on desktop.

    2. Did you knowingly disable User Access Control (UAC)? YES.

    3. SystemLook.txt included next.

    SystemLook 30.07.11 by jpshortstuff
    Log created at 20:50 on 21/12/2011 by WWNatops
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*mbam-log-date*"
    No files found.

    ========== contents ==========

    C:\Users\All Users\Microsoft\Microsoft Antimalware\Support\MPDetection-12012011-114631.log - Unable to open file.

    -= EOF =-

    4. Did the unhide tool reveal your missing programs and data? IT APPEARS THAT THE MISSING DATA HAS BEEN REVEALED!!! I checked IL2 and Cliffs of Dover and they appear to run OK. Icons will not move on the desktop...they are stuck to the left, but I think that is a setting that can be adjusted.

    5. checkhd.txt:
    "The type of the file system is RAW.
    CHKDSK is not available for RAW drives."


    SCHOLOBAR, thank you for your patient help. It is very much appreciated by me!!
     
  13. Scolabar

    Scolabar

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi NATOPS,

    Thank you for the logs and feedback. :)
    Apologies for the inconvenience there an error in the SystemLook code. :eek: I will need to ask you to run the tool, again with the corrected code.

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    Backup All Important User Data

    Before proceeding, if you haven't already done so, please backup all important files and folders NOW!!

    Step 2:
    SystemLook

    I need to ask you to run SystemLook again.

    1. Right-click on SystemLook_x64.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    2. Copy and Paste the text in the code box below into SystemLook's main text entry window:
      Code:
      :filefind
      *mbam-log-date*
      
      :contents
      C:\Users\All Users\Microsoft\Microsoft Antimalware\Support\MPDetection-12012011-114631.log
      
      
    3. Click on the Look button to start the scan.
      Note: Because of the Registry searches involved this scan may take 15 minutes or longer to run on a large system. Please be patient and wait for the scan to complete.
    4. When SystemLook has completed its task a Notepad window will automatically open showing the results of the scan.
      A log file will be created on your Desktop named SystemLook.txt.
    5. Please post the contents of the SystemLook.txt file in your next reply.
    Step 3:
    Alternative Hard Disk Error Check

    Let's try the following alternative method to see if we get any results. ;)

    1. Click on Start > Computer.
    2. Right-click on the C: drive icon and select the Properties option.
    3. Click on the Tools tab.
    4. Then click on the Check Now button under the Error-checking section.
    5. Please post any Error-checking Results in your next reply.
    Step 4:
    TDSSKiller - Scan

    1. Please download TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
    2. Right-click on TDSSKiller.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
      If TDSSKiller does not run rename the program file. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zpgfhbw.com).
      If you don't see file extensions, please see: How to change the file extension.
    3. Click the Start Scan button. Do not use the computer during the scan!
    4. When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
    5. Now click on Report to open the log file created by TDSSKiller.
    6. The log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt is created and saved to the root directory. (Usually C: drive).
    7. Copy and Paste the entire contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt file into your next reply.
    PLEASE DO NOT TRY TO FIX ANYTHING AT THIS STAGE.

    Step 5:
    aswMBR - Scan

    1. Please download aswMBR.exe © Avast Software ( 511KB ) and Save it to your Desktop.
    2. Right-click on aswMBR.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. Click on the Scan button to start the scan.
    4. On completion of the scan the following message will be displayed: "Scan finished successfully". Click on the Save log button.
    5. You will be prompted to save a file named aswMBR.txt. Save it to your Desktop.
    6. Please Copy and Paste the contents of aswMBR.txt into your next reply.
    Please Note: A file will be created and placed on your desktop when you execute aswMBR, named MBR.dat. This is a copy of your MBR record, before any changes are made, it can be used to recover the MBR record to it's previous condition, if problems exist after changes.

    Step 6:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. Please confirm that you have backed up all your important data.
    3. SystemLook.txt.
    4. Hard Disk Error-checking Results.
    5. TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt.
    6. aswMBR.txt.

    Scolabar
     
  14. NATOPS

    NATOPS Thread Starter

    Joined:
    Dec 12, 2011
    Messages:
    15
    1. Problems:
    I could not get aswMBR to work.

    2. Data B/U: Check

    3. SystemLook.txt

    SystemLook 30.07.11 by jpshortstuff
    Log created at 14:11 on 23/12/2011 by WWNatops
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*mbam-log-date*"
    No files found.

    ========== contents ==========

    C:\Users\All Users\Microsoft\Microsoft Antimalware\Support\MPDetection-12012011-114631.log - Opened succesfully.

    ÿþ2011-12-01T16:46:31.070Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-01T16:46:31.242Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 0.0.0.0 AS 0.0.0.0 AV 0.0.0.0
    2011-12-01T16:47:31.364Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.94.0 AV 1.117.94.0
    2011-12-01T16:54:10.578Z DETECTION SettingsModifier:Win32/PossibleHostsFileHijack file:C:\Windows\system32\drivers\etc\hosts
    2011-12-01T18:43:43.275Z DETECTION Trojan:Win32/FakeSysdef file:C:\System Volume Information\SystemRestore\FRStaging\ProgramData\wftChmsSOh.exe->(UPX)
    2011-12-01T18:43:43.285Z DETECTION Trojan:Win32/Cleaman.B file:C:\System Volume Information\SystemRestore\FRStaging\Users\WWNatops\AppData\Local\auditpol.dll
    2011-12-01T18:43:43.285Z DETECTION Trojan:Win32/Cleaman.B file:C:\Users\WWNatops\AppData\Local\auditpol.dll
    2011-12-01T18:43:43.285Z DETECTION Trojan:Win32/Cleaman.F file:C:\System Volume Information\SystemRestore\FRStaging\Users\WWNatops\AppData\Local\auditpol.exe
    2011-12-01T18:43:43.285Z DETECTION Trojan:Win32/Cleaman.F file:C:\Users\WWNatops\AppData\Local\auditpol.exe
    2011-12-01T18:43:43.295Z DETECTION Exploit:Java/CVE-2010-0840.CL file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7d0b124a-6e8f1ea6->gendalf/fire.class
    2011-12-01T18:43:43.295Z DETECTION Exploit:Java/CVE-2010-0840.CL file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\33889816-444cebf1->gendalf/fire.class
    2011-12-01T18:43:43.295Z DETECTION Exploit:Java/CVE-2010-0840.CL file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1272122e-799e06b6->gendalf/fire.class
    2011-12-01T18:43:43.295Z DETECTION Exploit:Java/CVE-2010-0840.CL file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\6f0eb870-1476b10e->gendalf/fire.class
    2011-12-01T18:43:43.295Z DETECTION Exploit:Java/CVE-2010-0840.CL file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\716b17fd-32e0aac1->gendalf/fire.class
    2011-12-01T18:43:43.295Z DETECTION TrojanDownloader:Java/OpenConnection.OU file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\21835ece-4f008b6a->rotor/Glocker.class
    2011-12-01T18:43:43.295Z DETECTION TrojanDownloader:Java/OpenConnection.OU file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\21835ece-4f008b6a->rotor/Zom.class
    2011-12-01T18:43:43.295Z DETECTION TrojanDownloader:Java/OpenConnection.OU file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\768bb8e-68eef62e->datas/wall$1.class
    2011-12-01T18:43:43.295Z DETECTION TrojanDownloader:Java/OpenConnection.OU file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\768bb8e-68eef62e->datas/Zo666.class
    2011-12-01T18:43:43.295Z DETECTION TrojanDownloader:Java/OpenConnection.OU file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\72b7c5c-39625b2f->glass/Glocker.class
    2011-12-01T18:43:43.295Z DETECTION TrojanDownloader:Java/OpenConnection.OU file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\72b7c5c-39625b2f->glass/Zo666.class
    2011-12-01T18:43:43.295Z DETECTION TrojanDownloader:Java/OpenConnection.OU file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\58a1b661-505516c8->datas/wall$1.class
    2011-12-01T18:43:43.295Z DETECTION TrojanDownloader:Java/OpenConnection.OU file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\58a1b661-505516c8->datas/Zom2.class
    2011-12-01T18:43:43.295Z DETECTION TrojanDownloader:Java/OpenConnection.OU file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\5d9436f3-38b49fb2->rotor/Glocker.class
    2011-12-01T18:43:43.295Z DETECTION TrojanDownloader:Java/OpenConnection.OU file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\5d9436f3-38b49fb2->rotor/zalux$1.class
    2011-12-01T18:43:43.295Z DETECTION TrojanDownloader:Java/OpenConnection.OU file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\5d9436f3-38b49fb2->rotor/Zo666.class
    2011-12-01T18:43:43.295Z DETECTION TrojanDownloader:Java/OpenConnection.OU file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\5d9436f3-38b49fb2->rotor/Zom.class
    2011-12-01T18:43:43.295Z DETECTION TrojanDownloader:Java/OpenConnection.OU file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\5d9436f3-38b49fb2->rotor/Zom2.class
    2011-12-01T18:43:43.295Z DETECTION TrojanDownloader:Java/OpenConnection.OU file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\618b8985-2ea5fdde->datas/wall$1.class
    2011-12-01T18:43:43.295Z DETECTION TrojanDownloader:Java/OpenConnection.OU file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\618b8985-2ea5fdde->datas/Zo666.class
    2011-12-01T18:43:43.305Z DETECTION Exploit:Java/CVE-2010-0840.DR file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\21835ece-4f008b6a->rotor/zalux$1.class
    2011-12-01T18:43:43.305Z DETECTION Exploit:Java/CVE-2010-0840.DR file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\72b7c5c-39625b2f->glass/mumux$1.class
    2011-12-01T18:43:43.305Z DETECTION Exploit:Java/CVE-2010-0840.GZ file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\772ed14f-4e226a8e->glass/flying.class
    2011-12-01T18:43:43.305Z DETECTION Exploit:Java/CVE-2010-0840.GZ file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\3ee75fed-57e89569->glass/flying.class
    2011-12-01T18:43:43.315Z DETECTION Exploit:Java/CVE-2010-0840.AY file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\302751d0-16327fca->lang_driver/restore.class
    2011-12-01T18:43:43.315Z DETECTION Exploit:Java/CVE-2010-0840.AY file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\3c84c4ea-1e8b128b->langdriver/translator.class
    2011-12-01T18:43:43.315Z DETECTION Exploit:Java/CVE-2010-0840.AY file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\9b0fa35-793ed13a->langdriver/translator.class
    2011-12-01T18:43:43.325Z DETECTION Exploit:Java/CVE-2010-0094.GD file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\cd3f294-24e83d98->data/MyPayload.class
    2011-12-01T18:43:43.335Z DETECTION Exploit:Java/CVE-2010-0840.CI file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\393a8716-61266830->glass/lulux$1.class
    2011-12-01T18:43:43.355Z DETECTION Exploit:Java/CVE-2010-0840.CB file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\393a8716-61266830->glass/lulux.class
    2011-12-01T18:43:43.355Z DETECTION Exploit:Java/CVE-2010-0840.BH file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\530c4f16-6c96a3da->glass/boing.class
    2011-12-01T18:43:43.365Z DETECTION Exploit:Java/CVE-2010-0094.FN file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\3f87fc5a-78c5cf20->main.class
    2011-12-01T18:43:43.365Z DETECTION Exploit:Java/CVE-2010-0094.FN file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5b0baa7e-215ea3f4->main.class
    2011-12-01T18:43:43.375Z DETECTION Exploit:Java/CVE-2010-0840.DT file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\72b7c5c-39625b2f->glass/mumux$Woka.class
    2011-12-01T18:43:43.375Z DETECTION Exploit:Java/CVE-2010-0840.NI file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\7e4e615e-4a824a32->v1.class
    2011-12-01T18:43:43.375Z DETECTION Exploit:Java/CVE-2010-0840.NI file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\331c6c3-5c00ee57->v1.class
    2011-12-01T18:43:43.385Z DETECTION Exploit:Java/CVE-2010-0840.BE file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\82f3422-24bc4415->folder/Ump_45.class
    2011-12-01T18:43:43.385Z DETECTION Exploit:Java/CVE-2010-0840.BE file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\11d35de4-3f701c46->folder/Ump_45.class
    2011-12-01T18:43:43.385Z DETECTION Exploit:Java/CVE-2010-0840.BE file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4db49439-1022b854->folder/Ump_45.class
    2011-12-01T18:43:43.385Z DETECTION Exploit:Java/CVE-2010-0094.GG file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\43773663-1164352c->apps/MyWorker.class
    2011-12-01T18:43:43.395Z DETECTION Exploit:Java/CVE-2008-5353.ZP file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7216bce5-2a29e4ea->vload.class
    2011-12-01T18:43:43.395Z DETECTION Exploit:Java/CVE-2010-0094.EH file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7216bce5-2a29e4ea->vmain.class
    2011-12-01T18:43:43.395Z DETECTION Exploit:Java/CVE-2010-0840.FC file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\7b1b6ec4-62adb905->pocket/object3.class
    2011-12-01T18:43:43.405Z DETECTION Exploit:Java/Blacole.W file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\107b4eab-5421373d->json/Option.class
    2011-12-01T18:43:43.405Z DETECTION Exploit:Java/Blacole.V file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\107b4eab-5421373d->json/Parser.class
    2011-12-01T18:43:43.415Z DETECTION Exploit:Java/Blacole.X file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\107b4eab-5421373d->json/SmartyPointer.class
    2011-12-01T18:43:43.415Z DETECTION Exploit:Java/Blacole.AB file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\107b4eab-5421373d->json/ThreadParser.class
    2011-12-01T18:43:43.415Z DETECTION Exploit:Java/Blacole.AC file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\107b4eab-5421373d->json/XML.class
    2011-12-01T18:43:43.425Z DETECTION Exploit:Java/CVE-2010-0840.DB file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\2d80a0f3-26717e66->folder/Ump_45.class
    2011-12-01T18:43:43.435Z DETECTION Exploit:Java/CVE-2010-0840.FL file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\62c53833-5e6ab729->glass/lulux.class
    2011-12-01T18:43:43.435Z DETECTION Exploit:Java/CVE-2010-0840.FK file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\d829d75-5fd50106->buildService/MailAgent.class
    2011-12-01T18:43:43.445Z DETECTION Exploit:Java/CVE-2008-5353.XZ file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\5ee2d53b-77e6b70c->vload.class
    2011-12-01T18:43:43.455Z DETECTION Exploit:Java/CVE-2010-0094.BW file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\5ee2d53b-77e6b70c->vmain.class
    2011-12-01T18:43:43.465Z DETECTION Exploit:Java/CVE-2010-0842.AT file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\156ba4fe-71962c3c->zap.class
    2011-12-01T18:43:43.465Z DETECTION Exploit:Java/CVE-2010-0094.DS file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\21d0e0bf-205a1dbd->g6k1.class
    2011-12-01T18:43:43.485Z DETECTION Exploit:Java/CVE-2010-0094.AP file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\21d0e0bf-205a1dbd->y6u7.class
    2011-12-01T18:43:43.495Z DETECTION Exploit:Java/CVE-2010-0094.AK file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\21d0e0bf-205a1dbd->main.class
    2011-12-01T18:43:43.495Z DETECTION Exploit:Java/CVE-2010-0094.CQ file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\21d0e0bf-205a1dbd->q3p0.class
    2011-12-01T18:43:43.495Z DETECTION Exploit:Java/CVE-2008-5353.WH file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\21d0e0bf-205a1dbd->Tuvvoaerffb.class
    2011-12-01T18:43:43.505Z DETECTION TrojanDownloader:Java/OpenConnection.JU file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\21d0e0bf-205a1dbd->h6l4.class
    2011-12-01T18:43:43.525Z DETECTION Exploit:Java/CVE-2010-0094.BX file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\21d0e0bf-205a1dbd->b5n3.class
    2011-12-01T19:44:53.480Z Service stopped with exit code 0x0
    2011-12-01T19:46:27.912Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-01T19:46:34.577Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.94.0 AV 1.117.94.0
    2011-12-01T19:48:14.818Z Service stopped with exit code 0x0
    2011-12-02T03:32:31.558Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-02T03:32:34.963Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.94.0 AV 1.117.94.0
    2011-12-02T05:02:55.236Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.140.0 AV 1.117.140.0
    2011-12-02T05:32:00.042Z Service stopped with exit code 0x0
    2011-12-02T13:24:38.574Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-02T13:24:41.488Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.140.0 AV 1.117.140.0
    2011-12-02T17:34:04.683Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-02T17:34:08.020Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.140.0 AV 1.117.140.0
    2011-12-02T21:41:58.310Z Service stopped with exit code 0x0
    2011-12-03T00:44:31.479Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-03T00:44:32.510Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.140.0 AV 1.117.140.0
    2011-12-03T01:40:09.579Z Service stopped with exit code 0x0
    2011-12-03T08:25:37.463Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-03T08:25:39.408Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.140.0 AV 1.117.140.0
    2011-12-03T10:34:30.752Z Service stopped with exit code 0x0
    2011-12-03T17:10:30.494Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-03T17:10:33.096Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.140.0 AV 1.117.140.0
    2011-12-03T19:08:34.336Z Service stopped with exit code 0x0
    2011-12-03T22:14:15.479Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-03T22:14:16.278Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.140.0 AV 1.117.140.0
    2011-12-03T22:16:13.458Z Service stopped with exit code 0x0
    2011-12-03T22:33:41.934Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-03T22:33:44.435Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.140.0 AV 1.117.140.0
    2011-12-03T22:35:44.820Z Service stopped with exit code 0x0
    2011-12-03T22:40:05.605Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-03T22:40:06.586Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.140.0 AV 1.117.140.0
    2011-12-03T22:47:01.995Z Service stopped with exit code 0x0
    2011-12-03T23:03:18.574Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-03T23:03:20.375Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.140.0 AV 1.117.140.0
    2011-12-03T23:57:29.680Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.285.0 AV 1.117.285.0
    2011-12-04T00:46:26.307Z DETECTION Trojan:Win32/Cleaman.B file:C:\System Volume Information\SystemRestore\FRStaging\Users\WWNatops\AppData\Local\auditpol.dll
    2011-12-04T00:46:26.307Z DETECTION Trojan:Win32/Cleaman.F file:C:\System Volume Information\SystemRestore\FRStaging\Users\WWNatops\AppData\Local\auditpol.exe
    2011-12-04T03:16:10.689Z Service stopped with exit code 0x0
    2011-12-04T19:16:54.636Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-04T19:16:56.136Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.285.0 AV 1.117.285.0
    2011-12-04T21:08:37.625Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.307.0 AV 1.117.307.0
    2011-12-05T01:36:45.411Z Service stopped with exit code 0x0
    2011-12-05T02:42:19.463Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-05T02:42:20.558Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.307.0 AV 1.117.307.0
    2011-12-05T04:51:28.500Z Service stopped with exit code 0x0
    2011-12-05T17:49:35.402Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-05T17:49:36.477Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.307.0 AV 1.117.307.0
    2011-12-05T18:30:41.627Z DETECTION Exploit:Java/CVE-2011-3544.A file:C:\Users\WWNatops\AppData\Local\Temp\jar_cache3533515566769012118.tmp->Applet.class
    2011-12-05T18:30:41.701Z DETECTION Exploit:Java/CVE-2011-3544.A file:C:\Users\WWNatops\AppData\Local\Temp\jar_cache898286653410975170.tmp->Applet.class
    2011-12-05T18:30:41.849Z DETECTION Exploit:Java/CVE-2011-3544.A file:C:\Users\WWNatops\AppData\Local\Temp\jar_cache4788399906937851492.tmp->Applet.class
    2011-12-05T18:30:41.930Z DETECTION Exploit:Java/CVE-2011-3544.A file:C:\Users\WWNatops\AppData\Local\Temp\jar_cache8494961883038093950.tmp->Applet.class
    2011-12-05T18:32:03.789Z DETECTION Trojan:Win32/Alureon.FL file:C:\Users\WWNatops\AppData\Local\Temp\~!#1363.tmp
    2011-12-05T18:32:22.594Z DETECTION PWS:Win32/Fareit.A file:C:\Users\WWNatops\AppData\Local\Temp\~!#5EE6.tmp
    2011-12-05T18:32:47.825Z Service stopped with exit code 0x0
    2011-12-05T18:35:19.402Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-05T18:35:21.431Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.307.0 AV 1.117.307.0
    2011-12-05T18:35:59.414Z DETECTION Trojan:Win32/Alureon.FL file:C:\Users\WWNatops\AppData\Local\Temp\~!#1363.tmp
    2011-12-05T18:35:59.414Z DETECTION PWS:Win32/Fareit.A file:C:\Users\WWNatops\AppData\Local\Temp\~!#5EE6.tmp
    2011-12-05T18:37:36.749Z Service stopped with exit code 0x0
    2011-12-06T04:51:53.402Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-06T04:51:54.838Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.307.0 AV 1.117.307.0
    2011-12-06T04:52:32.406Z DETECTION Trojan:Win32/Alureon.FL file:C:\Users\WWNatops\AppData\Local\Temp\~!#1363.tmp
    2011-12-06T04:52:32.422Z DETECTION PWS:Win32/Fareit.A file:C:\Users\WWNatops\AppData\Local\Temp\~!#5EE6.tmp
    2011-12-06T04:58:39.686Z Service stopped with exit code 0x0
    2011-12-06T16:49:32.402Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-06T16:49:33.476Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.307.0 AV 1.117.307.0
    2011-12-06T16:50:11.229Z DETECTION Trojan:Win32/Alureon.FL file:C:\Users\WWNatops\AppData\Local\Temp\~!#1363.tmp
    2011-12-06T16:50:11.244Z DETECTION PWS:Win32/Fareit.A file:C:\Users\WWNatops\AppData\Local\Temp\~!#5EE6.tmp
    2011-12-06T19:01:19.860Z Service stopped with exit code 0x0
    2011-12-06T19:02:49.449Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-06T19:02:50.252Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.307.0 AV 1.117.307.0
    2011-12-07T00:31:00.431Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.483.0 AV 1.117.483.0
    2011-12-07T04:14:44.633Z Service stopped with exit code 0x0
    2011-12-07T13:51:58.543Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-07T13:51:59.706Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.483.0 AV 1.117.483.0
    2011-12-07T14:01:11.705Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.508.0 AV 1.117.508.0
    2011-12-07T14:01:47.412Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.545.0 AV 1.117.545.0
    2011-12-07T16:16:05.340Z DETECTION TrojanDownloader:Win32/Karagany.G file:C:\Users\WWNatops\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\2ff439b7-148e8ef5
    2011-12-07T16:16:05.340Z DETECTION TrojanDownloader:Win32/Karagany.G file:C:\Users\WWNatops\AppData\Local\Temp\0.23981331696770514golda.exe
    2011-12-07T16:16:05.340Z DETECTION TrojanDownloader:Win32/Karagany.G file:C:\Users\WWNatops\AppData\Local\Temp\0.8367012753071501fdrgs.exe
    2011-12-07T16:16:05.340Z DETECTION TrojanDownloader:Win32/Karagany.G file:C:\Users\WWNatops\AppData\Local\Temp\0.8772494438267155fdrgs.exe
    2011-12-07T16:16:05.342Z DETECTION Rogue:Win32/FakeRean file:C:\Users\WWNatops\AppData\Local\Temp\6104.tmp
    2011-12-07T16:16:05.343Z DETECTION Rogue:Win32/FakeRean file:C:\Users\WWNatops\AppData\Local\Temp\~!#459B.tmp
    2011-12-07T16:16:05.343Z DETECTION Rogue:Win32/FakeRean file:C:\Users\WWNatops\AppData\Local\Temp\~!#E59D.tmp
    2011-12-07T16:16:05.351Z DETECTION Exploit:Java/CVE-2011-3544.A file:C:\Users\WWNatops\AppData\Local\Temp\jar_cache1568660870428031755.tmp->vukavuka.class
    2011-12-07T17:47:27.753Z DETECTION TrojanDownloader:Win32/Yorobun.A file:C:\Users\WWNatops\AppData\Local\Temp\0.9355787776464349golda.exe->(UPX)
    2011-12-07T17:47:29.571Z DETECTION Rogue:Win32/FakeRean file:C:\Users\WWNatops\AppData\Local\Temp\0.6416821267595308fdrgs.exe
    2011-12-07T22:05:31.963Z DETECTION TrojanDownloader:Win32/Yorobun.A file:C:\Users\WWNatops\AppData\Local\Temp\0.48719552414422906fdrgs.exe->(UPX)
    2011-12-07T22:05:33.423Z DETECTION TrojanDownloader:Win32/Yorobun.A file:C:\Users\WWNatops\AppData\Local\Temp\gggf0.7016884170193824.exe->(UPX)
    2011-12-08T04:28:52.041Z Service stopped with exit code 0x0
    2011-12-08T13:48:32.588Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-08T13:48:33.586Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.545.0 AV 1.117.545.0
    2011-12-08T15:02:51.119Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.622.0 AV 1.117.622.0
    2011-12-09T03:36:40.018Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.665.0 AV 1.117.665.0
    2011-12-09T04:30:01.983Z DETECTION VirTool:Win32/Obfuscator.UL file:C:\Users\WWNatops\AppData\Local\Temp\~!#F74A.tmp
    2011-12-09T05:11:59.586Z Service stopped with exit code 0x0
    2011-12-09T15:23:19.432Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-09T15:23:20.572Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.665.0 AV 1.117.665.0
    2011-12-09T15:25:49.807Z Service stopped with exit code 0x0
    2011-12-09T15:27:13.543Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-09T15:27:14.686Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.665.0 AV 1.117.665.0
    2011-12-09T15:31:37.474Z Service stopped with exit code 0x0
    2011-12-09T15:33:01.402Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-09T15:33:02.509Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.665.0 AV 1.117.665.0
    2011-12-09T15:33:41.854Z Service stopped with exit code 0x0
    2011-12-09T15:35:55.418Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-09T15:35:56.536Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.665.0 AV 1.117.665.0
    2011-12-09T17:41:46.183Z Service stopped with exit code 0x0
    2011-12-09T17:43:40.356Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-09T17:43:41.472Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.665.0 AV 1.117.665.0
    2011-12-09T17:47:09.547Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.718.0 AV 1.117.718.0
    2011-12-09T20:36:28.897Z Service stopped with exit code 0x0
    2011-12-09T23:53:00.058Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-09T23:53:01.168Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.718.0 AV 1.117.718.0
    2011-12-10T00:09:55.825Z Service stopped with exit code 0x0
    2011-12-10T06:40:09.850Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-10T06:40:10.940Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.718.0 AV 1.117.718.0
    2011-12-10T07:20:33.167Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-10T07:20:35.653Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.718.0 AV 1.117.718.0
    2011-12-10T07:21:20.586Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.768.0 AV 1.117.768.0
    2011-12-10T07:54:44.396Z Service stopped with exit code 0x0
    2011-12-10T15:13:13.714Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-10T15:13:14.811Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.768.0 AV 1.117.768.0
    2011-12-10T15:14:32.405Z Service stopped with exit code 0x0
    2011-12-10T15:15:57.463Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-10T15:15:58.572Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.768.0 AV 1.117.768.0
    2011-12-10T17:58:53.430Z DETECTION Trojan:JS/Redirector.HQ file:C:\Users\WWNatops\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4REOF21R\index[1].htm
    2011-12-10T17:58:54.230Z DETECTION VirTool:JS/Obfuscator.CA file:C:\Users\WWNatops\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2QKSOW8\index[2].htm->(SCRIPT0000)
    2011-12-10T18:07:51.801Z Service stopped with exit code 0x0
    2011-12-10T20:45:39.145Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-10T20:45:45.860Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.768.0 AV 1.117.768.0
    2011-12-11T03:38:12.184Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-11T03:38:14.117Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.768.0 AV 1.117.768.0
    2011-12-11T03:39:00.247Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.797.0 AV 1.117.797.0
    2011-12-11T07:28:33.413Z Service stopped with exit code 0x0
    2011-12-11T13:18:14.192Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-11T13:18:32.745Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.797.0 AV 1.117.797.0
    2011-12-11T14:11:51.006Z Service stopped with exit code 0x0
    2011-12-11T14:13:26.295Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-11T14:13:29.256Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.797.0 AV 1.117.797.0
    2011-12-11T17:47:36.603Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.824.0 AV 1.117.824.0
    2011-12-12T02:13:37.463Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-12T02:13:43.380Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.824.0 AV 1.117.824.0
    2011-12-12T02:55:01.105Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.834.0 AV 1.117.834.0
    2011-12-12T03:47:16.786Z Service stopped with exit code 0x0
    2011-12-12T03:48:54.449Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-12T03:48:55.561Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.834.0 AV 1.117.834.0
    2011-12-12T04:10:23.315Z Service stopped with exit code 0x0
    2011-12-12T04:11:54.636Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-12T04:11:55.779Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.834.0 AV 1.117.834.0
    2011-12-12T05:36:22.433Z Service stopped with exit code 0x0
    2011-12-12T13:59:06.449Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-12T13:59:07.541Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.834.0 AV 1.117.834.0
    2011-12-12T14:16:57.505Z Service stopped with exit code 0x0
    2011-12-12T14:18:29.730Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-12T14:18:30.913Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.834.0 AV 1.117.834.0
    2011-12-12T14:25:55.479Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.888.0 AV 1.117.888.0
    2011-12-12T18:39:46.896Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-12T18:39:49.396Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.888.0 AV 1.117.888.0
    2011-12-13T04:51:30.800Z Service stopped with exit code 0x0
    2011-12-13T20:52:18.791Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-13T20:52:19.960Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.888.0 AV 1.117.888.0
    2011-12-14T04:44:25.012Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1000.0 AV 1.117.1000.0
    2011-12-14T08:27:11.076Z Service stopped with exit code 0x0
    2011-12-14T15:38:18.448Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-14T15:38:19.624Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1000.0 AV 1.117.1000.0
    2011-12-15T01:19:20.180Z Service stopped with exit code 0x0
    2011-12-15T01:20:51.463Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-15T01:20:54.206Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1000.0 AV 1.117.1000.0
    2011-12-15T04:29:53.569Z Service stopped with exit code 0x0
    2011-12-15T14:10:47.416Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-15T14:10:48.471Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1000.0 AV 1.117.1000.0
    2011-12-15T15:58:57.917Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1145.0 AV 1.117.1145.0
    2011-12-15T16:12:27.205Z Service stopped with exit code 0x0
    2011-12-16T01:31:53.256Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-16T01:31:54.332Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1145.0 AV 1.117.1145.0
    2011-12-16T02:31:01.525Z Service stopped with exit code 0x0
    2011-12-16T13:18:04.668Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-16T13:18:05.813Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1145.0 AV 1.117.1145.0
    2011-12-16T18:31:47.222Z Service stopped with exit code 0x0
    2011-12-16T22:54:36.402Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-16T22:54:37.551Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1145.0 AV 1.117.1145.0
    2011-12-16T23:09:24.146Z Service stopped with exit code 0x0
    2011-12-17T11:17:00.270Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-17T11:17:06.557Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1145.0 AV 1.117.1145.0
    2011-12-17T16:01:48.218Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1272.0 AV 1.117.1272.0
    2011-12-17T16:42:42.779Z Service stopped with exit code 0x0
    2011-12-17T22:31:02.512Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-17T22:31:03.708Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1272.0 AV 1.117.1272.0
    2011-12-17T23:39:04.435Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1282.0 AV 1.117.1282.0
    2011-12-18T07:17:34.756Z Service stopped with exit code 0x0
    2011-12-18T14:28:35.465Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-18T14:28:36.752Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1282.0 AV 1.117.1282.0
    2011-12-18T17:28:15.129Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1307.0 AV 1.117.1307.0
    2011-12-18T18:31:49.105Z Service stopped with exit code 0x0
    2011-12-18T22:57:07.418Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-18T22:57:08.965Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1307.0 AV 1.117.1307.0
    2011-12-19T04:28:36.033Z Service stopped with exit code 0x0
    2011-12-19T14:56:08.543Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-19T14:56:09.645Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1307.0 AV 1.117.1307.0
    2011-12-19T15:31:04.471Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1361.0 AV 1.117.1361.0
    2011-12-20T05:19:53.122Z Service stopped with exit code 0x0
    2011-12-20T13:00:32.558Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-20T13:00:33.702Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1361.0 AV 1.117.1361.0
    2011-12-20T13:49:10.729Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1438.0 AV 1.117.1438.0
    2011-12-21T02:44:32.524Z Service stopped with exit code 0x0
    2011-12-21T12:22:59.434Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-21T12:23:00.543Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1438.0 AV 1.117.1438.0
    2011-12-21T19:04:12.756Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1510.0 AV 1.117.1510.0
    2011-12-22T01:01:30.147Z Service stopped with exit code 0x0
    2011-12-22T01:03:05.878Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-22T01:03:06.963Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1510.0 AV 1.117.1510.0
    2011-12-22T05:15:03.210Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1521.0 AV 1.117.1521.0
    2011-12-22T05:17:18.717Z Service stopped with exit code 0x0
    2011-12-22T09:58:51.696Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-22T09:58:53.831Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1521.0 AV 1.117.1521.0
    2011-12-22T11:41:59.931Z Service stopped with exit code 0x0
    2011-12-22T23:53:31.561Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-22T23:53:33.684Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1521.0 AV 1.117.1521.0
    2011-12-23T00:15:29.974Z Service stopped with exit code 0x0
    2011-12-23T00:16:53.777Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-23T00:16:55.122Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1521.0 AV 1.117.1521.0
    2011-12-23T03:32:45.345Z Service stopped with exit code 0x0
    2011-12-23T11:32:34.714Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
    2011-12-23T11:32:35.571Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.7903.0 AS 1.117.1521.0 AV 1.117.1521.0


    -= EOF =-

    4. Hard Disk Effor-checking Results.

    Your device or disk was successfully scanned
    No problems were found on the device or disk. It is ready to use.
    If you removed the device or disk before all files were fully written to it, parts of some files might still be missing.
    If so, go back to the source and recopy those files to your device or disk.

    Volume label is OS.
    CHKDSK is verifying files (stage 1 of 3)...
    265728 file records processed.

    File verification completed.
    2359 large file records processed.

    0 bad file records processed.

    2 EA records processed.

    28 reparse records processed.

    CHKDSK is verifying indexes (stage 2 of 3)...
    331024 index entries processed.

    Index verification completed.

    CHKDSK is verifying security descriptors (stage 3 of 3)...
    265728 file SDs/SIDs processed.

    Security descriptor verification completed.
    32649 data files processed.

    CHKDSK is verifying Usn Journal...
    33596072 USN bytes processed.

    Usn Journal verification completed
    Windows has checked the file system and found no problems.

    284578815 KB total disk space.
    120132004 KB in 197356 files.
    121484 KB in 32650 indexes.
    375139 KB in use by the system.
    65536 KB occupied by the log file.
    163950188 KB available on disk.

    4096 bytes in each allocation unit
    71144703 total allocation units on disk.
    40987547 allocation units available on disk.

    5. TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt
    14:38:52.0439 2852 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
    14:38:52.0748 2852 ============================================================
    14:38:52.0748 2852 Current date / time: 2011/12/23 14:38:52.0748
    14:38:52.0748 2852 SystemInfo:
    14:38:52.0748 2852
    14:38:52.0748 2852 OS Version: 6.1.7601 ServicePack: 1.0
    14:38:52.0748 2852 Product type: Workstation
    14:38:52.0748 2852 ComputerName: HAL2010
    14:38:52.0748 2852 UserName: WWNatops
    14:38:52.0748 2852 Windows directory: C:\Windows
    14:38:52.0748 2852 System windows directory: C:\Windows
    14:38:52.0748 2852 Running under WOW64
    14:38:52.0748 2852 Processor architecture: Intel x64
    14:38:52.0748 2852 Number of processors: 8
    14:38:52.0748 2852 Page size: 0x1000
    14:38:52.0748 2852 Boot type: Normal boot
    14:38:52.0748 2852 ============================================================
    14:38:52.0945 2852 Initialize success
    14:38:56.0336 1216 ============================================================
    14:38:56.0336 1216 Scan started
    14:38:56.0336 1216 Mode: Manual;
    14:38:56.0336 1216 ============================================================
    14:38:56.0840 1216 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    14:38:56.0843 1216 1394ohci - ok
    14:38:56.0855 1216 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    14:38:56.0858 1216 ACPI - ok
    14:38:56.0870 1216 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    14:38:56.0871 1216 AcpiPmi - ok
    14:38:56.0923 1216 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    14:38:56.0927 1216 adp94xx - ok
    14:38:56.0942 1216 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    14:38:56.0945 1216 adpahci - ok
    14:38:56.0954 1216 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    14:38:56.0956 1216 adpu320 - ok
    14:38:56.0989 1216 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    14:38:56.0993 1216 AFD - ok
    14:38:57.0008 1216 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    14:38:57.0010 1216 agp440 - ok
    14:38:57.0038 1216 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    14:38:57.0039 1216 aliide - ok
    14:38:57.0075 1216 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    14:38:57.0075 1216 amdide - ok
    14:38:57.0111 1216 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    14:38:57.0112 1216 AmdK8 - ok
    14:38:57.0237 1216 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
    14:38:57.0364 1216 amdkmdag - ok
    14:38:57.0396 1216 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
    14:38:57.0399 1216 amdkmdap - ok
    14:38:57.0412 1216 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    14:38:57.0413 1216 AmdPPM - ok
    14:38:57.0433 1216 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    14:38:57.0434 1216 amdsata - ok
    14:38:57.0471 1216 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    14:38:57.0474 1216 amdsbs - ok
    14:38:57.0492 1216 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    14:38:57.0492 1216 amdxata - ok
    14:38:57.0521 1216 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    14:38:57.0521 1216 AppID - ok
    14:38:57.0545 1216 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    14:38:57.0546 1216 arc - ok
    14:38:57.0560 1216 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    14:38:57.0561 1216 arcsas - ok
    14:38:57.0574 1216 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    14:38:57.0574 1216 AsyncMac - ok
    14:38:57.0592 1216 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    14:38:57.0593 1216 atapi - ok
    14:38:57.0634 1216 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
    14:38:57.0636 1216 AtiHDAudioService - ok
    14:38:57.0654 1216 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
    14:38:57.0656 1216 AtiHdmiService - ok
    14:38:57.0789 1216 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
    14:38:57.0819 1216 atikmdag - ok
    14:38:57.0853 1216 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    14:38:57.0857 1216 b06bdrv - ok
    14:38:57.0892 1216 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    14:38:57.0895 1216 b57nd60a - ok
    14:38:57.0915 1216 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    14:38:57.0915 1216 Beep - ok
    14:38:57.0933 1216 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    14:38:57.0934 1216 blbdrive - ok
    14:38:57.0960 1216 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    14:38:57.0961 1216 bowser - ok
    14:38:57.0986 1216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    14:38:57.0987 1216 BrFiltLo - ok
    14:38:57.0994 1216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    14:38:57.0995 1216 BrFiltUp - ok
    14:38:58.0017 1216 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    14:38:58.0020 1216 Brserid - ok
    14:38:58.0032 1216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    14:38:58.0033 1216 BrSerWdm - ok
    14:38:58.0041 1216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    14:38:58.0042 1216 BrUsbMdm - ok
    14:38:58.0049 1216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    14:38:58.0049 1216 BrUsbSer - ok
    14:38:58.0105 1216 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    14:38:58.0106 1216 BthEnum - ok
    14:38:58.0126 1216 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    14:38:58.0127 1216 BTHMODEM - ok
    14:38:58.0145 1216 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    14:38:58.0147 1216 BthPan - ok
    14:38:58.0187 1216 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
    14:38:58.0191 1216 BTHPORT - ok
    14:38:58.0229 1216 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
    14:38:58.0230 1216 BTHUSB - ok
    14:38:58.0241 1216 btwaudio - ok
    14:38:58.0249 1216 btwavdt - ok
    14:38:58.0256 1216 btwl2cap - ok
    14:38:58.0263 1216 btwrchid - ok
    14:38:58.0279 1216 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    14:38:58.0279 1216 cdfs - ok
    14:38:58.0311 1216 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    14:38:58.0313 1216 cdrom - ok
    14:38:58.0348 1216 chdrvr01 (2c12fca72a5020b756b47fab59f4579f) C:\Windows\system32\DRIVERS\chdrvr01.sys
    14:38:58.0357 1216 chdrvr01 - ok
    14:38:58.0389 1216 chdrvr02 (72830de32beedaa506a8194f74cc5c83) C:\Windows\system32\DRIVERS\chdrvr02.sys
    14:38:58.0394 1216 chdrvr02 - ok
    14:38:58.0414 1216 chdrvr03 (2fa38c44b9c319db9a6ab61c2127873b) C:\Windows\system32\DRIVERS\chdrvr03.sys
    14:38:58.0419 1216 chdrvr03 - ok
    14:38:58.0441 1216 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    14:38:58.0442 1216 circlass - ok
    14:38:58.0461 1216 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    14:38:58.0463 1216 CLFS - ok
    14:38:58.0510 1216 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    14:38:58.0511 1216 CmBatt - ok
    14:38:58.0529 1216 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    14:38:58.0529 1216 cmdide - ok
    14:38:58.0559 1216 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    14:38:58.0561 1216 CNG - ok
    14:38:58.0577 1216 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    14:38:58.0577 1216 Compbatt - ok
    14:38:58.0601 1216 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    14:38:58.0602 1216 CompositeBus - ok
    14:38:58.0636 1216 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    14:38:58.0636 1216 crcdisk - ok
    14:38:58.0666 1216 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    14:38:58.0671 1216 CSC - ok
    14:38:58.0698 1216 DAdderFltr (5bc67f1efb6b1d039b151cf7353ec742) C:\Windows\system32\drivers\dadder.sys
    14:38:58.0699 1216 DAdderFltr - ok
    14:38:58.0729 1216 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    14:38:58.0729 1216 DfsC - ok
    14:38:58.0744 1216 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    14:38:58.0745 1216 discache - ok
    14:38:58.0764 1216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    14:38:58.0765 1216 Disk - ok
    14:38:58.0801 1216 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    14:38:58.0803 1216 Dot4 - ok
    14:38:58.0828 1216 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    14:38:58.0829 1216 Dot4Print - ok
    14:38:58.0859 1216 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    14:38:58.0860 1216 dot4usb - ok
    14:38:58.0884 1216 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    14:38:58.0885 1216 drmkaud - ok
    14:38:58.0918 1216 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    14:38:58.0923 1216 DXGKrnl - ok
    14:38:58.0986 1216 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    14:38:59.0029 1216 ebdrv - ok
    14:38:59.0064 1216 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    14:38:59.0068 1216 elxstor - ok
    14:38:59.0087 1216 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    14:38:59.0088 1216 ErrDev - ok
    14:38:59.0106 1216 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    14:38:59.0107 1216 exfat - ok
    14:38:59.0124 1216 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    14:38:59.0126 1216 fastfat - ok
    14:38:59.0158 1216 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    14:38:59.0159 1216 fdc - ok
    14:38:59.0173 1216 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    14:38:59.0173 1216 FileInfo - ok
    14:38:59.0194 1216 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    14:38:59.0194 1216 Filetrace - ok
    14:38:59.0216 1216 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    14:38:59.0217 1216 flpydisk - ok
    14:38:59.0238 1216 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    14:38:59.0239 1216 FltMgr - ok
    14:38:59.0254 1216 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    14:38:59.0254 1216 FsDepends - ok
    14:38:59.0273 1216 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    14:38:59.0273 1216 Fs_Rec - ok
    14:38:59.0297 1216 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    14:38:59.0298 1216 fvevol - ok
    14:38:59.0319 1216 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    14:38:59.0320 1216 gagp30kx - ok
    14:38:59.0383 1216 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    14:38:59.0384 1216 hcw85cir - ok
    14:38:59.0416 1216 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    14:38:59.0417 1216 HDAudBus - ok
    14:38:59.0428 1216 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    14:38:59.0429 1216 HidBatt - ok
    14:38:59.0437 1216 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    14:38:59.0438 1216 HidBth - ok
    14:38:59.0448 1216 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    14:38:59.0449 1216 HidIr - ok
    14:38:59.0478 1216 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    14:38:59.0479 1216 HidUsb - ok
    14:38:59.0515 1216 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    14:38:59.0516 1216 HpSAMD - ok
    14:38:59.0550 1216 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    14:38:59.0560 1216 HTTP - ok
    14:38:59.0581 1216 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    14:38:59.0582 1216 hwpolicy - ok
    14:38:59.0603 1216 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    14:38:59.0604 1216 i8042prt - ok
    14:38:59.0631 1216 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
    14:38:59.0633 1216 iaStor - ok
    14:38:59.0685 1216 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    14:38:59.0689 1216 iaStorV - ok
    14:38:59.0714 1216 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    14:38:59.0715 1216 iirsp - ok
    14:38:59.0767 1216 IntcAzAudAddService (697c927e0de2abaf1a5f455033f687cd) C:\Windows\system32\drivers\RTKVHD64.sys
    14:38:59.0803 1216 IntcAzAudAddService - ok
    14:38:59.0833 1216 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    14:38:59.0834 1216 intelide - ok
    14:38:59.0849 1216 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    14:38:59.0849 1216 intelppm - ok
    14:38:59.0874 1216 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:38:59.0875 1216 IpFilterDriver - ok
    14:38:59.0897 1216 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    14:38:59.0898 1216 IPMIDRV - ok
    14:38:59.0911 1216 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    14:38:59.0912 1216 IPNAT - ok
    14:38:59.0952 1216 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    14:38:59.0953 1216 IRENUM - ok
    14:38:59.0975 1216 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    14:38:59.0975 1216 isapnp - ok
    14:38:59.0996 1216 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    14:38:59.0998 1216 iScsiPrt - ok
    14:39:00.0014 1216 JRAID (c2f9be83db87b30da2b52eeb1daee1ce) C:\Windows\system32\DRIVERS\jraid.sys
    14:39:00.0015 1216 JRAID - ok
    14:39:00.0045 1216 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
    14:39:00.0048 1216 k57nd60a - ok
    14:39:00.0075 1216 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    14:39:00.0076 1216 kbdclass - ok
    14:39:00.0095 1216 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    14:39:00.0095 1216 kbdhid - ok
    14:39:00.0119 1216 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    14:39:00.0120 1216 KSecDD - ok
    14:39:00.0174 1216 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    14:39:00.0175 1216 KSecPkg - ok
    14:39:00.0197 1216 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    14:39:00.0198 1216 ksthunk - ok
    14:39:00.0233 1216 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    14:39:00.0234 1216 lltdio - ok
    14:39:00.0256 1216 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    14:39:00.0257 1216 LSI_FC - ok
    14:39:00.0265 1216 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    14:39:00.0267 1216 LSI_SAS - ok
    14:39:00.0275 1216 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    14:39:00.0276 1216 LSI_SAS2 - ok
    14:39:00.0291 1216 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    14:39:00.0293 1216 LSI_SCSI - ok
    14:39:00.0310 1216 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    14:39:00.0311 1216 luafv - ok
    14:39:00.0345 1216 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
    14:39:00.0346 1216 MBAMProtector - ok
    14:39:00.0361 1216 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    14:39:00.0362 1216 megasas - ok
    14:39:00.0379 1216 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    14:39:00.0382 1216 MegaSR - ok
    14:39:00.0415 1216 mio (8fa3c6a34458bc78c9b13ce08b277faf) C:\Windows\system32\DRIVERS\mio.sys
    14:39:00.0420 1216 mio - ok
    14:39:00.0454 1216 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    14:39:00.0454 1216 Modem - ok
    14:39:00.0468 1216 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    14:39:00.0468 1216 monitor - ok
    14:39:00.0496 1216 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    14:39:00.0497 1216 mouclass - ok
    14:39:00.0517 1216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    14:39:00.0518 1216 mouhid - ok
    14:39:00.0539 1216 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    14:39:00.0539 1216 mountmgr - ok
    14:39:00.0575 1216 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
    14:39:00.0577 1216 MpFilter - ok
    14:39:00.0603 1216 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    14:39:00.0605 1216 mpio - ok
    14:39:00.0665 1216 MpKsl07fefdea (0ebb390b7aeec45ec061d9870a34fd42) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B83070F6-F500-47C0-B34E-2BF6672F4099}\MpKsl07fefdea.sys
    14:39:00.0666 1216 MpKsl07fefdea - ok
    14:39:00.0698 1216 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
    14:39:00.0699 1216 MpNWMon - ok
    14:39:00.0718 1216 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    14:39:00.0718 1216 mpsdrv - ok
    14:39:00.0735 1216 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    14:39:00.0736 1216 MRxDAV - ok
    14:39:00.0759 1216 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:39:00.0761 1216 mrxsmb - ok
    14:39:00.0793 1216 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:39:00.0795 1216 mrxsmb10 - ok
    14:39:00.0817 1216 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:39:00.0818 1216 mrxsmb20 - ok
    14:39:00.0833 1216 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    14:39:00.0834 1216 msahci - ok
    14:39:00.0860 1216 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    14:39:00.0861 1216 msdsm - ok
    14:39:00.0885 1216 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    14:39:00.0885 1216 Msfs - ok
    14:39:00.0905 1216 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    14:39:00.0905 1216 mshidkmdf - ok
    14:39:00.0921 1216 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    14:39:00.0921 1216 msisadrv - ok
    14:39:00.0961 1216 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    14:39:00.0962 1216 MSKSSRV - ok
    14:39:00.0980 1216 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    14:39:00.0980 1216 MSPCLOCK - ok
    14:39:00.0994 1216 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    14:39:00.0994 1216 MSPQM - ok
    14:39:01.0016 1216 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    14:39:01.0019 1216 MsRPC - ok
    14:39:01.0039 1216 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    14:39:01.0039 1216 mssmbios - ok
    14:39:01.0053 1216 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    14:39:01.0053 1216 MSTEE - ok
    14:39:01.0068 1216 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    14:39:01.0069 1216 MTConfig - ok
    14:39:01.0088 1216 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    14:39:01.0089 1216 Mup - ok
    14:39:01.0114 1216 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    14:39:01.0117 1216 NativeWifiP - ok
    14:39:01.0145 1216 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    14:39:01.0162 1216 NDIS - ok
    14:39:01.0215 1216 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    14:39:01.0216 1216 NdisCap - ok
    14:39:01.0244 1216 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    14:39:01.0245 1216 NdisTapi - ok
    14:39:01.0267 1216 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    14:39:01.0268 1216 Ndisuio - ok
    14:39:01.0289 1216 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    14:39:01.0290 1216 NdisWan - ok
    14:39:01.0316 1216 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    14:39:01.0317 1216 NDProxy - ok
    14:39:01.0356 1216 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    14:39:01.0357 1216 NetBIOS - ok
    14:39:01.0375 1216 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    14:39:01.0378 1216 NetBT - ok
    14:39:01.0421 1216 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    14:39:01.0422 1216 nfrd960 - ok
    14:39:01.0451 1216 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    14:39:01.0453 1216 NisDrv - ok
    14:39:01.0486 1216 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    14:39:01.0487 1216 Npfs - ok
    14:39:01.0510 1216 npusbio (95a2ab418251a3b2a2571cde880b80d0) C:\Windows\system32\Drivers\npusbio_x64.sys
    14:39:01.0516 1216 npusbio - ok
    14:39:01.0534 1216 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    14:39:01.0534 1216 nsiproxy - ok
    14:39:01.0573 1216 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    14:39:01.0598 1216 Ntfs - ok
    14:39:01.0611 1216 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    14:39:01.0611 1216 Null - ok
    14:39:01.0630 1216 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    14:39:01.0632 1216 nvraid - ok
    14:39:01.0652 1216 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    14:39:01.0654 1216 nvstor - ok
    14:39:01.0698 1216 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    14:39:01.0699 1216 nv_agp - ok
    14:39:01.0724 1216 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    14:39:01.0725 1216 ohci1394 - ok
    14:39:01.0743 1216 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    14:39:01.0744 1216 Parport - ok
    14:39:01.0764 1216 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    14:39:01.0765 1216 partmgr - ok
    14:39:01.0783 1216 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    14:39:01.0784 1216 pci - ok
    14:39:01.0797 1216 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    14:39:01.0798 1216 pciide - ok
    14:39:01.0812 1216 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    14:39:01.0814 1216 pcmcia - ok
    14:39:01.0831 1216 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    14:39:01.0832 1216 pcw - ok
    14:39:01.0853 1216 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    14:39:01.0858 1216 PEAUTH - ok
    14:39:01.0946 1216 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    14:39:01.0948 1216 PptpMiniport - ok
    14:39:01.0969 1216 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    14:39:01.0970 1216 Processor - ok
    14:39:01.0998 1216 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    14:39:02.0000 1216 Psched - ok
    14:39:02.0036 1216 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    14:39:02.0061 1216 ql2300 - ok
    14:39:02.0073 1216 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    14:39:02.0075 1216 ql40xx - ok
    14:39:02.0089 1216 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    14:39:02.0090 1216 QWAVEdrv - ok
    14:39:02.0112 1216 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    14:39:02.0112 1216 RasAcd - ok
    14:39:02.0132 1216 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    14:39:02.0133 1216 RasAgileVpn - ok
    14:39:02.0154 1216 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:39:02.0155 1216 Rasl2tp - ok
    14:39:02.0194 1216 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    14:39:02.0196 1216 RasPppoe - ok
    14:39:02.0213 1216 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    14:39:02.0214 1216 RasSstp - ok
    14:39:02.0233 1216 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    14:39:02.0236 1216 rdbss - ok
    14:39:02.0247 1216 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    14:39:02.0248 1216 rdpbus - ok
    14:39:02.0259 1216 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:39:02.0259 1216 RDPCDD - ok
    14:39:02.0283 1216 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    14:39:02.0284 1216 RDPDR - ok
    14:39:02.0307 1216 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    14:39:02.0307 1216 RDPENCDD - ok
    14:39:02.0321 1216 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    14:39:02.0322 1216 RDPREFMP - ok
    14:39:02.0352 1216 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    14:39:02.0353 1216 RdpVideoMiniport - ok
    14:39:02.0368 1216 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    14:39:02.0370 1216 RDPWD - ok
    14:39:02.0391 1216 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    14:39:02.0393 1216 rdyboost - ok
    14:39:02.0451 1216 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    14:39:02.0453 1216 RFCOMM - ok
    14:39:02.0485 1216 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    14:39:02.0486 1216 rspndr - ok
    14:39:02.0515 1216 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    14:39:02.0516 1216 s3cap - ok
    14:39:02.0528 1216 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    14:39:02.0530 1216 sbp2port - ok
    14:39:02.0545 1216 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    14:39:02.0545 1216 scfilter - ok
    14:39:02.0564 1216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    14:39:02.0565 1216 secdrv - ok
    14:39:02.0594 1216 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    14:39:02.0595 1216 Serenum - ok
    14:39:02.0604 1216 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    14:39:02.0605 1216 Serial - ok
    14:39:02.0631 1216 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    14:39:02.0632 1216 sermouse - ok
    14:39:02.0651 1216 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    14:39:02.0652 1216 sffdisk - ok
    14:39:02.0666 1216 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    14:39:02.0667 1216 sffp_mmc - ok
    14:39:02.0679 1216 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    14:39:02.0679 1216 sffp_sd - ok
    14:39:02.0688 1216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    14:39:02.0688 1216 sfloppy - ok
    14:39:02.0748 1216 SI3132 (0f498dee92fd73dd999bae4d506367f5) C:\Windows\system32\DRIVERS\SI3132.sys
    14:39:02.0749 1216 SI3132 - ok
    14:39:02.0767 1216 SiFilter (127ce10e01f53f2edaca7fe42e5631ea) C:\Windows\system32\DRIVERS\SiWinAcc.sys
    14:39:02.0768 1216 SiFilter - ok
    14:39:02.0781 1216 SiRemFil (b742c37002b8ebef6e230df9b4b28546) C:\Windows\system32\DRIVERS\SiRemFil.sys
    14:39:02.0781 1216 SiRemFil - ok
    14:39:02.0790 1216 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    14:39:02.0791 1216 SiSRaid2 - ok
    14:39:02.0804 1216 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    14:39:02.0805 1216 SiSRaid4 - ok
    14:39:02.0820 1216 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    14:39:02.0821 1216 Smb - ok
    14:39:02.0831 1216 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    14:39:02.0832 1216 spldr - ok
    14:39:02.0858 1216 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    14:39:02.0860 1216 srv - ok
    14:39:02.0881 1216 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    14:39:02.0883 1216 srv2 - ok
    14:39:02.0900 1216 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    14:39:02.0901 1216 srvnet - ok
    14:39:02.0925 1216 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    14:39:02.0926 1216 stexstor - ok
    14:39:02.0953 1216 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    14:39:02.0953 1216 storflt - ok
    14:39:02.0986 1216 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    14:39:02.0987 1216 storvsc - ok
    14:39:03.0007 1216 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    14:39:03.0008 1216 swenum - ok
    14:39:03.0032 1216 Synth3dVsc - ok
    14:39:03.0062 1216 TarFltr (827f682e9d2d9b2a49691c3a9697a3bb) C:\Windows\system32\drivers\UsbFltr.sys
    14:39:03.0063 1216 TarFltr - ok
    14:39:03.0113 1216 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    14:39:03.0143 1216 Tcpip - ok
    14:39:03.0173 1216 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    14:39:03.0180 1216 TCPIP6 - ok
    14:39:03.0207 1216 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    14:39:03.0208 1216 tcpipreg - ok
    14:39:03.0225 1216 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    14:39:03.0226 1216 TDPIPE - ok
    14:39:03.0234 1216 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    14:39:03.0234 1216 TDTCP - ok
    14:39:03.0259 1216 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    14:39:03.0260 1216 tdx - ok
    14:39:03.0283 1216 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    14:39:03.0285 1216 TermDD - ok
    14:39:03.0328 1216 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:39:03.0329 1216 tssecsrv - ok
    14:39:03.0355 1216 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    14:39:03.0355 1216 TsUsbFlt - ok
    14:39:03.0366 1216 tsusbhub - ok
    14:39:03.0399 1216 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    14:39:03.0401 1216 tunnel - ok
    14:39:03.0412 1216 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    14:39:03.0413 1216 uagp35 - ok
    14:39:03.0436 1216 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    14:39:03.0439 1216 udfs - ok
    14:39:03.0459 1216 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    14:39:03.0460 1216 uliagpkx - ok
    14:39:03.0484 1216 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    14:39:03.0485 1216 umbus - ok
    14:39:03.0521 1216 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    14:39:03.0522 1216 UmPass - ok
    14:39:03.0548 1216 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    14:39:03.0550 1216 usbccgp - ok
    14:39:03.0572 1216 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    14:39:03.0574 1216 usbcir - ok
    14:39:03.0595 1216 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    14:39:03.0596 1216 usbehci - ok
    14:39:03.0617 1216 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    14:39:03.0621 1216 usbhub - ok
    14:39:03.0643 1216 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    14:39:03.0644 1216 usbohci - ok
    14:39:03.0663 1216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    14:39:03.0664 1216 usbprint - ok
    14:39:03.0681 1216 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    14:39:03.0683 1216 usbscan - ok
    14:39:03.0701 1216 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    14:39:03.0702 1216 USBSTOR - ok
    14:39:03.0732 1216 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    14:39:03.0733 1216 usbuhci - ok
    14:39:03.0768 1216 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    14:39:03.0769 1216 vdrvroot - ok
    14:39:03.0784 1216 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    14:39:03.0785 1216 vga - ok
    14:39:03.0799 1216 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    14:39:03.0799 1216 VgaSave - ok
    14:39:03.0815 1216 VGPU - ok
    14:39:03.0832 1216 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    14:39:03.0835 1216 vhdmp - ok
    14:39:03.0849 1216 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    14:39:03.0850 1216 viaide - ok
    14:39:03.0864 1216 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    14:39:03.0865 1216 vmbus - ok
    14:39:03.0876 1216 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    14:39:03.0877 1216 VMBusHID - ok
    14:39:03.0898 1216 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    14:39:03.0898 1216 volmgr - ok
    14:39:03.0921 1216 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    14:39:03.0923 1216 volmgrx - ok
    14:39:03.0968 1216 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    14:39:03.0971 1216 volsnap - ok
    14:39:03.0998 1216 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    14:39:04.0000 1216 vsmraid - ok
    14:39:04.0015 1216 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    14:39:04.0016 1216 vwifibus - ok
    14:39:04.0026 1216 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    14:39:04.0026 1216 WacomPen - ok
    14:39:04.0049 1216 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    14:39:04.0050 1216 WANARP - ok
    14:39:04.0057 1216 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    14:39:04.0057 1216 Wanarpv6 - ok
    14:39:04.0075 1216 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    14:39:04.0076 1216 Wd - ok
    14:39:04.0095 1216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    14:39:04.0100 1216 Wdf01000 - ok
    14:39:04.0125 1216 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    14:39:04.0125 1216 WfpLwf - ok
    14:39:04.0151 1216 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    14:39:04.0153 1216 WimFltr - ok
    14:39:04.0169 1216 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    14:39:04.0170 1216 WIMMount - ok
    14:39:04.0206 1216 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    14:39:04.0207 1216 WmiAcpi - ok
    14:39:04.0247 1216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    14:39:04.0247 1216 ws2ifsl - ok
    14:39:04.0277 1216 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    14:39:04.0278 1216 WudfPf - ok
    14:39:04.0300 1216 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    14:39:04.0301 1216 WUDFRd - ok
    14:39:04.0328 1216 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
    14:39:04.0353 1216 \Device\Harddisk0\DR0 - ok
    14:39:04.0355 1216 Boot (0x1200) (7bd5d8636bb4662a20e1fa09a18277d6) \Device\Harddisk0\DR0\Partition0
    14:39:04.0356 1216 \Device\Harddisk0\DR0\Partition0 - ok
    14:39:04.0365 1216 Boot (0x1200) (c74a2a72a012fa4af257d918c8b08f8b) \Device\Harddisk0\DR0\Partition1
    14:39:04.0366 1216 \Device\Harddisk0\DR0\Partition1 - ok
    14:39:04.0366 1216 ============================================================
    14:39:04.0366 1216 Scan finished
    14:39:04.0366 1216 ============================================================
    14:39:04.0372 4972 Detected object count: 0
    14:39:04.0372 4972 Actual detected object count: 0
    14:41:03.0384 1264 Deinitialize success

    6. aswMBR.txt NOT ABLE TO GET THIS TO RUN!!

    Thanx, NATOPS
     
  15. Scolabar

    Scolabar

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi NATOPS,

    I am afraid I have bad news for you. :(

    Your MSE log shows clear signs of Keylogger/Backdoor/Rootkit infection.

    This means your attacker may have full remote access to your computer and can use it as if he were sat in front of it.

    You are strongly advised to do the following immediately:

    1. Disconnect the computer from the Internet and from any networked computers until it is cleaned.
    2. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. It will be a hassle but you should probably change all your account numbers.
    3. From a clean computer, change *ALL* your passwords: (Internet login, your email address(es), financial accounts, PayPal, eBay, Amazon... any online activities you carry out which require a username and password).
      Do NOT change your passwords from this computer, an attacker can still get all the new passwords and transaction records.
    4. Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
    As a result of the Keylogger/Backdoor/Rootkit nature of the infections, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of malware, the best course of action would be to reformat and re-install the operating system (OS). This decision will have to be made by you...

    Guide to re-formatting and re-installing courtesy of wng_z3r0.

    To help you decide, please take some time to read the following articles:

    What are Remote Access Trojans and why are they dangerous
    How do I respond to a possible identity theft and how do I prevent it
    When should I re-format and reinstall my OS
    How and Where to backup your files
    Restoring your backups

    Please let me know how you would like to proceed.

    Scolabar
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1030969

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice