TechSpot

Another Sirefef infection?

By MrScopes
Jul 3, 2012
  1. I suppose my son has roamed a bit too far in the wilds of the internet. His PC is now behaving badly with frequent crashing. SIREFEF has popped up in av scans and said to be deleted. But I'm not sure as problems continue. The Windows firewall was disabled and could not be restarted. I installed Comodo Firewall. Closing the barndoor after the horse has fled comes to mind. Windows Essentials scan returns a clean sheet.

    Now we have followed the instructions here and here are the logs. There are two Malwarebytes logs as the older one showed an infection said to have been deleted. I hope you can guide me in the next steps. Thanks

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.01.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Alex B Cranfield :: AC-PC [administrator]

    02/07/2012 14:43:30
    mbam-log-2012-07-02 (14-43-30).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 393802
    Time elapsed: 10 minute(s), 11 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    ====================
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.06.24.02
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Alex B Cranfield :: AC-PC [administrator]
    24/06/2012 14:40:36
    mbam-log-2012-06-24 (14-40-36).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 238631
    Time elapsed: 1 minute(s), 23 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 4
    C:\Windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\System32\H@tKeysH@@k.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\H@tKeysH@@k.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Alex B Cranfield\AppData\Local\Temp\kpul0.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    (end)
    ===================
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-02 17:59:45
    Windows 6.1.7601 Service Pack 1
    Running: ol7zhc5x.exe
    ---- Files - GMER 1.0.15 ----
    File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map03_TankFactory\T02M03_BackgroundGfx\T02M02_Terrain_host_T02M01_Terrain_host_RoadAsphaltA_RREF_RoadAsphaltA16\mat()\pack.bin 188 bytes
    File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map04_AirField\T02M04_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\mat() 0 bytes
    File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map04_AirField\T02M04_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\mat()\pack.bin 182 bytes
    File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map05_Skirmish\T02M05_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\mat() 0 bytes
    File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map05_Skirmish\T02M05_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\mat()\pack.bin 183 bytes
    File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Shaders\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map04_AirField\T02M04_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\fx() 0 bytes
    File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Shaders\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map04_AirField\T02M04_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\fx()\pack.bin 11079 bytes
    File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Shaders\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map05_Skirmish\T02M05_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\fx() 0 bytes
    File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Shaders\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map05_Skirmish\T02M05_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\fx()\pack.bin 11076 bytes
    ---- EOF - GMER 1.0.15 ----
    ===============
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
    Run by Alex B Cranfield at 18:05:13 on 2012-07-02
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8169.6525 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
    FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://start.funmoods.com/?f=1&a=nv1
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Google Update] "C:\Users\Alex B Cranfield\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [DAEMON Tools Lite] "B:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "B:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{4EF81454-B91D-4384-8F27-B9159AA268D9} : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{4EF81454-B91D-4384-8F27-B9159AA268D9} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "B:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R2 acedrv11;acedrv11;\??\C:\Windows\system32\drivers\acedrv11.sys --> C:\Windows\system32\drivers\acedrv11.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
    R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-6-27 1326176]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
    R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-29 136176]
    S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-6-27 681056]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 257224]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-29 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-02 15:18:49--------d-----w-C:\Users\Alex B Cranfield\AppData\Local\Secunia PSI
    2012-07-02 15:18:41--------d-----w-C:\Program Files (x86)\Secunia
    2012-07-02 14:52:48--------d-----w-C:\ProgramData\Comodo
    2012-07-02 14:52:44--------d-----w-C:\Program Files\COMODO
    2012-07-02 13:11:4769000----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4B27389-5975-4088-B797-A9AC35020098}\offreg.dll
    2012-07-02 05:13:359013136----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4B27389-5975-4088-B797-A9AC35020098}\mpengine.dll
    2012-07-01 21:12:07--------d-----w-C:\FRST
    2012-07-01 19:53:20--------d-----w-C:\Users\Alex B Cranfield\AppData\Roaming\.techniclauncher
    2012-07-01 01:32:039013136----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-06-27 05:27:52--------d-----w-C:\Users\Alex B Cranfield\AppData\Roaming\.minecraft
    2012-06-25 18:34:27--------d-----w-C:\Program Files (x86)\Oracle
    2012-06-25 18:34:21772504----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2012-06-21 17:29:192622464----a-w-C:\Windows\System32\wucltux.dll
    2012-06-21 17:29:1799840----a-w-C:\Windows\System32\wudriver.dll
    2012-06-21 17:29:1636864----a-w-C:\Windows\System32\wuapp.exe
    2012-06-21 17:29:16186752----a-w-C:\Windows\System32\wuwebv.dll
    2012-06-20 18:19:12328704----a-w-C:\Windows\System32\services.exe.5E70A9395C42F257
    2012-06-20 18:16:34328704----a-w-C:\Windows\System32\services.exe.13B11F54766E4BC0
    2012-06-20 18:13:46328704----a-w-C:\Windows\System32\services.exe.2F0EBF178F8CDA76
    2012-06-20 06:08:25328704----a-w-C:\Windows\System32\services.exe.EFDCF3C0DE9D76C9
    2012-06-20 06:05:38328704----a-w-C:\Windows\System32\services.exe.7D08DDE78A2C300F
    2012-06-20 06:02:50328704----a-w-C:\Windows\System32\services.exe.06350B7DC891B4E7
    2012-06-20 05:59:52328704----a-w-C:\Windows\System32\services.exe.4CC2CBB91681EA81
    2012-06-20 05:57:07328704----a-w-C:\Windows\System32\services.exe.0C936E7AC2128E53
    2012-06-20 05:54:22328704----a-w-C:\Windows\System32\services.exe.4FB20B60410F182A
    2012-06-20 05:51:36328704----a-w-C:\Windows\System32\services.exe.A8D6F6D5B515D10C
    2012-06-20 05:48:49328704----a-w-C:\Windows\System32\services.exe.DE31CEB0332A7696
    2012-06-20 05:46:16328704----a-w-C:\Windows\System32\services.exe.61D33793C4B13E16
    2012-06-20 05:44:21328704----a-w-C:\Windows\System32\services.exe.8967B0D850F76966
    2012-06-20 05:41:44328704----a-w-C:\Windows\System32\services.exe.E614E9ACD9D74CA8
    2012-06-20 05:39:13328704----a-w-C:\Windows\System32\services.exe.678CB384D2B3CC4B
    2012-06-20 05:36:25328704----a-w-C:\Windows\System32\services.exe.F8364D651D752FEF
    2012-06-20 05:33:36328704----a-w-C:\Windows\System32\services.exe.D6116BF0D9D71914
    2012-06-13 10:28:06927800------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-06-13 10:28:06927800------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0D87F20-8597-4D03-84D0-1F85E66BCAFE}\gapaengine.dll
    2012-06-13 05:57:149216----a-w-C:\Windows\System32\rdrmemptylst.exe
    2012-06-12 16:32:20--------d-----w-C:\Users\Alex B Cranfield\AppData\Roaming\LoneSurvivor
    2012-06-11 20:51:54--------d-----w-C:\Users\Alex B Cranfield\AppData\Roaming\Braid
    .
    ==================== Find3M ====================
    .
    2012-07-02 15:20:29426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-02 15:20:2870344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-01 16:26:36283304----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
    2012-07-01 16:26:36283304----a-w-C:\Windows\SysWow64\PnkBstrB.exe
    2012-07-01 16:26:10280904----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
    2012-06-27 05:40:49955840----a-w-C:\Windows\System32\npdeployJava1.dll
    2012-06-27 05:40:49839096----a-w-C:\Windows\System32\deployJava1.dll
    2012-06-20 18:21:35328704----a-w-C:\Windows\System32\services.exe
    2012-06-01 19:26:3376888----a-w-C:\Windows\SysWow64\PnkBstrA.exe
    2012-05-26 16:13:16466456----a-w-C:\Windows\System32\wrap_oal.dll
    2012-05-26 16:13:16444952----a-w-C:\Windows\SysWow64\wrap_oal.dll
    2012-05-26 16:13:16122904----a-w-C:\Windows\System32\OpenAL32.dll
    2012-05-26 16:13:16109080----a-w-C:\Windows\SysWow64\OpenAL32.dll
    2012-05-18 02:06:482311680----a-w-C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:141392128----a-w-C:\Windows\System32\wininet.dll
    2012-05-18 01:58:391494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:302382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:371800192----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:471129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:391427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-05-15 01:32:333146752----a-w-C:\Windows\System32\win32k.sys
    2012-05-05 09:38:37283200----a-w-C:\Windows\System32\drivers\dtsoftbus01.sys
    2012-05-04 18:29:16687504----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-05-04 11:06:225559664----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:533968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:503913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20209920----a-w-C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21210944----a-w-C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:5677312----a-w-C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55149504----a-w-C:\Windows\System32\rdpcorekmts.dll
    2012-04-24 05:37:37184320----a-w-C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37140288----a-w-C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:361462272----a-w-C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:421158656----a-w-C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42103936----a-w-C:\Windows\SysWow64\cryptnet.dll
    2012-04-07 12:31:403216384----a-w-C:\Windows\System32\msi.dll
    2012-04-07 11:26:292342400----a-w-C:\Windows\SysWow64\msi.dll
    2012-04-06 05:22:4011174400----a-w-C:\Windows\System32\drivers\atikmdag.sys
    2012-04-06 02:22:00159744----a-w-C:\Windows\System32\atiapfxx.exe
    2012-04-06 02:21:52909312----a-w-C:\Windows\SysWow64\aticfx32.dll
    2012-04-06 02:20:041067520----a-w-C:\Windows\System32\aticfx64.dll
    2012-04-06 02:16:52442368----a-w-C:\Windows\System32\ATIDEMGX.dll
    2012-04-06 02:16:46503808----a-w-C:\Windows\System32\atieclxx.exe
    2012-04-06 02:16:02236544----a-w-C:\Windows\System32\atiesrxx.exe
    2012-04-06 02:14:44120320----a-w-C:\Windows\System32\atitmm64.dll
    2012-04-06 02:14:3021504----a-w-C:\Windows\System32\atimuixx.dll
    2012-04-06 02:14:2659392----a-w-C:\Windows\System32\atiedu64.dll
    2012-04-06 02:14:2043520----a-w-C:\Windows\SysWow64\ati2edxx.dll
    2012-04-06 02:13:426800896----a-w-C:\Windows\SysWow64\atidxx32.dll
    2012-04-06 02:10:5026181632----a-w-C:\Windows\System32\atio6axx.dll
    2012-04-06 02:00:1064000----a-w-C:\Windows\System32\coinst.dll
    2012-04-06 01:54:467479296----a-w-C:\Windows\System32\atidxx64.dll
    2012-04-06 01:50:5619753984----a-w-C:\Windows\SysWow64\atioglxx.dll
    2012-04-06 01:35:241120768----a-w-C:\Windows\System32\atiumd6v.dll
    2012-04-06 01:34:501831424----a-w-C:\Windows\SysWow64\atiumdmv.dll
    2012-04-06 01:34:344731904----a-w-C:\Windows\System32\atiumd6a.dll
    2012-04-06 01:34:046203392----a-w-C:\Windows\SysWow64\atiumdag.dll
    2012-04-06 01:30:1651200----a-w-C:\Windows\System32\aticalrt64.dll
    2012-04-06 01:30:1446080----a-w-C:\Windows\SysWow64\aticalrt.dll
    2012-04-06 01:30:0844544----a-w-C:\Windows\System32\aticalcl64.dll
    2012-04-06 01:30:0644032----a-w-C:\Windows\SysWow64\aticalcl.dll
    2012-04-06 01:29:5416090624----a-w-C:\Windows\System32\aticaldd64.dll
    2012-04-06 01:25:3013764096----a-w-C:\Windows\SysWow64\aticaldd.dll
    2012-04-06 01:23:247431680----a-w-C:\Windows\System32\atiumd64.dll
    2012-04-06 01:22:544795904----a-w-C:\Windows\SysWow64\atiumdva.dll
    2012-04-06 01:11:28514560----a-w-C:\Windows\System32\atiadlxx.dll
    2012-04-06 01:11:20360448----a-w-C:\Windows\SysWow64\atiadlxy.dll
    2012-04-06 01:11:0617408----a-w-C:\Windows\System32\atig6pxx.dll
    2012-04-06 01:11:0414848----a-w-C:\Windows\SysWow64\atiglpxx.dll
    2012-04-06 01:11:0414848----a-w-C:\Windows\System32\atiglpxx.dll
    2012-04-06 01:11:0041984----a-w-C:\Windows\System32\atig6txx.dll
    2012-04-06 01:10:5233280----a-w-C:\Windows\SysWow64\atigktxx.dll
    2012-04-06 01:10:44343040----a-w-C:\Windows\System32\drivers\atikmpag.sys
    2012-04-06 01:09:5654784----a-w-C:\Windows\System32\atiuxp64.dll
    2012-04-06 01:09:4841984----a-w-C:\Windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09:4244544----a-w-C:\Windows\System32\atiu9p64.dll
    2012-04-06 01:09:3432256----a-w-C:\Windows\SysWow64\atiu9pag.dll
    2012-04-06 01:09:0253248----a-w-C:\Windows\System32\drivers\ati2erec.dll
    2012-04-06 01:06:0854784----a-w-C:\Windows\System32\atimpc64.dll
    2012-04-06 01:06:0854784----a-w-C:\Windows\System32\amdpcom64.dll
    2012-04-06 01:06:0453760----a-w-C:\Windows\SysWow64\atimpc32.dll
    2012-04-06 01:06:0453760----a-w-C:\Windows\SysWow64\amdpcom32.dll
    2012-04-05 21:34:26187392----a-w-C:\Windows\System32\clinfo.exe
    2012-04-05 21:34:1074752----a-w-C:\Windows\System32\OpenVideo64.dll
    2012-04-05 21:34:0464512----a-w-C:\Windows\SysWow64\OpenVideo.dll
    2012-04-05 21:33:5663488----a-w-C:\Windows\System32\OVDecode64.dll
    2012-04-05 21:33:5256320----a-w-C:\Windows\SysWow64\OVDecode.dll
    2012-04-05 21:33:4416457216----a-w-C:\Windows\System32\amdocl64.dll
    2012-04-05 21:32:5613007872----a-w-C:\Windows\SysWow64\amdocl.dll
    2012-04-04 14:56:4024904----a-w-C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 18:07:24.46 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 28/06/2011 23:56:23
    System Uptime: 02/07/2012 17:41:30 (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P8P67 PRO
    Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
    .
    ==== Disk Partitions =========================
    .
    B: is FIXED (NTFS) - 931 GiB total, 285.712 GiB free.
    C: is FIXED (NTFS) - 60 GiB total, 11.081 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is CDROM (CDFS)
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&108ABD8A&0&00E4
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&108ABD8A&0&00E4
    Service:
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&DDEC341&0&00E1
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&DDEC341&0&00E1
    Service:
    .
    Class GUID:
    Description: Multimedia Audio Controller
    Device ID: PCI\VEN_1102&DEV_0005&SUBSYS_10031102&REV_00\5&D93DF5B&0&0000E6
    Manufacturer:
    Name: Multimedia Audio Controller
    PNP Device ID: PCI\VEN_1102&DEV_0005&SUBSYS_10031102&REV_00\5&D93DF5B&0&0000E6
    Service:
    .
    ==== System Restore Points ===================
    .
    RP410: 02/07/2012 15:53:10 - Device Driver Package Install: COMODO Network Service
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.6
    American Conquest
    American Conquest - Fight Back
    Amnesia: The Dark Descent
    Apple Software Update
    Application Profiles
    Atom Zombie Smasher
    µTorrent
    Audiosurf
    Bastion
    Battlefield 3™
    BBC iPlayer Desktop
    Bid-O-Matic v2.14.8
    BIT.TRIP RUNNER
    Braid
    Call of Pripyat Complete v1.0.2
    Carmageddon EFLC 2.0.1.1
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    Cave Story+
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cheat Engine 6.1
    Company of Heroes
    Company of Heroes: Tales of Valor
    Cossacks II: Battle for Europe
    Cossacks II: Napoleonic Wars
    Cossacks: Art of War
    Cossacks: Back to War
    Cossacks: European Wars
    Crayon Physics Deluxe
    Creation Kit
    DAEMON Tools Lite
    Dark Messiah Might and Magic Single Player
    Darwinia
    Day of Defeat: Source
    Dead Island
    DEFCON
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dragon NaturallySpeaking 11
    EDGE
    Empire: Total War
    Endless Space
    ESN Sonar
    Evil Genius
    Fallout 3
    Fallout New Vegas
    Far Cry 2
    From Dust
    Frozen Synapse
    FUEL
    GameSpy Arcade
    Google Chrome
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    Grand Theft Auto IV
    Grand Theft Auto: Episodes from Liberty City
    Grand Theft Auto: San Andreas
    Gratuitous Space Battles
    GRID
    Hitman: Blood Money
    HOMEFRONT
    HydraVision
    Impulse®
    Intel(R) Management Engine Components
    Jagged Alliance 2
    Jagged Alliance 2 Gold
    Jamestown
    Java Auto Updater
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    Just Cause 2
    Killing Floor
    Left 4 Dead 2
    LIMBO
    Lone Survivor
    Malwarebytes Anti-Malware version 1.61.0.1400
    Max Payne 3
    MechWarrior 4 Mercenaries
    Medieval II: Total War
    Medieval II: Total War Kingdoms
    Microsoft .NET Framework 1.1
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    Mount & Blade
    Mount & Blade: Warband
    Mount & Blade: With Fire and Sword
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    Napoleon: Total War
    New Star Soccer 5 v1.07
    NVIDIA PhysX
    OpenAL
    Orcs Must Die!
    Origin
    Portal
    ProtectDisc Driver, Version 11
    Psychonauts
    PunkBuster Services
    QuickTime
    RAGE
    Rapture3D 2.4.11 Game
    Red Orchestra 2: Heroes of Stalingrad
    Rockstar Games Social Club
    Rome: Total War - Alexander
    Rome: Total War Gold Edition
    S.T.A.L.K.E.R. - Clear Sky
    S.T.A.L.K.E.R.: Call of Pripyat
    Saints Row: The Third
    Secunia PSI (3.0.0.2004)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Shank
    Sid Meier's Alpha Centauri
    Sid Meier's Civilization V
    Sid Meier's Railroads!
    SimCity 4 Deluxe
    Solar 2
    SotS Tutorial Videos
    Space Pirates and Zombies
    Steam
    Stronghold
    Stronghold 3
    Stronghold Crusader Extreme
    Super Meat Boy
    Superbrothers: Sword & Sworcery EP
    swMSM
    Sword of the Stars
    Sword of the Stars II
    System Requirements Lab CYRI
    TeamSpeak 3 Client
    Terraria
    The Elder Scrolls V: Skyrim
    The Saboteur™
    The Sims™ 3
    The Sims™ 3 Ambitions
    The Sims™ 3 Fast Lane Stuff
    The Sims™ 3 Generations
    The Sims™ 3 High-End Loft Stuff
    The Sims™ 3 Late Night
    The Sims™ 3 Outdoor Living Stuff
    The Sims™ 3 Town Life Stuff
    The Sims™ 3 World Adventures
    The Witcher 2 Enhanced Edition version 3.0
    Tom Clancy's EndWar
    Total War: SHOGUN 2
    Total War: Shogun 2 - TEd
    Tunatic
    Ubisoft Game Launcher
    UFO: Extraterrestrials Gold
    Universe Sandbox
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VLC media player 2.0.1
    Wargame: European Escalation
    Warhammer® 40,000™: Dawn of War® II
    Wings of Prey
    X3: Albion Prelude
    X3: Terran Conflict
    Yahoo! Detect
    .
    ==== Event Viewer Messages From Past Week ========
    .
    25/06/2012 15:40:45, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.359.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    25/06/2012 15:30:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.359.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    02/07/2012 17:41:52, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    02/07/2012 17:41:52, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    02/07/2012 17:41:40, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    02/07/2012 16:33:01, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
    02/07/2012 15:53:06, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    02/07/2012 13:41:41, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    02/07/2012 13:36:14, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    02/07/2012 13:36:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    02/07/2012 13:36:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    02/07/2012 13:36:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    02/07/2012 13:36:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    02/07/2012 13:36:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    02/07/2012 13:36:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    02/07/2012 13:36:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
    02/07/2012 13:36:00, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    02/07/2012 13:36:00, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    02/07/2012 13:36:00, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    02/07/2012 13:36:00, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    02/07/2012 13:36:00, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    02/07/2012 13:36:00, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    02/07/2012 13:36:00, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    02/07/2012 13:36:00, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    02/07/2012 13:36:00, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    02/07/2012 13:36:00, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    01/07/2012 22:03:45, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    01/07/2012 09:29:57, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  3. MrScopes

    MrScopes TS Rookie Topic Starter

    Thanks for the help. Here is the log:
    Scan result of Farbar Recovery Scan Tool Version: 20-06-2012 04
    Ran by SYSTEM at 02-07-2012 16:40:34
    Running from F:\
    Windows 7 Professional (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
    HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1860496 2011-04-13] (Microsoft Corporation)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9454920 2011-12-20] (COMODO)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] "B:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [x]
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKU\Alex B Cranfield\...\Run: [Google Update] "C:\Users\Alex B Cranfield\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-15] (Google Inc.)
    HKU\Alex B Cranfield\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2010-07-23] (Acresso Corporation)
    HKU\Alex B Cranfield\...\Run: [DAEMON Tools Lite] "B:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]
    HKU\Work\...\Run: [QuickTime Task] "B:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [x]
    HKU\Work\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-06-29] (Google Inc.)
    HKU\Work\...\Run: [Google Update] "C:\Users\Work\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-02] (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    AppInit_DLLs: C:\Windows\system32\guard64.dll
    Tcpip\..\Interfaces\{4EF81454-B91D-4384-8F27-B9159AA268D9}: [NameServer]8.26.56.26,156.154.70.22
    Startup: C:\Users\Alex B Cranfield\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

    ==================== Services (Whitelisted) ======

    2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2779416 2011-12-19] (COMODO)
    2 DragonSvc; C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-06-01] ()
    2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [1326176 2012-06-26] (Secunia)
    2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [681056 2012-06-26] (Secunia)

    ========================== Drivers (Whitelisted) =============

    2 acedrv11; C:\Windows\System32\Drivers\acedrv11.sys [191616 2010-02-24] (Protect Software GmbH)
    2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2011-07-06] ()
    1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2011-12-19] (COMODO)
    1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [43248 2011-12-19] (COMODO)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-05-05] (DT Soft Ltd)
    1 inspect; C:\Windows\System32\Drivers\inspect.sys [93200 2011-12-19] (COMODO)
    3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [33792 2005-03-09] ()
    2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2011-07-06] ()

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-02 07:18 - 2012-07-02 07:18 - 00000000 ____D C:\Program Files (x86)\Secunia
    2012-07-02 06:52 - 2012-07-02 06:53 - 00000000 ____D C:\Users\All Users\Comodo
    2012-07-02 06:52 - 2012-07-02 06:52 - 00001846 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
    2012-07-02 06:52 - 2012-07-02 06:52 - 00000000 ____D C:\Program Files\COMODO
    2012-07-01 21:01 - 2012-07-02 07:32 - 00001298 ____A C:\Windows\setupact.log
    2012-07-01 21:01 - 2012-07-01 21:01 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-01 13:18 - 2012-07-01 13:18 - 00000000 ____D C:\Windows\erdnt
    2012-07-01 13:18 - 2012-07-01 13:18 - 00000000 ____D C:\Qoobox
    2012-07-01 13:12 - 2012-07-02 16:40 - 00000000 ____D C:\FRST
    2012-07-01 11:53 - 2012-07-01 12:06 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\.techniclauncher
    2012-06-29 10:08 - 2012-06-29 10:08 - 00000020 ____A C:\Users\Alex B Cranfield\Desktop\seed.txt
    2012-06-26 21:45 - 2012-06-29 07:23 - 00000000 ___RD C:\Users\Alex B Cranfield\Desktop\Split-Screen Minecraft
    2012-06-26 21:40 - 2012-06-26 21:40 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-06-26 21:40 - 2012-06-26 21:40 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-06-26 21:40 - 2012-06-26 21:40 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-06-26 21:40 - 2012-06-26 21:40 - 00000000 ____D C:\Program Files\Java
    2012-06-26 21:27 - 2012-06-26 21:29 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\.minecraft
    2012-06-26 10:43 - 2012-05-04 10:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-06-26 10:42 - 2012-06-26 10:42 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-06-26 10:42 - 2012-06-26 10:42 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-06-25 10:34 - 2012-06-25 10:34 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-06-25 10:34 - 2012-05-04 10:29 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-06-21 09:29 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 09:29 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 09:29 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 09:29 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 09:29 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 09:29 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 09:29 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 09:29 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 09:29 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-20 10:19 - 2012-06-20 10:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5E70A9395C42F257
    2012-06-20 10:16 - 2012-06-20 10:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.13B11F54766E4BC0
    2012-06-20 10:13 - 2012-06-20 10:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2F0EBF178F8CDA76
    2012-06-19 22:08 - 2012-06-19 22:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EFDCF3C0DE9D76C9
    2012-06-19 22:05 - 2012-06-19 22:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7D08DDE78A2C300F
    2012-06-19 22:02 - 2012-06-19 22:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.06350B7DC891B4E7
    2012-06-19 21:59 - 2012-06-19 21:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4CC2CBB91681EA81
    2012-06-19 21:57 - 2012-06-19 21:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0C936E7AC2128E53
    2012-06-19 21:54 - 2012-06-19 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4FB20B60410F182A
    2012-06-19 21:51 - 2012-06-19 21:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A8D6F6D5B515D10C
    2012-06-19 21:48 - 2012-06-19 21:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE31CEB0332A7696
    2012-06-19 21:46 - 2012-06-19 21:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61D33793C4B13E16
    2012-06-19 21:44 - 2012-06-19 21:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8967B0D850F76966
    2012-06-19 21:41 - 2012-06-19 21:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E614E9ACD9D74CA8
    2012-06-19 21:39 - 2012-06-19 21:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.678CB384D2B3CC4B
    2012-06-19 21:36 - 2012-06-19 21:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8364D651D752FEF
    2012-06-19 21:33 - 2012-06-19 21:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D6116BF0D9D71914
    2012-06-17 11:15 - 2012-06-17 11:15 - 00001189 ____A C:\Users\Alex B Cranfield\Desktop\CM Switcher EFLC.lnk
    2012-06-12 22:49 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-12 22:49 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-12 22:49 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-12 22:49 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-12 22:49 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-12 22:49 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-12 22:49 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-12 22:49 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-12 22:49 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-12 22:49 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-12 22:49 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-12 22:49 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-12 22:49 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-12 22:49 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-12 22:49 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-12 22:49 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-12 22:49 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-12 22:49 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-12 22:49 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-12 22:49 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-12 22:49 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-12 22:49 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-12 22:49 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-12 22:49 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-12 22:49 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-12 22:49 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-12 22:49 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-12 22:49 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-12 21:57 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-12 21:57 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-12 21:57 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-12 21:57 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-12 21:57 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-12 21:57 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-12 21:57 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-12 21:57 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-12 21:57 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-12 21:57 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-12 21:57 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-12 21:57 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-12 21:57 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-12 21:57 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-12 21:57 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-12 21:57 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-12 21:57 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-12 08:32 - 2012-06-12 08:32 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\LoneSurvivor
    2012-06-11 12:51 - 2012-06-12 08:16 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Braid
    2012-06-05 15:48 - 2012-06-05 15:48 - 00001769 ____A C:\Users\Alex B Cranfield\Desktop\Skyrim.lnk
    2012-06-05 15:48 - 2012-06-05 15:48 - 00001341 ____A C:\Users\Alex B Cranfield\Desktop\Skyrim.exe - Shortcut.lnk
    2012-06-04 06:58 - 2012-06-04 06:58 - 00001389 ____A C:\Users\Alex B Cranfield\Desktop\Max Payne 3.lnk


    ============ 3 Months Modified Files and Folders =============

    2012-07-02 16:40 - 2012-07-01 13:12 - 00000000 ____D C:\FRST
    2012-07-02 07:32 - 2012-07-01 21:01 - 00001298 ____A C:\Windows\setupact.log
    2012-07-02 07:32 - 2012-04-05 23:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-02 07:32 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-02 07:31 - 2011-06-28 14:53 - 01974868 ____A C:\Windows\WindowsUpdate.log
    2012-07-02 07:28 - 2009-07-13 21:13 - 00800138 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-02 07:20 - 2012-04-05 23:41 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-02 07:20 - 2011-06-29 01:28 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-02 07:18 - 2012-07-02 07:18 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\Secunia PSI
    2012-07-02 07:18 - 2012-07-02 07:18 - 00000000 ____D C:\Program Files (x86)\Secunia
    2012-07-02 07:13 - 2011-06-29 01:28 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-02 07:13 - 2011-06-29 01:28 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-02 07:13 - 2009-07-13 20:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-02 07:13 - 2009-07-13 20:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-02 06:59 - 2011-12-02 06:54 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1006UA.job
    2012-07-02 06:55 - 2011-07-15 16:40 - 00000952 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1000UA.job
    2012-07-02 06:53 - 2012-07-02 06:52 - 00000000 ____D C:\Users\All Users\Comodo
    2012-07-02 06:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
    2012-07-02 06:52 - 2012-07-02 06:52 - 00001846 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
    2012-07-02 06:52 - 2012-07-02 06:52 - 00000000 ____D C:\Program Files\COMODO
    2012-07-02 05:59 - 2011-12-02 06:54 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1006Core.job
    2012-07-02 04:36 - 2011-11-02 09:08 - 00779776 __ASH C:\Users\Alex B Cranfield\Desktop\Thumbs.db
    2012-07-01 22:46 - 2011-12-17 16:48 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\vlc
    2012-07-01 21:01 - 2012-07-01 21:01 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-01 13:43 - 2011-10-09 08:04 - 00000000 ____D C:\tmp
    2012-07-01 13:18 - 2012-07-01 13:18 - 00000000 ____D C:\Windows\erdnt
    2012-07-01 13:18 - 2012-07-01 13:18 - 00000000 ____D C:\Qoobox
    2012-07-01 13:16 - 2011-06-30 05:12 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\DAEMON Tools Lite
    2012-07-01 13:16 - 2011-06-30 04:15 - 00000000 ___RD C:\Users\Alex B Cranfield\Desktop\Office + Media
    2012-07-01 12:06 - 2012-07-01 11:53 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\.techniclauncher
    2012-07-01 11:46 - 2012-05-17 14:59 - 00007609 ____A C:\Users\Alex B Cranfield\AppData\Local\resmon.resmoncfg
    2012-07-01 08:26 - 2011-09-29 11:40 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-07-01 08:26 - 2011-06-29 02:25 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-07-01 08:26 - 2011-06-29 02:25 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-07-01 03:39 - 2011-06-29 01:36 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\uTorrent
    2012-07-01 02:55 - 2011-07-15 16:40 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1000Core.job
    2012-06-29 16:51 - 2011-11-11 03:24 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\Skyrim
    2012-06-29 13:56 - 2012-05-15 03:55 - 00002453 ____A C:\Users\Alex B Cranfield\Desktop\Google Chrome.lnk
    2012-06-29 10:08 - 2012-06-29 10:08 - 00000020 ____A C:\Users\Alex B Cranfield\Desktop\seed.txt
    2012-06-29 07:23 - 2012-06-26 21:45 - 00000000 ___RD C:\Users\Alex B Cranfield\Desktop\Split-Screen Minecraft
    2012-06-26 21:40 - 2012-06-26 21:40 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-06-26 21:40 - 2012-06-26 21:40 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-06-26 21:40 - 2012-06-26 21:40 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-06-26 21:40 - 2012-06-26 21:40 - 00000000 ____D C:\Program Files\Java
    2012-06-26 21:40 - 2012-03-31 03:40 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
    2012-06-26 21:40 - 2011-07-01 03:42 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-06-26 21:29 - 2012-06-26 21:27 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\.minecraft
    2012-06-26 10:42 - 2012-06-26 10:42 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-06-26 10:42 - 2012-06-26 10:42 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-06-26 10:42 - 2011-07-30 17:42 - 00000000 ____D C:\Program Files (x86)\Java
    2012-06-25 10:34 - 2012-06-25 10:34 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-06-24 13:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-06-24 09:28 - 2011-07-14 08:55 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\TS3Client
    2012-06-24 09:28 - 2011-07-14 08:55 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\TeamSpeak 3 Client
    2012-06-20 10:21 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-06-20 10:19 - 2012-06-20 10:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5E70A9395C42F257
    2012-06-20 10:16 - 2012-06-20 10:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.13B11F54766E4BC0
    2012-06-20 10:16 - 2011-11-26 05:58 - 00112264 ____A C:\Users\Work\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-20 10:13 - 2012-06-20 10:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2F0EBF178F8CDA76
    2012-06-19 22:08 - 2012-06-19 22:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EFDCF3C0DE9D76C9
    2012-06-19 22:05 - 2012-06-19 22:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7D08DDE78A2C300F
    2012-06-19 22:02 - 2012-06-19 22:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.06350B7DC891B4E7
    2012-06-19 21:59 - 2012-06-19 21:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4CC2CBB91681EA81
    2012-06-19 21:57 - 2012-06-19 21:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0C936E7AC2128E53
    2012-06-19 21:54 - 2012-06-19 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4FB20B60410F182A
    2012-06-19 21:51 - 2012-06-19 21:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A8D6F6D5B515D10C
    2012-06-19 21:48 - 2012-06-19 21:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE31CEB0332A7696
    2012-06-19 21:46 - 2012-06-19 21:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61D33793C4B13E16
    2012-06-19 21:44 - 2012-06-19 21:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8967B0D850F76966
    2012-06-19 21:41 - 2012-06-19 21:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E614E9ACD9D74CA8
    2012-06-19 21:39 - 2012-06-19 21:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.678CB384D2B3CC4B
    2012-06-19 21:36 - 2012-06-19 21:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8364D651D752FEF
    2012-06-19 21:33 - 2012-06-19 21:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D6116BF0D9D71914
    2012-06-17 11:15 - 2012-06-17 11:15 - 00001189 ____A C:\Users\Alex B Cranfield\Desktop\CM Switcher EFLC.lnk
    2012-06-17 02:24 - 2011-07-06 01:34 - 00000000 ____D C:\Users\All Users\Solidshield
    2012-06-15 15:30 - 2011-06-30 06:11 - 00000000 ____D C:\Windows\SysWOW64\directx
    2012-06-13 05:05 - 2011-06-28 14:56 - 00000000 ____D C:\users\Alex B Cranfield
    2012-06-13 02:15 - 2009-07-13 20:45 - 00423872 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-12 22:53 - 2011-07-18 02:51 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-06-12 08:32 - 2012-06-12 08:32 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\LoneSurvivor
    2012-06-12 08:16 - 2012-06-11 12:51 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Braid
    2012-06-10 22:09 - 2011-10-28 01:54 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
    2012-06-05 15:48 - 2012-06-05 15:48 - 00001769 ____A C:\Users\Alex B Cranfield\Desktop\Skyrim.lnk
    2012-06-05 15:48 - 2012-06-05 15:48 - 00001341 ____A C:\Users\Alex B Cranfield\Desktop\Skyrim.exe - Shortcut.lnk
    2012-06-04 06:58 - 2012-06-04 06:58 - 00001389 ____A C:\Users\Alex B Cranfield\Desktop\Max Payne 3.lnk
    2012-06-03 14:28 - 2011-07-01 22:09 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-03 08:38 - 2011-11-28 11:29 - 00000000 ____D C:\Users\All Users\Rockstar Games
    2012-06-03 08:38 - 2011-06-28 23:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-06-02 14:19 - 2012-06-21 09:29 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 09:29 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 09:29 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 09:29 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 09:29 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-21 09:29 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 09:29 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 06:19 - 2012-06-21 09:29 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 06:15 - 2012-06-21 09:29 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 11:26 - 2011-06-29 02:25 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
    2012-05-31 10:54 - 2012-05-31 10:54 - 00000000 __SHD C:\Users\All Users\SecuROM
    2012-05-29 10:04 - 2012-05-24 05:35 - 00000000 ____D C:\tedbackup
    2012-05-27 21:35 - 2012-05-27 21:35 - 00004096 ____A C:\Users\Public\Documents\000031A7.LCS
    2012-05-27 21:35 - 2012-05-27 21:35 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\ProtectDISC
    2012-05-27 20:48 - 2012-05-27 20:48 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\Ironfront
    2012-05-26 08:19 - 2012-05-26 08:19 - 00000000 ____D C:\Program Files\WinRAR
    2012-05-26 08:16 - 2012-05-26 08:13 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Wroom
    2012-05-26 08:13 - 2011-07-22 10:55 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-05-26 08:13 - 2011-07-22 10:55 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-05-26 08:13 - 2011-07-22 10:55 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-05-26 08:13 - 2011-07-22 10:55 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-05-25 11:32 - 2012-05-19 07:27 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Activision
    2012-05-25 11:11 - 2012-05-25 11:11 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\MoreTerra
    2012-05-21 22:07 - 2012-05-21 22:06 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\ArmA 2
    2012-05-21 22:01 - 2012-05-21 22:01 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\Spirited_Machine
    2012-05-21 21:55 - 2012-05-21 21:55 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Spirited Machine
    2012-05-21 21:39 - 2011-06-29 01:29 - 00785606 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-05-21 21:30 - 2012-05-21 21:14 - 00000000 ____D C:\Users\All Users\ManiaPlanet
    2012-05-17 18:47 - 2012-06-12 22:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-12 22:49 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-12 22:49 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-12 22:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-12 22:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-12 22:49 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-12 22:49 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-12 22:49 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-12 22:49 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-12 22:49 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-12 22:49 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-12 22:49 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-12 22:49 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-12 22:49 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-12 22:49 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 15:11 - 2011-06-29 01:29 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-05-17 15:10 - 2012-05-17 15:10 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-05-17 15:10 - 2012-05-17 15:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-05-17 14:58 - 2012-05-17 14:58 - 00906006 ____A C:\Users\Alex B Cranfield\AppData\Local\census.cache
    2012-05-17 14:57 - 2012-05-17 14:57 - 00128152 ____A C:\Users\Alex B Cranfield\AppData\Local\ars.cache
    2012-05-17 14:51 - 2012-05-17 14:51 - 00000036 ____A C:\Users\Alex B Cranfield\AppData\Local\housecall.guid.cache
    2012-05-17 14:48 - 2012-06-12 22:49 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-12 22:49 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-12 22:49 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-12 22:49 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-12 22:49 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-12 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-12 22:49 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-12 22:49 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-12 22:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-12 22:49 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-12 22:49 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-12 22:49 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-12 22:49 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-17 09:26 - 2011-12-19 06:34 - 00000000 ____D C:\Windows\Minidump
    2012-05-17 09:24 - 2012-05-17 09:24 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Malwarebytes
    2012-05-17 09:23 - 2012-05-17 09:23 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-05-17 09:23 - 2012-05-17 09:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-05-16 06:28 - 2012-05-16 06:04 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\ArmA 2 OA
    2012-05-16 05:39 - 2012-05-16 05:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Chart Controls
    2012-05-15 03:55 - 2011-06-29 01:28 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\Google
    2012-05-14 17:32 - 2012-06-12 21:57 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-14 12:15 - 2012-05-14 12:15 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-05-13 23:50 - 2012-05-13 15:34 - 00000000 ____D C:\Users\Alex B Cranfield\Desktop\SC4 Maps
    2012-05-13 01:32 - 2012-05-12 01:51 - 00000528 ____A C:\Windows\eReg.dat
    2012-05-12 03:06 - 2012-05-12 03:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-05-12 03:06 - 2012-05-12 03:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-10 22:43 - 2009-07-13 23:47 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-07 03:15 - 2011-09-29 11:40 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\PunkBuster
    2012-05-06 08:14 - 2012-05-06 08:13 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\SniperV2
    2012-05-06 08:10 - 2011-11-28 12:06 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\SKIDROW
    2012-05-06 06:21 - 2012-05-06 06:21 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Google
    2012-05-05 02:07 - 2012-05-05 02:07 - 00000000 ____D C:\Users\All Users\ATI
    2012-05-05 01:52 - 2012-05-05 01:52 - 00000000 ____D C:\Program Files (x86)\AMD AVT
    2012-05-05 01:52 - 2012-05-05 01:52 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2012-05-05 01:52 - 2012-04-18 10:45 - 00000000 ____D C:\Users\All Users\AMD
    2012-05-05 01:52 - 2011-06-28 15:03 - 00000000 ____D C:\Program Files\ATI Technologies
    2012-05-05 01:43 - 2011-06-28 15:05 - 00112264 ____A C:\Users\Alex B Cranfield\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-05 01:42 - 2011-06-30 05:12 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
    2012-05-05 01:38 - 2012-05-05 01:38 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-05-04 16:43 - 2012-05-04 16:43 - 00000000 ____D C:\Program Files (x86)\BRS
    2012-05-04 16:43 - 2011-07-22 10:55 - 00000000 ____D C:\Users\All Users\Codemasters
    2012-05-04 16:43 - 2011-07-22 10:55 - 00000000 ____D C:\Program Files (x86)\OpenAL
    2012-05-04 10:29 - 2012-06-26 10:43 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-05-04 10:29 - 2012-06-25 10:34 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-05-04 10:29 - 2011-07-30 17:42 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-05-04 03:06 - 2012-06-12 21:57 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-12 21:57 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-12 21:57 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-01 10:47 - 2012-02-14 07:59 - 00000000 ____D C:\Users\Alex B Cranfield\Desktop\pics
    2012-04-30 21:40 - 2012-06-12 21:57 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-29 01:13 - 2012-04-29 01:08 - 00000000 ____D C:\Program Files (x86)\Bid-O-Matic
    2012-04-27 19:55 - 2012-06-12 21:57 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-26 11:08 - 2012-05-17 10:42 - 55656824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-04-26 10:01 - 2012-04-26 09:59 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Mount&Blade With Fire and Sword
    2012-04-25 21:41 - 2012-06-12 21:57 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-12 21:57 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-12 21:57 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 21:37 - 2012-06-12 21:57 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-12 21:57 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-12 21:57 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-12 21:57 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-12 21:57 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-12 21:57 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-23 07:51 - 2012-04-23 07:51 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\The Witcher 2
    2012-04-23 07:34 - 2012-04-23 01:04 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Crayon Physics Deluxe
    2012-04-23 02:08 - 2012-04-23 02:03 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Mount&Blade Warband
    2012-04-21 08:41 - 2012-04-21 08:41 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
    2012-04-20 13:58 - 2011-10-13 21:33 - 00001804 ____A C:\Users\Alex B Cranfield\Desktop\Games.lnk
    2012-04-20 11:13 - 2011-06-29 01:28 - 00000000 ____D C:\Program Files (x86)\Google
    2012-04-19 02:37 - 2012-04-19 02:37 - 00000295 ____A C:\Windows\EReg072.dat
    2012-04-18 10:43 - 2012-04-18 10:43 - 00601728 ____A C:\Windows\System32\atiicdxx.dat
    2012-04-18 10:42 - 2012-04-18 10:42 - 00157144 ____A C:\Windows\SysWOW64\ativvsva.dat
    2012-04-18 10:42 - 2012-04-18 10:42 - 00157144 ____A C:\Windows\System32\ativvsva.dat
    2012-04-18 10:41 - 2012-04-18 10:41 - 00204952 ____A C:\Windows\SysWOW64\ativvsvl.dat
    2012-04-18 10:41 - 2012-04-18 10:41 - 00204952 ____A C:\Windows\System32\ativvsvl.dat
    2012-04-14 05:47 - 2012-04-14 05:47 - 00020761 ____A C:\Windows\System32\hs_err_pid4696.log
    2012-04-11 15:57 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-04-07 04:31 - 2012-06-12 21:57 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 03:26 - 2012-06-12 21:57 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-04-06 15:43 - 2012-04-06 15:43 - 00000050 ____A C:\user.js
    2012-04-06 15:43 - 2012-04-06 15:43 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Mozilla
    2012-04-06 15:43 - 2012-04-06 15:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-04-06 15:43 - 2012-04-06 15:42 - 00000000 ____D C:\Program Files (x86)\fbphotozoom
    2012-04-06 08:39 - 2011-11-26 05:58 - 00000000 ____D C:\users\Work
    2012-04-06 08:39 - 2009-07-13 23:45 - 00000000 ___RD C:\Users\Public\Recorded TV
    2012-04-06 08:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2012-04-05 21:22 - 2012-04-05 21:22 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\System32\atiapfxx.blb
    2012-04-05 18:22 - 2012-04-05 18:22 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-04-05 18:21 - 2012-04-18 10:41 - 00909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-04-05 18:20 - 2010-09-28 17:54 - 01067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-04-05 18:16 - 2012-04-05 18:16 - 00503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-04-05 18:16 - 2012-04-05 18:16 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-04-05 18:16 - 2012-04-05 18:16 - 00236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-04-05 18:14 - 2012-04-05 18:14 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-04-05 18:14 - 2012-04-05 18:14 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-04-05 18:14 - 2012-04-05 18:14 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-04-05 18:14 - 2012-04-05 18:14 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-04-05 18:13 - 2012-04-05 18:13 - 06800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-04-05 18:10 - 2012-04-05 18:10 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-04-05 18:00 - 2010-09-28 17:23 - 00064000 ____A (AMD) C:\Windows\System32\coinst.dll
    2012-04-05 17:54 - 2010-09-28 17:37 - 07479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-04-05 17:50 - 2012-04-05 17:50 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-04-05 17:35 - 2012-04-05 17:35 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
    2012-04-05 17:34 - 2012-04-18 10:43 - 06203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-04-05 17:34 - 2012-04-05 17:34 - 04731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-04-05 17:34 - 2012-04-05 17:34 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
    2012-04-05 17:30 - 2012-04-05 17:30 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-04-05 17:30 - 2012-04-05 17:30 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-04-05 17:30 - 2012-04-05 17:30 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-04-05 17:30 - 2012-04-05 17:30 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-04-05 17:29 - 2012-04-05 17:29 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-04-05 17:29 - 2012-04-05 17:29 - 02631008 ____A C:\Windows\System32\atiumd6a.cap
    2012-04-05 17:25 - 2012-04-05 17:25 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-04-05 17:23 - 2012-04-05 17:23 - 07431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-04-05 17:22 - 2012-04-18 10:42 - 04795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-04-05 17:21 - 2012-04-05 17:21 - 02664704 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-04-05 17:11 - 2012-04-05 17:11 - 00514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-04-05 17:10 - 2012-04-05 17:10 - 00343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-04-05 17:10 - 2012-04-05 17:10 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-04-05 17:09 - 2012-04-05 17:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-04-05 17:09 - 2012-04-05 17:09 - 00044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-04-05 17:09 - 2012-04-05 17:09 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-04-05 17:09 - 2010-09-28 17:14 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-04-05 17:09 - 2010-09-28 17:13 - 00032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-04-05 13:34 - 2012-04-05 13:34 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-04-05 13:34 - 2012-04-05 13:34 - 00074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-04-05 13:34 - 2012-04-05 13:34 - 00064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-04-05 13:33 - 2012-04-05 13:33 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-04-05 13:33 - 2012-04-05 13:33 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-04-05 13:33 - 2012-04-05 13:33 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-04-05 13:32 - 2012-04-05 13:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-04-04 06:56 - 2012-05-17 09:23 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

    ZeroAccess:
    C:\Windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}
    C:\Windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\L
    C:\Windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 9%
    Total physical RAM: 8168.82 MB
    Available physical RAM: 7387.63 MB
    Total Pagefile: 8166.97 MB
    Available Pagefile: 7388.04 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive b: (Main Drive Volume) (Fixed) (Total:931.41 GB) (Free:285.71 GB) NTFS
    2 Drive c: () (Fixed) (Total:59.62 GB) (Free:11.11 GB) NTFS
    3 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    5 Drive f: (UDISK 2.0) (Removable) (Total:0.96 GB) (Free:0.84 GB) FAT
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 59 GB 0 B
    Disk 1 Online 931 GB 1024 KB *
    Disk 2 Online 981 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 59 GB 1024 KB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 59 GB Healthy

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Dynamic Data 992 KB 31 KB
    Partition 2 Dynamic Data 100 MB 1024 KB
    Partition 3 Dynamic Data 931 GB 101 MB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 42
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Disk: 1
    Partition 2
    Type : 42
    Hidden: Yes
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 D System Rese NTFS Simple 100 MB Healthy

    ======================================================================================================

    Disk: 1
    Partition 3
    Type : 42
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 B Main Drive NTFS Simple 931 GB Healthy

    ======================================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 980 MB 16 KB

    ======================================================================================================

    Disk: 2
    Partition 1
    Type : 0E
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F UDISK 2.0 FAT Removable 980 MB Healthy

    ======================================================================================================

    ==========================================================

    Last Boot: 2012-07-02 03:52

    ======================= End Of Log ==========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  5. MrScopes

    MrScopes TS Rookie Topic Starter

    I have followed these instruction with the exception of uninstalling the COMODO firwall when COMBOFIX complained about it running. Here are the Logs. Thanks for this.
    ======
    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012 04
    Ran by SYSTEM at 2012-07-04 20:07:58 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\System32\services.exe.5E70A9395C42F257 moved successfully.
    C:\Windows\System32\services.exe.13B11F54766E4BC0 moved successfully.
    C:\Windows\System32\services.exe.2F0EBF178F8CDA76 moved successfully.
    C:\Windows\System32\services.exe.EFDCF3C0DE9D76C9 moved successfully.
    C:\Windows\System32\services.exe.7D08DDE78A2C300F moved successfully.
    C:\Windows\System32\services.exe.06350B7DC891B4E7 moved successfully.
    C:\Windows\System32\services.exe.4CC2CBB91681EA81 moved successfully.
    C:\Windows\System32\services.exe.0C936E7AC2128E53 moved successfully.
    C:\Windows\System32\services.exe.4FB20B60410F182A moved successfully.
    C:\Windows\System32\services.exe.A8D6F6D5B515D10C moved successfully.
    C:\Windows\System32\services.exe.DE31CEB0332A7696 moved successfully.
    C:\Windows\System32\services.exe.61D33793C4B13E16 moved successfully.
    C:\Windows\System32\services.exe.8967B0D850F76966 moved successfully.
    C:\Windows\System32\services.exe.E614E9ACD9D74CA8 moved successfully.
    C:\Windows\System32\services.exe.678CB384D2B3CC4B moved successfully.
    C:\Windows\System32\services.exe.F8364D651D752FEF moved successfully.
    C:\Windows\System32\services.exe.D6116BF0D9D71914 moved successfully.
    C:\Windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea} moved successfully.

    ==== End of Fixlog ====

    ComboFix 12-07-04.04 - Alex B Cranfield 04/07/2012 20:38:16.1.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8169.6637 [GMT 1:00]
    Running from: G:\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
    SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    B:\install.exe
    c:\programdata\ntuser.dat
    c:\users\Alex B Cranfield\AppData\Roaming\7za.exe
    c:\users\Alex B Cranfield\AppData\Roaming\a.7z
    c:\users\Alex B Cranfield\AppData\Roaming\Google\Update\1
    c:\users\Alex B Cranfield\AppData\Roaming\Google\Update\1\SD\m.txt
    c:\users\Alex B Cranfield\AppData\Roaming\Google\Update\1\SD\s.txt
    c:\users\Alex B Cranfield\AppData\Roaming\googleoez.txt
    c:\users\Alex B Cranfield\AppData\Roaming\Microsoft\Windows\Recent\Battlefield 3.url
    c:\users\Alex B Cranfield\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
    c:\windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\@
    c:\windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\L\00000004.@
    c:\windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\L\1afb2d56
    c:\windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\L\201d3dde
    c:\windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\U\000000cb.@
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-04 19:40 . 2012-07-04 19:40--------d-----w-c:\users\Work\AppData\Local\temp
    2012-07-04 19:40 . 2012-07-04 19:40--------d-----w-c:\users\Default\AppData\Local\temp
    2012-07-04 19:37 . 2012-07-04 19:37--------d-----w-c:\program files\COMODO
    2012-07-04 15:50 . 2012-05-17 23:12927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{465F2705-7F7C-4337-B6D0-F6B77C4A76BD}\gapaengine.dll
    2012-07-04 15:50 . 2012-05-31 04:049013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3705E7D0-03CC-4E9C-B2F1-9EA08883A137}\mpengine.dll
    2012-07-03 05:39 . 2012-05-31 04:049013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-02 15:18 . 2012-07-02 15:18--------d-----w-c:\users\Alex B Cranfield\AppData\Local\Secunia PSI
    2012-07-02 15:18 . 2012-07-02 15:18--------d-----w-c:\program files (x86)\Secunia
    2012-07-02 14:52 . 2012-07-02 16:11--------d-----w-c:\programdata\Comodo
    2012-07-01 21:12 . 2012-07-03 00:40--------d-----w-C:\FRST
    2012-07-01 19:53 . 2012-07-01 20:06--------d-----w-c:\users\Alex B Cranfield\AppData\Roaming\.techniclauncher
    2012-06-27 05:40 . 2012-06-27 05:40--------d-----w-c:\program files\Java
    2012-06-27 05:27 . 2012-06-27 05:29--------d-----w-c:\users\Alex B Cranfield\AppData\Roaming\.minecraft
    2012-06-26 18:43 . 2012-06-26 18:43--------d-----w-c:\program files (x86)\Common Files\Java
    2012-06-25 18:34 . 2012-06-25 18:34--------d-----w-c:\program files (x86)\Oracle
    2012-06-25 18:34 . 2012-05-04 18:29772504----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-06-21 17:29 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-21 17:29 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-21 17:29 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
    2012-06-21 17:29 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-21 17:29 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
    2012-06-21 17:29 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-21 17:29 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
    2012-06-21 17:29 . 2012-06-02 14:19186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-21 17:29 . 2012-06-02 14:1536864----a-w-c:\windows\system32\wuapp.exe
    2012-06-13 10:28 . 2012-05-17 23:12927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-06-13 05:57 . 2012-04-26 05:4177312----a-w-c:\windows\system32\rdpwsx.dll
    2012-06-12 16:32 . 2012-06-12 16:32--------d-----w-c:\users\Alex B Cranfield\AppData\Roaming\LoneSurvivor
    2012-06-11 20:51 . 2012-06-12 16:16--------d-----w-c:\users\Alex B Cranfield\AppData\Roaming\Braid
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-02 15:20 . 2012-04-06 07:41426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-02 15:20 . 2011-06-29 09:2870344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-01 16:26 . 2011-09-29 19:40283304----a-w-c:\windows\SysWow64\PnkBstrB.xtr
    2012-07-01 16:26 . 2011-06-29 10:25283304----a-w-c:\windows\SysWow64\PnkBstrB.exe
    2012-07-01 16:26 . 2011-06-29 10:25280904----a-w-c:\windows\SysWow64\PnkBstrB.ex0
    2012-06-27 05:40 . 2012-03-31 11:40955840----a-w-c:\windows\system32\npdeployJava1.dll
    2012-06-27 05:40 . 2011-07-01 11:42839096----a-w-c:\windows\system32\deployJava1.dll
    2012-06-20 18:21 . 2009-07-13 23:19328704----a-w-c:\windows\system32\services.exe
    2012-06-01 19:26 . 2011-06-29 10:2576888----a-w-c:\windows\SysWow64\PnkBstrA.exe
    2012-05-26 16:13 . 2011-07-22 18:55466456----a-w-c:\windows\system32\wrap_oal.dll
    2012-05-26 16:13 . 2011-07-22 18:55444952----a-w-c:\windows\SysWow64\wrap_oal.dll
    2012-05-26 16:13 . 2011-07-22 18:55122904----a-w-c:\windows\system32\OpenAL32.dll
    2012-05-26 16:13 . 2011-07-22 18:55109080----a-w-c:\windows\SysWow64\OpenAL32.dll
    2012-05-05 09:38 . 2012-05-05 09:38283200----a-w-c:\windows\system32\drivers\dtsoftbus01.sys
    2012-05-04 18:29 . 2011-07-31 01:42687504----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-04-06 05:22 . 2012-04-06 05:2211174400----a-w-c:\windows\system32\drivers\atikmdag.sys
    2012-04-06 02:22 . 2012-04-06 02:22159744----a-w-c:\windows\system32\atiapfxx.exe
    2012-04-06 02:21 . 2012-04-18 18:41909312----a-w-c:\windows\SysWow64\aticfx32.dll
    2012-04-06 02:20 . 2010-09-29 01:541067520----a-w-c:\windows\system32\aticfx64.dll
    2012-04-06 02:16 . 2012-04-06 02:16442368----a-w-c:\windows\system32\ATIDEMGX.dll
    2012-04-06 02:16 . 2012-04-06 02:16503808----a-w-c:\windows\system32\atieclxx.exe
    2012-04-06 02:16 . 2012-04-06 02:16236544----a-w-c:\windows\system32\atiesrxx.exe
    2012-04-06 02:14 . 2012-04-06 02:14120320----a-w-c:\windows\system32\atitmm64.dll
    2012-04-06 02:14 . 2012-04-06 02:1421504----a-w-c:\windows\system32\atimuixx.dll
    2012-04-06 02:14 . 2012-04-06 02:1459392----a-w-c:\windows\system32\atiedu64.dll
    2012-04-06 02:14 . 2012-04-06 02:1443520----a-w-c:\windows\SysWow64\ati2edxx.dll
    2012-04-06 02:13 . 2012-04-06 02:136800896----a-w-c:\windows\SysWow64\atidxx32.dll
    2012-04-06 02:10 . 2012-04-06 02:1026181632----a-w-c:\windows\system32\atio6axx.dll
    2012-04-06 02:00 . 2010-09-29 01:2364000----a-w-c:\windows\system32\coinst.dll
    2012-04-06 01:54 . 2010-09-29 01:377479296----a-w-c:\windows\system32\atidxx64.dll
    2012-04-06 01:50 . 2012-04-06 01:5019753984----a-w-c:\windows\SysWow64\atioglxx.dll
    2012-04-06 01:35 . 2012-04-06 01:351120768----a-w-c:\windows\system32\atiumd6v.dll
    2012-04-06 01:34 . 2012-04-06 01:341831424----a-w-c:\windows\SysWow64\atiumdmv.dll
    2012-04-06 01:34 . 2012-04-06 01:344731904----a-w-c:\windows\system32\atiumd6a.dll
    2012-04-06 01:34 . 2012-04-18 18:436203392----a-w-c:\windows\SysWow64\atiumdag.dll
    2012-04-06 01:30 . 2012-04-06 01:3051200----a-w-c:\windows\system32\aticalrt64.dll
    2012-04-06 01:30 . 2012-04-06 01:3046080----a-w-c:\windows\SysWow64\aticalrt.dll
    2012-04-06 01:30 . 2012-04-06 01:3044544----a-w-c:\windows\system32\aticalcl64.dll
    2012-04-06 01:30 . 2012-04-06 01:3044032----a-w-c:\windows\SysWow64\aticalcl.dll
    2012-04-06 01:29 . 2012-04-06 01:2916090624----a-w-c:\windows\system32\aticaldd64.dll
    2012-04-06 01:25 . 2012-04-06 01:2513764096----a-w-c:\windows\SysWow64\aticaldd.dll
    2012-04-06 01:23 . 2012-04-06 01:237431680----a-w-c:\windows\system32\atiumd64.dll
    2012-04-06 01:22 . 2012-04-18 18:424795904----a-w-c:\windows\SysWow64\atiumdva.dll
    2012-04-06 01:11 . 2012-04-06 01:11514560----a-w-c:\windows\system32\atiadlxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11360448----a-w-c:\windows\SysWow64\atiadlxy.dll
    2012-04-06 01:11 . 2012-04-06 01:1117408----a-w-c:\windows\system32\atig6pxx.dll
    2012-04-06 01:11 . 2012-04-06 01:1114848----a-w-c:\windows\SysWow64\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:1114848----a-w-c:\windows\system32\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:1141984----a-w-c:\windows\system32\atig6txx.dll
    2012-04-06 01:10 . 2012-04-06 01:1033280----a-w-c:\windows\SysWow64\atigktxx.dll
    2012-04-06 01:10 . 2012-04-06 01:10343040----a-w-c:\windows\system32\drivers\atikmpag.sys
    2012-04-06 01:09 . 2010-09-29 01:1454784----a-w-c:\windows\system32\atiuxp64.dll
    2012-04-06 01:09 . 2012-04-06 01:0941984----a-w-c:\windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09 . 2012-04-06 01:0944544----a-w-c:\windows\system32\atiu9p64.dll
    2012-04-06 01:09 . 2010-09-29 01:1332256----a-w-c:\windows\SysWow64\atiu9pag.dll
    2012-04-06 01:09 . 2012-04-06 01:0953248----a-w-c:\windows\system32\drivers\ati2erec.dll
    2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\atimpc64.dll
    2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\amdpcom64.dll
    2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\atimpc32.dll
    2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\amdpcom32.dll
    2012-04-05 21:34 . 2012-04-05 21:34187392----a-w-c:\windows\system32\clinfo.exe
    2012-04-05 21:34 . 2012-04-05 21:3474752----a-w-c:\windows\system32\OpenVideo64.dll
    2012-04-05 21:34 . 2012-04-05 21:3464512----a-w-c:\windows\SysWow64\OpenVideo.dll
    2012-04-05 21:33 . 2012-04-05 21:3363488----a-w-c:\windows\system32\OVDecode64.dll
    2012-04-05 21:33 . 2012-04-05 21:3356320----a-w-c:\windows\SysWow64\OVDecode.dll
    2012-04-05 21:33 . 2012-04-05 21:3316457216----a-w-c:\windows\system32\amdocl64.dll
    2012-04-05 21:32 . 2012-04-05 21:3213007872----a-w-c:\windows\SysWow64\amdocl.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "DAEMON Tools Lite"="b:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "QuickTime Task"="b:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-6-27 572000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 136176]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-06-27 681056]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 257224]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 136176]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-03 1255736]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-05 283200]
    S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
    S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-06-27 1326176]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
    .
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{000784d3-969a-11e1-8214-f46d043a072e}]
    \shell\AutoRun\command - F:\autorun2.exe /autorun
    \shell\goodies\command - f:\goodies\ar505enu.exe
    \shell\log\command - f:\goodies\machine\machine.exe -l
    \shell\machine\command - f:\goodies\machine\machine.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:20]
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 09:28]
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 09:28]
    .
    2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1000Core.job
    - c:\users\Alex B Cranfield\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 00:40]
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1000UA.job
    - c:\users\Alex B Cranfield\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 00:40]
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1006Core.job
    - c:\users\Work\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 14:54]
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1006UA.job
    - c:\users\Work\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 14:54]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://start.funmoods.com/?f=1&a=nv1
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{4EF81454-B91D-4384-8F27-B9159AA268D9}: NameServer = 8.26.56.26,156.154.70.22
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Sid Meier's Alpha Centauri - b:\program files (x86)\Firaxis Games\Sid Meier's Alpha Centauri\Uninst.isu
    AddRemove-{8C3727F2-8E37-49E4-820C-03B1677F53B6} - c:\program files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3507175674-1591832934-3731166373-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:ee,02,f1,16,01,ec,ec,17,81,f3,4b,16,d5,33,dd,93,52,5f,12,cd,e8,7f,d3,
    7c,7a,53,c7,df,f9,21,1c,c4,59,9a,b0,0f,05,cc,5a,54,e8,97,a1,8a,20,bf,fd,66,\
    "??"=hex:d5,ca,29,05,79,32,36,4d,92,58,b4,49,7f,2e,99,a3
    .
    [HKEY_USERS\S-1-5-21-3507175674-1591832934-3731166373-1000\Software\SecuROM\License information*]
    "datasecu"=hex:cc,53,14,9a,af,b1,63,0c,21,32,ca,9d,d0,4c,c4,84,58,38,18,2d,af,
    a9,2f,4a,85,db,0f,3d,b9,6a,dc,43,e5,f5,4e,e9,53,0c,58,8e,f1,6a,cb,4c,3b,1c,\
    "rkeysecu"=hex:b7,22,7d,08,43,ec,15,9c,b1,60,be,d5,a9,da,71,9d
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\PnkBstrA.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-04 20:42:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-04 19:42
    .
    Pre-Run: 11,584,548,864 bytes free
    Post-Run: 11,463,495,680 bytes free
    .
    - - End Of File - - 5F132459B3791F15646A982211381D2A
     
  6. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Looks good :)

    Any current issues?

    =================================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ============================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. MrScopes

    MrScopes TS Rookie Topic Starter

    No issues so far. Here are the logs
    =============
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.01.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Alex B Cranfield :: AC-PC [administrator]

    04/07/2012 21:11:23
    mbam-log-2012-07-04 (21-11-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 239147
    Time elapsed: 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    =========
    OTL logfile created on: 04/07/2012 21:13:47 - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = G:\
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    7.98 Gb Total Physical Memory | 6.54 Gb Available Physical Memory | 82.03% Memory free
    15.95 Gb Paging File | 14.28 Gb Available in Paging File | 89.54% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 59.62 Gb Total Space | 10.75 Gb Free Space | 18.02% Space Free | Partition Type: NTFS
    Drive F: | 591.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 980.72 Mb Total Space | 959.11 Mb Free Space | 97.80% Space Free | Partition Type: FAT

    Computer Name: AC-PC | User Name: Alex B Cranfield | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/04 21:08:30 | 000,595,968 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
    PRC - [2012/06/27 08:25:06 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
    PRC - [2012/06/27 08:25:04 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    PRC - [2012/06/01 20:26:33 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2010/09/30 22:26:54 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    PRC - [2010/07/23 17:46:02 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2010/07/23 14:19:26 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/04/06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/08/12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/07/02 16:20:29 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/27 08:25:06 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2012/06/27 08:25:04 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2012/06/01 20:26:33 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/03/21 07:24:08 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/07/23 14:19:26 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/05/05 10:38:37 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/04/06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/04/06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/12/16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
    DRV:64bit: - [2011/07/06 10:30:26 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
    DRV:64bit: - [2011/07/06 10:30:26 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
    DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/09/21 07:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
    DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2010/02/24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=nv1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B CE B7 75 35 36 CC 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {B2588E23-F3A0-4776-B291-FCF9977A320C}
    IE - HKCU\..\SearchScopes\{B2588E23-F3A0-4776-B291-FCF9977A320C}: "URL" = http://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex B Cranfield\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex B Cranfield\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Alex B Cranfield\AppData\Roaming\IDM\idmmzcc5

    [2012/04/07 00:43:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex B Cranfield\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
    [2012/04/07 00:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = B:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = B:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = B:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = B:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = B:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = B:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = B:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
    CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - Extension: YouTube = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Fast save = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfkldcdlaoihmldmhbcjdkbioaegdgh\1.1_0\
    CHR - Extension: Heroes & Generals updater (live) = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdbmojodailncinonfdhpafgopelmbj\1.0.3.5_0\
    CHR - Extension: FBPHOTOZOOM = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.9_0\
    CHR - Extension: Gmail = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/04 20:41:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [DAEMON Tools Lite] B:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
    O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EF81454-B91D-4384-8F27-B9159AA268D9}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EF81454-B91D-4384-8F27-B9159AA268D9}: NameServer = 8.26.56.26,156.154.70.22
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2002/09/22 00:09:24 | 000,000,337 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
    O32 - AutoRun File - [2002/09/10 03:18:28 | 000,049,152 | R--- | M] (Microsoft Corporation) - F:\AUTORUN2.EXE -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/04 20:42:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/04 20:41:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/07/04 20:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2012/07/04 20:37:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/04 20:37:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/04 20:37:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/04 20:35:36 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/07/02 16:18:49 | 000,000,000 | ---D | C] -- C:\Users\Alex B Cranfield\AppData\Local\Secunia PSI
    [2012/07/02 16:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
    [2012/07/02 15:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2012/07/01 22:18:09 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/01 22:18:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/01 22:12:07 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/01 20:53:20 | 000,000,000 | ---D | C] -- C:\Users\Alex B Cranfield\AppData\Roaming\.techniclauncher
    [2012/06/27 06:45:17 | 000,000,000 | R--D | C] -- C:\Users\Alex B Cranfield\Desktop\Split-Screen Minecraft
    [2012/06/27 06:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2012/06/27 06:27:52 | 000,000,000 | ---D | C] -- C:\Users\Alex B Cranfield\AppData\Roaming\.minecraft
    [2012/06/26 19:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/06/25 19:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
    [2012/06/17 20:15:32 | 000,000,000 | ---D | C] -- C:\Users\Alex B Cranfield\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Carmageddon EFLC 2.0.1.1
    [2012/06/17 10:10:27 | 000,000,000 | ---D | C] -- B:\Alex B Cranfield\Documents\Criterion Games
    [2012/06/12 17:32:20 | 000,000,000 | ---D | C] -- C:\Users\Alex B Cranfield\AppData\Roaming\LoneSurvivor
    [2012/06/11 21:51:54 | 000,000,000 | ---D | C] -- C:\Users\Alex B Cranfield\AppData\Roaming\Braid
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/04 21:13:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/04 21:12:24 | 000,800,138 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/04 21:12:24 | 000,678,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/04 21:12:24 | 000,131,204 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/04 21:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/04 20:55:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1000UA.job
    [2012/07/04 20:53:05 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/04 20:53:05 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/04 20:46:18 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/04 20:46:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/04 20:45:59 | 2129,256,447 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/04 20:41:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/04 20:32:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1006UA.job
    [2012/07/04 06:32:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1006Core.job
    [2012/07/03 16:49:38 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1000Core.job
    [2012/07/02 16:18:42 | 000,001,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    [2012/07/01 20:46:16 | 000,007,609 | ---- | M] () -- C:\Users\Alex B Cranfield\AppData\Local\resmon.resmoncfg
    [2012/07/01 17:26:36 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2012/07/01 17:26:36 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/07/01 17:26:10 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2012/06/29 22:56:20 | 000,002,453 | ---- | M] () -- C:\Users\Alex B Cranfield\Desktop\Google Chrome.lnk
    [2012/06/17 20:15:32 | 000,001,189 | ---- | M] () -- C:\Users\Alex B Cranfield\Desktop\CM Switcher EFLC.lnk
    [2012/06/13 11:15:24 | 000,423,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/06 00:48:55 | 000,001,769 | ---- | M] () -- C:\Users\Alex B Cranfield\Desktop\Skyrim.lnk
    [2012/06/06 00:48:46 | 000,001,341 | ---- | M] () -- C:\Users\Alex B Cranfield\Desktop\Skyrim.exe - Shortcut.lnk
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/04 20:37:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/04 20:37:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/04 20:37:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/04 20:37:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/04 20:37:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/02 16:18:42 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    [2012/07/02 16:18:42 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
    [2012/06/17 20:15:32 | 000,001,189 | ---- | C] () -- C:\Users\Alex B Cranfield\Desktop\CM Switcher EFLC.lnk
    [2012/06/06 00:48:55 | 000,001,769 | ---- | C] () -- C:\Users\Alex B Cranfield\Desktop\Skyrim.lnk
    [2012/06/06 00:48:46 | 000,001,341 | ---- | C] () -- C:\Users\Alex B Cranfield\Desktop\Skyrim.exe - Shortcut.lnk
    [2012/05/17 23:59:21 | 000,007,609 | ---- | C] () -- C:\Users\Alex B Cranfield\AppData\Local\resmon.resmoncfg
    [2012/05/17 23:58:01 | 000,906,006 | ---- | C] () -- C:\Users\Alex B Cranfield\AppData\Local\census.cache
    [2012/05/17 23:57:54 | 000,128,152 | ---- | C] () -- C:\Users\Alex B Cranfield\AppData\Local\ars.cache
    [2012/05/17 23:51:58 | 000,000,036 | ---- | C] () -- C:\Users\Alex B Cranfield\AppData\Local\housecall.guid.cache
    [2012/05/12 10:51:51 | 000,000,528 | ---- | C] () -- C:\Windows\eReg.dat
    [2012/04/19 11:37:56 | 000,000,295 | ---- | C] () -- C:\Windows\EReg072.dat
    [2012/04/18 19:42:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/04/18 19:41:00 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2011/12/29 17:44:07 | 000,001,235 | ---- | C] () -- C:\Users\Alex B Cranfield\AppData\Roaming\SAS7_000.DAT
    [2011/12/24 20:47:30 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2011/10/30 21:25:16 | 000,003,584 | ---- | C] () -- C:\Users\Alex B Cranfield\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/10/30 13:51:26 | 000,080,593 | ---- | C] () -- C:\Users\Alex B Cranfield\bad trip.jpg
    [2011/10/19 12:14:37 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
    [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/08/26 23:14:11 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
    [2011/06/29 19:25:31 | 000,000,104 | ---- | C] () -- C:\Users\Alex B Cranfield\AppData\Local\fusioncache.dat
    [2011/06/29 11:25:25 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/06/29 11:25:24 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011/06/29 11:25:23 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
    [2011/06/29 10:29:44 | 000,785,606 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/06/29 08:25:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2011/06/29 08:25:48 | 000,028,905 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2011/06/29 00:04:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

    ========== LOP Check ==========

    [2012/06/27 06:29:44 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\.minecraft
    [2012/07/01 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\.techniclauncher
    [2012/05/25 20:32:05 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Activision
    [2011/07/06 17:56:52 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\AtomZombieData
    [2011/12/24 22:01:21 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2012/02/03 20:25:56 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\BigHugeEngine
    [2011/10/09 19:23:36 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Blender Foundation
    [2012/06/12 17:16:14 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Braid
    [2011/12/24 20:47:30 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Broken Rules
    [2012/03/09 17:57:12 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Cobra Mobile
    [2012/04/23 16:34:08 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Crayon Physics Deluxe
    [2012/07/01 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\DAEMON Tools Lite
    [2012/01/02 19:40:00 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\DMCache
    [2011/12/20 13:17:12 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\fltk.org
    [2011/07/04 19:24:16 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\FUEL
    [2011/10/30 22:39:52 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Graphisoft
    [2012/06/12 17:32:20 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\LoneSurvivor
    [2011/12/29 21:32:39 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\MinMaxGames
    [2012/05/25 20:11:01 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\MoreTerra
    [2011/08/26 23:20:06 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\MotioninJoy
    [2012/04/23 11:08:26 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Mount&Blade Warband
    [2012/04/26 19:01:00 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Mount&Blade With Fire and Sword
    [2011/12/29 17:18:49 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Nuance
    [2011/10/28 10:06:27 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Origin
    [2012/05/28 06:35:36 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\ProtectDISC
    [2011/12/16 10:01:02 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\PunkBuster
    [2012/05/22 06:55:56 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Spirited Machine
    [2011/06/29 19:20:44 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Stardock
    [2011/12/11 18:18:05 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Stylus Studio
    [2011/12/30 22:36:16 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\System
    [2011/09/25 15:40:31 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\SystemRequirementsLab
    [2011/07/06 11:39:08 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\The Creative Assembly
    [2012/06/24 18:28:38 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\TS3Client
    [2011/12/01 19:44:24 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Ubisoft
    [2012/07/01 12:39:28 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\uTorrent
    [2012/05/26 17:16:01 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Wroom
    [2011/12/30 22:37:45 | 000,000,000 | -HSD | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\wyUpdate AU
    [2011/09/23 06:21:59 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\XRay Engine
    [2012/03/13 07:20:36 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8
    < End of report >
     
  8. MrScopes

    MrScopes TS Rookie Topic Starter

    Also this log:

    OTL Extras logfile created on: 04/07/2012 21:13:47 - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = G:\
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    7.98 Gb Total Physical Memory | 6.54 Gb Available Physical Memory | 82.03% Memory free
    15.95 Gb Paging File | 14.28 Gb Available in Paging File | 89.54% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 59.62 Gb Total Space | 10.75 Gb Free Space | 18.02% Space Free | Partition Type: NTFS
    Drive F: | 591.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 980.72 Mb Total Space | 959.11 Mb Free Space | 97.80% Space Free | Partition Type: FAT

    Computer Name: AC-PC | User Name: Alex B Cranfield | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
    "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{391ED0B2-B886-A6D0-B1A6-C25A7FE5B452}" = ATI AVIVO64 Codecs
    "{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
    "{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
    "{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4F8A27CA-6788-7965-3259-5C3B9C37FCD8}" = ATI Problem Report Wizard
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
    "Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
    "Microsoft Security Client" = Microsoft Security Essentials
    "PROSetDX" = Intel(R) Network Connections 15.6.25.0
    "WinRAR archiver" = WinRAR 4.00 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
    "{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
    "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
    "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
    "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
    "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
    "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A49BF17-D3D0-49F1-B17E-ACAE15F94CE2}}_is1" = New Star Soccer 5 v1.07
    "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
    "{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
    "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
    "{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = The Saboteur™
    "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
    "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
    "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
    "{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™
    "{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
    "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
    "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
    "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
    "{93DF9F1F-17EB-82C0-F82B-9ABC230D6DE5}" = Application Profiles
    "{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
    "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
    "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
    "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C4AB18B3-CA6C-1A25-4766-E2CE3F706B3C}" = BBC iPlayer Desktop
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
    "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
    "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
    "{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
    "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
    "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
    "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse®
    "{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
    "{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
    "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
    "Bid-O-Matic v2.14.8" = Bid-O-Matic v2.14.8
    "Call of Pripyat Complete_is1" = Call of Pripyat Complete v1.0.2
    "Carmageddon EFLC 2.0.1.1" = Carmageddon EFLC 2.0.1.1
    "Cheat Engine 6.1_is1" = Cheat Engine 6.1
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "ESN Sonar-0.70.0" = ESN Sonar
    "ESN Sonar-0.70.4" = ESN Sonar
    "Fallout New Vegas_is1" = Fallout New Vegas
    "Frozen Synapse_is1" = Frozen Synapse
    "GameSpy Arcade" = GameSpy Arcade
    "Impulse®" = Impulse®
    "Jagged Alliance 2 Gold_is1" = Jagged Alliance 2 Gold
    "Jagged Alliance 2_is1" = Jagged Alliance 2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "MechWarrior Mercenaries" = MechWarrior 4 Mercenaries
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "OpenAL" = OpenAL
    "Origin" = Origin
    "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
    "PunkBusterSvc" = PunkBuster Services
    "Rockstar Games Social Club" = Rockstar Games Social Club
    "S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky
    "Secunia PSI" = Secunia PSI (3.0.0.2004)
    "Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
    "Steam App 102600" = Orcs Must Die!
    "Steam App 10500" = Empire: Total War
    "Steam App 105600" = Terraria
    "Steam App 107100" = Bastion
    "Steam App 107200" = Space Pirates and Zombies
    "Steam App 115200" = Cossacks II: Napoleonic Wars
    "Steam App 115210" = American Conquest
    "Steam App 115220" = American Conquest - Fight Back
    "Steam App 12120" = Grand Theft Auto: San Andreas
    "Steam App 12210" = Grand Theft Auto IV
    "Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
    "Steam App 1250" = Killing Floor
    "Steam App 12750" = GRID
    "Steam App 12800" = FUEL
    "Steam App 12900" = Audiosurf
    "Steam App 1500" = Darwinia
    "Steam App 1520" = DEFCON
    "Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
    "Steam App 200900" = Cave Story+
    "Steam App 201310" = X3: Albion Prelude
    "Steam App 202480" = Creation Kit
    "Steam App 202920" = Total War: Shogun 2 - TEd
    "Steam App 204060" = Superbrothers: Sword & Sworcery EP
    "Steam App 20540" = Company of Heroes: Tales of Valor
    "Steam App 208140" = Endless Space
    "Steam App 209830" = Lone Survivor
    "Steam App 2100" = Dark Messiah Might and Magic Single Player
    "Steam App 21800" = Tom Clancy's EndWar
    "Steam App 22100" = Mount & Blade
    "Steam App 26800" = Braid
    "Steam App 26900" = Crayon Physics Deluxe
    "Steam App 2820" = X3: Terran Conflict
    "Steam App 300" = Day of Defeat: Source
    "Steam App 33460" = From Dust
    "Steam App 34030" = Napoleon: Total War
    "Steam App 34330" = Total War: SHOGUN 2
    "Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
    "Steam App 37030" = UFO: Extraterrestrials Gold
    "Steam App 3720" = Evil Genius
    "Steam App 3830" = Psychonauts
    "Steam App 38740" = EDGE
    "Steam App 400" = Portal
    "Steam App 40800" = Super Meat Boy
    "Steam App 40950" = Stronghold
    "Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
    "Steam App 41800" = Gratuitous Space Battles
    "Steam App 42990" = Sword of the Stars II
    "Steam App 45300" = Wings of Prey
    "Steam App 4560" = Company of Heroes
    "Steam App 4700" = Medieval II: Total War
    "Steam App 47400" = Stronghold 3
    "Steam App 4760" = Rome: Total War Gold Edition
    "Steam App 4770" = Rome: Total War - Alexander
    "Steam App 4780" = Medieval II: Total War Kingdoms
    "Steam App 48000" = LIMBO
    "Steam App 4850" = Cossacks: Back to War
    "Steam App 4870" = Cossacks: Art of War
    "Steam App 48700" = Mount & Blade: Warband
    "Steam App 48720" = Mount & Blade: With Fire and Sword
    "Steam App 4880" = Cossacks: European Wars
    "Steam App 4890" = Cossacks II: Battle for Europe
    "Steam App 550" = Left 4 Dead 2
    "Steam App 55040" = Atom Zombie Smasher
    "Steam App 55100" = HOMEFRONT
    "Steam App 55230" = Saints Row: The Third
    "Steam App 57300" = Amnesia: The Dark Descent
    "Steam App 58610" = Wargame: European Escalation
    "Steam App 6120" = Shank
    "Steam App 63710" = BIT.TRIP RUNNER
    "Steam App 6860" = Hitman: Blood Money
    "Steam App 72200" = Universe Sandbox
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "Steam App 7600" = Sid Meier's Railroads!
    "Steam App 8190" = Just Cause 2
    "Steam App 8930" = Sid Meier's Civilization V
    "Steam App 91310" = Dead Island
    "Steam App 9200" = RAGE
    "Steam App 94200" = Jamestown
    "Steam App 97000" = Solar 2
    "Sword of the Stars" = Sword of the Stars
    "Sword of the Stars Tutorial Videos" = SotS Tutorial Videos
    "The Witcher 2 Enhanced Edition_is1" = The Witcher 2 Enhanced Edition version 3.0
    "Tunatic" = Tunatic
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.1
    "YTdetect" = Yahoo! Detect

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "Google Chrome" = Google Chrome
    "TeamSpeak 3 Client" = TeamSpeak 3 Client

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 17/06/2012 17:00:01 | Computer Name = AC-PC | Source = Windows Backup | ID = 4103
    Description =

    Error - 22/06/2012 16:54:36 | Computer Name = AC-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: ja2.exe, version: 1.0.0.1, time stamp:
    0x4efad373 Faulting module name: ja2.exe, version: 1.0.0.1, time stamp: 0x4efad373
    Exception
    code: 0xc0000005 Fault offset: 0x003d21a7 Faulting process id: 0x908 Faulting application
    start time: 0x01cd50b923a7c5cd Faulting application path: B:\Program Files (x86)\Strategy
    First\Jagged Alliance 2\ja2.exe Faulting module path: B:\Program Files (x86)\Strategy
    First\Jagged Alliance 2\ja2.exe Report Id: 79935ea3-bcac-11e1-b747-f46d043a072e

    Error - 23/06/2012 06:32:21 | Computer Name = AC-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wmplayer.exe, version: 12.0.7601.17514,
    time stamp: 0x4ce7a485 Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000005 Fault offset: 0x7d3966ff Faulting process id:
    0x16c0 Faulting application start time: 0x01cd5126ed986cf1 Faulting application path:
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe Faulting module path: unknown
    Report
    Id: b68331b4-bd1e-11e1-b747-f46d043a072e

    Error - 23/06/2012 09:20:27 | Computer Name = AC-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wmplayer.exe, version: 12.0.7601.17514,
    time stamp: 0x4ce7a485 Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000005 Fault offset: 0x1d8815ff Faulting process id:
    0x11b4 Faulting application start time: 0x01cd512b7afa1b6f Faulting application path:
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe Faulting module path: unknown
    Report
    Id: 323b592c-bd36-11e1-b747-f46d043a072e

    Error - 24/06/2012 17:00:01 | Computer Name = AC-PC | Source = Windows Backup | ID = 4103
    Description =

    Error - 25/06/2012 12:06:18 | Computer Name = AC-PC | Source = Application Hang | ID = 1002
    Description = The program java.exe version 6.0.310.5 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: ff8 Start Time:
    01cd52ec5b544f2d Termination Time: 9 Application Path: C:\Program Files (x86)\Java\jre6\bin\java.exe

    Report
    Id: b1311e74-bedf-11e1-8279-f46d043a072e

    Error - 26/06/2012 14:35:06 | Computer Name = AC-PC | Source = Application Hang | ID = 1002
    Description = The program chrome.exe version 19.0.1084.56 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1328 Start
    Time: 01cd535d7679b5db Termination Time: 0 Application Path: C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\Application\chrome.exe

    Report
    Id:

    Error - 29/06/2012 12:17:01 | Computer Name = AC-PC | Source = Application Hang | ID = 1002
    Description = The program java.exe version 7.0.50.5 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 98c8 Start Time:
    01cd560b22a82b37 Termination Time: 336 Application Path: C:\Program Files\Java\jre7\bin\java.exe

    Report
    Id: da06f254-c205-11e1-8279-f46d043a072e

    Error - 01/07/2012 12:19:29 | Computer Name = AC-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: chrome.exe, version: 20.0.1132.47, time
    stamp: 0x4fec0d4d Faulting module name: npesnlaunch.dll, version: 1.122.0.0, time
    stamp: 0x4facdbb2 Exception code: 0xc0000005 Fault offset: 0x00006d0e Faulting process
    id: 0x520 Faulting application start time: 0x01cd57a4fcbc23f6 Faulting application
    path: C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\Application\chrome.exe
    Faulting
    module path: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
    Report
    Id: 87ff7ad2-c398-11e1-b741-f46d043a072e

    Error - 01/07/2012 17:08:45 | Computer Name = AC-PC | Source = System Restore | ID = 8193
    Description =

    Error - 01/07/2012 17:20:42 | Computer Name = AC-PC | Source = Windows Backup | ID = 4103
    Description =

    [ Media Center Events ]
    Error - 08/10/2011 22:22:37 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
    Description = 03:22:37 - Error connecting to the internet. 03:22:37 - Unable
    to contact server..

    Error - 08/10/2011 22:22:45 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
    Description = 03:22:44 - Error connecting to the internet. 03:22:44 - Unable
    to contact server..

    Error - 22/10/2011 22:57:44 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
    Description = 03:57:44 - Failed to retrieve Directory (Error: The remote name could
    not be resolved: 'data.tvdownload.microsoft.com')

    Error - 25/10/2011 22:59:58 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
    Description = 03:59:57 - Error connecting to the internet. 03:59:57 - Unable
    to contact server..

    Error - 27/11/2011 22:32:11 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
    Description = 02:32:11 - Failed to retrieve Directory (Error: The remote name could
    not be resolved: 'data.tvdownload.microsoft.com')

    Error - 20/12/2011 22:29:40 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
    Description = 02:29:40 - Error connecting to the internet. 02:29:40 - Unable
    to contact server..

    Error - 20/12/2011 22:29:50 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
    Description = 02:29:47 - Error connecting to the internet. 02:29:47 - Unable
    to contact server..

    Error - 20/12/2011 23:31:19 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
    Description = 03:31:10 - Failed to retrieve MCEClientUX (Error: The underlying connection
    was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


    Error - 21/12/2011 00:31:35 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
    Description = 04:31:34 - Error connecting to the internet. 04:31:34 - Unable
    to contact server..

    Error - 21/12/2011 01:31:46 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
    Description = 05:31:45 - Error connecting to the internet. 05:31:45 - Unable
    to contact server..

    [ System Events ]
    Error - 04/07/2012 15:09:19 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 04/07/2012 15:20:35 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7024
    Description = The Windows Firewall service terminated with service-specific error
    %%5.

    Error - 04/07/2012 15:20:51 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 04/07/2012 15:20:51 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 04/07/2012 15:35:47 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 04/07/2012 15:35:47 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 04/07/2012 15:39:10 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 04/07/2012 15:40:09 | Computer Name = AC-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 04/07/2012 15:40:27 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 04/07/2012 15:41:08 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126


    < End of report >
     
  9. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  10. MrScopes

    MrScopes TS Rookie Topic Starter

    Well, I'm not sure. I've run the recommended tests but it can't finish the ESET. First it froze at about 30%, so restarted with the on-off switch. Next it arrived at 99% complete but continued scanning for so long that I went to bed. This morning BSOD - I've recorded the error codes if required. I've restarted and the ESET scan is running now.

    Another note, I've been using Chrome browser, so I decided to try IE which we rarely use. I find it has an unremovable FunMoods BHO as the default search. This was an issue last year which I thought had been resolved.

    I'll be back with the ESET results after I give it another chance.

    ===============
    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Secunia PSI (3.0.0.2004)
    JavaFX 2.1.1
    Java(TM) 7 Update 5
    Out of date Java installed!
    Adobe Flash Player11.3.300.262
    Adobe Reader X (10.1.3)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````
    Farbar Service Scanner Version: 02-07-2012
    Ran by Alex B Cranfield (administrator) on 04-07-2012 at 21:54:12
    Running from "G:\"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.
    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    **** End of log ****
     
  11. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Let's see if we can get rid of of FunMoods.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=nv1
      IE - HKCU\..\SearchScopes\{B2588E23-F3A0-4776-B291-FCF9977A320C}: "URL" = http://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms}
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
     
  12. MrScopes

    MrScopes TS Rookie Topic Starter

    Thanks for that. It seems to have zapped Funmood. I've set it to work with the ESET scan again as I need to go to bed. Thanks for all your help.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Very well :)
     
  14. MrScopes

    MrScopes TS Rookie Topic Starter

    Well, the scan had crashed into a black screen by this morning. One thing I didn't mention is that the Windows Firewall is resurrected and I've uninstalled the Comodo Firewall.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Instead of Eset...

    Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
     
  16. MrScopes

    MrScopes TS Rookie Topic Starter

    Hello,
    Here is the F-Secure Online Scanner. Looks good -- only tracking cookies. I also ran the F-secure Easy Clean and it reported clean as well. Perhaps the machine is cleaned and crashes have another cause?

    Regards
    Larry

    Scanning Report

    Saturday, July 7, 2012 05:56:17 - 06:23:58

    Computer name: AC-PC
    Scanning type: Quick scan
    Target: System


    20 malware found

    TrackingCookie.Questionmarket (spyware)
    • System (Disinfected)
    TrackingCookie.2o7 (spyware)
    • System (Disinfected)
    TrackingCookie.Advertising (spyware)
    • System (Disinfected)
    TrackingCookie.Atdmt (spyware)
    • System (Disinfected)
    TrackingCookie.Adtech (spyware)
    • System (Disinfected)
    TrackingCookie.Adform (spyware)
    • System (Disinfected)
    TrackingCookie.Doubleclick (spyware)
    • System (Disinfected)
    TrackingCookie.Revsci (spyware)
    • System (Disinfected)
    TrackingCookie.WebTrendsLive (spyware)
    • System (Disinfected)
    TrackingCookie.Zanox (spyware)
    • System (Disinfected)
    TrackingCookie.Fastclick (spyware)
    • System (Disinfected)
    TrackingCookie.Mookie (spyware)
    • System (Disinfected)
    TrackingCookie.Adbrite (spyware)
    • System (Disinfected)
    TrackingCookie.Xiti (spyware)
    • System (Disinfected)
    TrackingCookie.Webtrends (spyware)
    • System (Disinfected)
    TrackingCookie.Mediaplex (spyware)
    • System (Disinfected)
    TrackingCookie.Tradedoubler (spyware)
    • System (Disinfected)
    TrackingCookie.Statcounter (spyware)
    • System (Disinfected)
    TrackingCookie.Atwola (spyware)
    • System (Disinfected)
    TrackingCookie.Yieldmanager (spyware)
    • System (Disinfected)

    Statistics

    Scanned:
    • Files: 5816
    • System: 5816
    • Not scanned: 0
    Actions:
    • Disinfected: 20
    • Renamed: 0
    • Deleted: 0
    • Not cleaned: 0
    • Submitted: 0

    Options

    Scanning engines:

    Copyright © 1998-2009 Product support | Send virus sample to F-Secure

    F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Uninstall JavaFX 2.1.1.

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    This is incorrect log.
    You clicked on "Scan" button instead of "Fix" button.
    Redo.
     
  19. MrScopes

    MrScopes TS Rookie Topic Starter

    Yes, Here it is
    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Alex B Cranfield
    ->Temp folder emptied: 4430010 bytes
    ->Temporary Internet Files folder emptied: 9418118 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 175282421 bytes
    ->Flash cache emptied: 5351 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Work
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 31688 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 1363999061 bytes

    Total Files Cleaned = 1,481.00 mb


    [EMPTYFLASH]

    User: Alex B Cranfield
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Work
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Alex B Cranfield
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Work
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.53.1 log created on 07082012_190328

    Files\Folders moved on Reboot...
    C:\Users\Alex B Cranfield\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Alex B Cranfield\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{14E0690C-9349-41D1-925D-FEC1AB495594}.tmp not found!
    File\Folder C:\Users\Alex B Cranfield\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C19B2548-6DEC-4298-8ACD-65D0717E39E3}.tmp not found!

    PendingFileRenameOperations files...
    File C:\Users\Alex B Cranfield\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\Alex B Cranfield\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{14E0690C-9349-41D1-925D-FEC1AB495594}.tmp not found!
    File C:\Users\Alex B Cranfield\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C19B2548-6DEC-4298-8ACD-65D0717E39E3}.tmp not found!

    Registry entries deleted on Reboot...
     
  20. Broni

    Broni Malware Annihilator Posts: 52,895   +344

     
  21. MrScopes

    MrScopes TS Rookie Topic Starter

    It is crashing every hour or two.

    Here is a log on that:

    Problem signature:
    Problem Event Name:BlueScreen
    OS Version:6.1.7601.2.1.0.256.48
    Locale ID:2057

    Additional information about the problem:
    BCCode:1000007e
    BCP1:FFFFFFFF80000003
    BCP2:FFFFF800030D2FD0
    BCP3:FFFFF88003362298
    BCP4:FFFFF88003361AF0
    OS Version:6_1_7601
    Service Pack:1_0
    Product:256_1

    Files that help describe the problem:
    C:\Windows\Minidump\070812-11715-01.dmp
    C:\Users\Alex B Cranfield\AppData\Local\Temp\WER-21418-0.sysdata.xml

    Read our privacy statement online:
    http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

    If the online privacy statement is not available, please read our privacy statement offline:
    C:\Windows\system32\en-US\erofflps.txt
     
  22. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Download BlueScreenView
    No installation required.
    Double click on BlueScreenView.exe file to run the program.
    When scanning is done, go Edit>Select All.
    Go File>Save Selected Items, and save the report as BSOD.txt.
    Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
     
  23. MrScopes

    MrScopes TS Rookie Topic Starter

    Yes. There are only two .dmp logs in the /minidump folder despite many more crashes.
    There one from yesterday and one today. Here is the latest. The first two line weres highlighted as the offenders. I renamed MijXfilt.sys to MijXfilt.bk and rebooted but the crashes continue. MijXfilt.sys is a game controller driver which is not being used at this time.
    ==============

    070812-11715-01.dmp08/07/2012 10:42:13SYSTEM_THREAD_EXCEPTION_NOT_HANDLED0x1000007effffffff`80000003fffff800`030d2fd0fffff880`03362298fffff880`03361af0Wdf01000.sysWdf01000.sys+1e289x64ntoskrnl.exe+76fd0C:\Windows\Minidump\070812-11715-01.dmp8157601276,928
    -------------------

    MijXfilt.sysMijXfilt.sys+2689fffff880`011c2000fffff880`011de0000x0001c0000x4d1d8c1e31/12/2010 08:54:06
    Wdf01000.sysWdf01000.sys+1e289fffff880`00e97000fffff880`00f3b0000x000a40000x4a5bc19f14/07/2009 00:22:07
    ntoskrnl.exefffff800`0305c000fffff800`036440000x005e80000x4fa390f304/05/2012 09:18:59Microsoft® Windows® Operating SystemNT Kernel & System6.1.7601.17835 (win7sp1_gdr.120503-2030)Microsoft CorporationC:\Windows\system32\ntoskrnl.exe
    hal.dllfffff800`03013000fffff800`0305c0000x000490000x4ce7c66920/11/2010 14:00:25
    kdcom.dllfffff800`00bd1000fffff800`00bdb0000x0000a0000x4d4d806105/02/2011 17:52:49
    mcupdate_GenuineIntel.dllfffff880`00cd2000fffff880`00d210000x0004f0000x4ce7c73720/11/2010 14:03:51
    PSHED.dllfffff880`00d21000fffff880`00d350000x000140000x4a5be02714/07/2009 02:32:23Microsoft® Windows® Operating SystemPlatform Specific Hardware Error Driver6.1.7600.16385 (win7_rtm.090713-1255)Microsoft CorporationC:\Windows\system32\PSHED.dll
    CLFS.SYSfffff880`00d35000fffff880`00d930000x0005e0000x4a5bc11d14/07/2009 00:19:57
    CI.dllfffff880`00c00000fffff880`00cc00000x000c00000x4ce7c94420/11/2010 14:12:36
    WDFLDR.SYSfffff880`00f3b000fffff880`00f4a0000x0000f0000x4a5bc11a14/07/2009 00:19:54
    ACPI.sysfffff880`00f4a000fffff880`00fa10000x000570000x4ce7929420/11/2010 10:19:16
    WMILIB.SYSfffff880`00fa1000fffff880`00faa0000x000090000x4a5bc11714/07/2009 00:19:51
    msisadrv.sysfffff880`00faa000fffff880`00fb40000x0000a0000x4a5bc0fe14/07/2009 00:19:26
    pci.sysfffff880`00fb4000fffff880`00fe70000x000330000x4ce7928f20/11/2010 10:19:11
    vdrvroot.sysfffff880`00fe7000fffff880`00ff40000x0000d0000x4a5bcadb14/07/2009 01:01:31
    partmgr.sysfffff880`00e00000fffff880`00e150000x000150000x4f641bc117/03/2012 06:06:09
    volmgr.sysfffff880`00e15000fffff880`00e2a0000x000150000x4ce792a020/11/2010 10:19:28
    volmgrx.sysfffff880`00e2a000fffff880`00e860000x0005c0000x4ce792eb20/11/2010 10:20:43
    pciide.sysfffff880`00e86000fffff880`00e8d0000x000070000x4a5bc11514/07/2009 00:19:49
    PCIIDEX.SYSfffff880`00cc0000fffff880`00cd00000x000100000x4a5bc11414/07/2009 00:19:48
    mountmgr.sysfffff880`00d93000fffff880`00dad0000x0001a0000x4ce7929920/11/2010 10:19:21
    vmbus.sysfffff880`00dad000fffff880`00de90000x0003c0000x4ce79b8920/11/2010 10:57:29
    winhv.sysfffff880`00de9000fffff880`00dfd0000x000140000x4ce792c220/11/2010 10:20:02
    atapi.sysfffff880`00e8d000fffff880`00e960000x000090000x4a5bc11314/07/2009 00:19:47
    ataport.SYSfffff880`0108f000fffff880`010b90000x0002a0000x4ce7929320/11/2010 10:19:15
    msahci.sysfffff880`010b9000fffff880`010c40000x0000b0000x4ce7a41620/11/2010 11:33:58
    amdxata.sysfffff880`010c4000fffff880`010cf0000x0000b0000x4ba3a3ca19/03/2010 17:18:18
    fltmgr.sysfffff880`010cf000fffff880`0111b0000x0004c0000x4ce7929c20/11/2010 10:19:24
    fileinfo.sysfffff880`0111b000fffff880`0112f0000x000140000x4a5bc48114/07/2009 00:34:25
    MpFilter.sysfffff880`0112f000fffff880`011640000x000350000x4f59e3f609/03/2012 12:05:26
    Ntfs.sysfffff880`0125d000fffff880`014000000x001a30000x4d79997b11/03/2011 04:39:39
    msrpc.sysfffff880`01164000fffff880`011c20000x0005e0000x4ce7933420/11/2010 10:21:56
    ksecdd.sysfffff880`01200000fffff880`0121b0000x0001b0000x4ec483fd17/11/2011 04:48:13
    cng.sysfffff880`01000000fffff880`010720000x000720000x4ec48c3517/11/2011 05:23:17
    pcw.sysfffff880`0121b000fffff880`0122c0000x000110000x4a5bc0ff14/07/2009 00:19:27
    Fs_Rec.sysfffff880`0122c000fffff880`012360000x0000a0000x4f4eefd201/03/2012 04:41:06
    ndis.sysfffff880`0142b000fffff880`0151e0000x000f30000x4ce7939220/11/2010 10:23:30
    NETIO.SYSfffff880`0151e000fffff880`0157e0000x000600000x4ce7938120/11/2010 10:23:13
    ksecpkg.sysfffff880`0157e000fffff880`015a90000x0002b0000x4ec48c5017/11/2011 05:23:44
    tcpip.sysfffff880`0169c000fffff880`0189f0000x002030000x4f75701230/03/2012 09:34:26
    fwpkclnt.sysfffff880`0189f000fffff880`018e90000x0004a0000x4ce7932120/11/2010 10:21:37
    vmstorfl.sysfffff880`018e9000fffff880`018f90000x000100000x4ce79b8a20/11/2010 10:57:30
    volsnap.sysfffff880`018f9000fffff880`019450000x0004c0000x4ce792c820/11/2010 10:20:08
    spldr.sysfffff880`01945000fffff880`0194d0000x000080000x4a0858bb11/05/2009 17:56:27
    rdyboost.sysfffff880`0194d000fffff880`019870000x0003a0000x4ce7982e20/11/2010 10:43:10
    mup.sysfffff880`01987000fffff880`019990000x000120000x4a5bc20114/07/2009 00:23:45
    hwpolicy.sysfffff880`01999000fffff880`019a20000x000090000x4ce7927e20/11/2010 10:18:54
    fvevol.sysfffff880`019a2000fffff880`019dc0000x0003a0000x4ce793b620/11/2010 10:24:06
    disk.sysfffff880`019dc000fffff880`019f20000x000160000x4a5bc11d14/07/2009 00:19:57
    CLASSPNP.SYSfffff880`01600000fffff880`016300000x000300000x4ce7929b20/11/2010 10:19:23
    cdrom.sysfffff880`01668000fffff880`016920000x0002a0000x4ce7929820/11/2010 10:19:20
    Null.SYSfffff880`01692000fffff880`0169b0000x000090000x4a5bc10914/07/2009 00:19:37
    Beep.SYSfffff880`019f2000fffff880`019f90000x000070000x4a5bca8d14/07/2009 01:00:13
    vga.sysfffff880`015a9000fffff880`015b70000x0000e0000x4a5bc58714/07/2009 00:38:47
    VIDEOPRT.SYSfffff880`015b7000fffff880`015dc0000x000250000x4a5bc58b14/07/2009 00:38:51
    watchdog.sysfffff880`015dc000fffff880`015ec0000x000100000x4a5bc53f14/07/2009 00:37:35
    RDPCDD.sysfffff880`015ec000fffff880`015f50000x000090000x4a5bce6214/07/2009 01:16:34
    rdpencdd.sysfffff880`015f5000fffff880`015fe0000x000090000x4a5bce6214/07/2009 01:16:34
    rdprefmp.sysfffff880`01400000fffff880`014090000x000090000x4a5bce6314/07/2009 01:16:35
    Msfs.SYSfffff880`01409000fffff880`014140000x0000b0000x4a5bc11314/07/2009 00:19:47
    Npfs.SYSfffff880`01414000fffff880`014250000x000110000x4a5bc11414/07/2009 00:19:48
    tdx.sysfffff880`01236000fffff880`012580000x000220000x4ce7933220/11/2010 10:21:54
    TDI.SYSfffff880`01072000fffff880`0107f0000x0000d0000x4ce7933e20/11/2010 10:22:06
    afd.sysfffff880`04019000fffff880`040a20000x000890000x4efa941828/12/2011 04:59:20
    netbt.sysfffff880`040a2000fffff880`040e70000x000450000x4ce7938620/11/2010 10:23:18
    ws2ifsl.sysfffff880`040e7000fffff880`040f20000x0000b0000x4a5bccf914/07/2009 01:10:33
    wfplwf.sysfffff880`040f2000fffff880`040fb0000x000090000x4a5bccb614/07/2009 01:09:26
    pacer.sysfffff880`040fb000fffff880`041210000x000260000x4ce7a86220/11/2010 11:52:18
    netbios.sysfffff880`04121000fffff880`041300000x0000f0000x4a5bccb614/07/2009 01:09:26
    serial.sysfffff880`04130000fffff880`0414d0000x0001d0000x4a5bcaa814/07/2009 01:00:40
    wanarp.sysfffff880`0414d000fffff880`041680000x0001b0000x4ce7a87420/11/2010 11:52:36
    termdd.sysfffff880`04168000fffff880`0417c0000x000140000x4ce7ab0c20/11/2010 12:03:40
    rdbss.sysfffff880`0417c000fffff880`041cd0000x000510000x4ce7949720/11/2010 10:27:51
    nsiproxy.sysfffff880`041cd000fffff880`041d90000x0000c0000x4a5bc15e14/07/2009 00:21:02
    mssmbios.sysfffff880`041d9000fffff880`041e40000x0000b0000x4a5bc3be14/07/2009 00:31:10
    discache.sysfffff880`041e4000fffff880`041f30000x0000f0000x4a5bc52e14/07/2009 00:37:18
    csc.sysfffff880`02cd6000fffff880`02d590000x000830000x4ce7947020/11/2010 10:27:12
    dfsc.sysfffff880`02d59000fffff880`02d770000x0001e0000x4ce7944720/11/2010 10:26:31
    blbdrive.sysfffff880`02d77000fffff880`02d880000x000110000x4a5bc4df14/07/2009 00:35:59
    tunnel.sysfffff880`02d88000fffff880`02dae0000x000260000x4ce7a84620/11/2010 11:51:50
    atikmpag.sysfffff880`02c00000fffff880`02c5a0000x0005a0000x4f7e429406/04/2012 02:10:44
    atikmdag.sysfffff880`04820000fffff880`0531a0000x00afa0000x4f7e4b6906/04/2012 02:48:25
    dxgkrnl.sysfffff880`044e9000fffff880`045dd0000x000f40000x4ce799fa20/11/2010 10:50:50
    dxgmms1.sysfffff880`04400000fffff880`044460000x000460000x4ce799c120/11/2010 10:49:53
    HDAudBus.sysfffff880`04446000fffff880`0446a0000x000240000x4ce7a65e20/11/2010 11:43:42
    HECIx64.sysfffff880`0446a000fffff880`0447b0000x000110000x4cbe2ad720/10/2010 00:33:43
    e1c62x64.sysfffff880`0447b000fffff880`044ca0000x0004f0000x4c9924d721/09/2010 22:34:15
    usbehci.sysfffff880`044ca000fffff880`044db0000x000110000x4d8c0c0025/03/2011 04:29:04
    USBPORT.SYSfffff880`0531a000fffff880`053700000x000560000x4d8c0c0825/03/2011 04:29:12
    1394ohci.sysfffff880`05370000fffff880`053ae0000x0003e0000x4ce7a6a820/11/2010 11:44:56
    serenum.sysfffff880`044db000fffff880`044e70000x0000c0000x4a5bcaa114/07/2009 01:00:33
    wmiacpi.sysfffff880`045dd000fffff880`045e60000x000090000x4a5bc3b614/07/2009 00:31:02
    intelppm.sysfffff880`045e6000fffff880`045fc0000x000160000x4a5bc0fd14/07/2009 00:19:25
    CompositeBus.sysfffff880`053ae000fffff880`053be0000x000100000x4ce7a3ed20/11/2010 11:33:17
    AgileVpn.sysfffff880`053be000fffff880`053d40000x000160000x4a5bccf014/07/2009 01:10:24
    rasl2tp.sysfffff880`053d4000fffff880`053f80000x000240000x4ce7a87220/11/2010 11:52:34
    ndistapi.sysfffff880`04800000fffff880`0480c0000x0000c0000x4a5bccd814/07/2009 01:10:00
    ndiswan.sysfffff880`02c5a000fffff880`02c890000x0002f0000x4ce7a87020/11/2010 11:52:32
    raspppoe.sysfffff880`02c89000fffff880`02ca40000x0001b0000x4a5bcce914/07/2009 01:10:17
    raspptp.sysfffff880`02ca4000fffff880`02cc50000x000210000x4ce7a86f20/11/2010 11:52:31
    rassstp.sysfffff880`02dae000fffff880`02dc80000x0001a0000x4a5bccf114/07/2009 01:10:25
    rdpbus.sysfffff880`0480c000fffff880`048170000x0000b0000x4a5bceaa14/07/2009 01:17:46
    kbdclass.sysfffff880`02dc8000fffff880`02dd70000x0000f0000x4a5bc11614/07/2009 00:19:50
    mouclass.sysfffff880`02dd7000fffff880`02de60000x0000f0000x4a5bc11614/07/2009 00:19:50
    swenum.sysfffff880`045fc000fffff880`045fd4800x000014800x4a5bca9214/07/2009 01:00:18
    ks.sysfffff880`05ae8000fffff880`05b2b0000x000430000x4ce7a3f320/11/2010 11:33:23
    umbus.sysfffff880`05b2b000fffff880`05b3d0000x000120000x4ce7a69520/11/2010 11:44:37
    usbhub.sysfffff880`05b3d000fffff880`05b970000x0005a0000x4d8c0c1525/03/2011 04:29:25
    NDProxy.SYSfffff880`05b97000fffff880`05bac0000x000150000x4ce7a86420/11/2010 11:52:20
    AtihdW76.sysfffff880`05bac000fffff880`05bc70000x0001b0000x4f46315423/02/2012 13:30:12
    portcls.sysfffff880`05a00000fffff880`05a3d0000x0003d0000x4a5bcc0314/07/2009 01:06:27
    drmk.sysfffff880`05a3d000fffff880`05a5f0000x000220000x4a5bd8e514/07/2009 02:01:25
    ksthunk.sysfffff880`05a5f000fffff880`05a642000x000052000x4a5bca9314/07/2009 01:00:19
    HdAudio.sysfffff880`05a65000fffff880`05ac10000x0005c0000x4ce7a68720/11/2010 11:44:23
    win32k.sysfffff960`00080000fffff960`003950000x003150000x00000000
    Dxapi.sysfffff880`05ac1000fffff880`05acd0000x0000c0000x4a5bc57414/07/2009 00:38:28
    crashdmp.sysfffff880`05acd000fffff880`05adb0000x0000e0000x4a5bcabd14/07/2009 01:01:01
    dump_dumpata.sysfffff880`05adb000fffff880`05ae70000x0000c0000x4a5bc11314/07/2009 00:19:47
    dump_msahci.sysfffff880`05bc7000fffff880`05bd20000x0000b0000x4ce7a41620/11/2010 11:33:58
    dump_dumpfve.sysfffff880`05bd2000fffff880`05be50000x000130000x4a5bc18f14/07/2009 00:21:51
    usbccgp.sysfffff880`01630000fffff880`0164d0000x0001d0000x4d8c0c0a25/03/2011 04:29:14
    USBD.SYSfffff880`05be5000fffff880`05be6f000x00001f000x4d8c0bfb25/03/2011 04:28:59
    dc3d.sysfffff880`05be7000fffff880`05bf90000x000120000x4d9f930c08/04/2011 23:58:20
    HIDPARSE.SYSfffff880`04817000fffff880`0481f0800x000080800x4a5bcbf914/07/2009 01:06:17
    hidusb.sysfffff880`02de6000fffff880`02df40000x0000e0000x4ce7a66520/11/2010 11:43:49
    HIDCLASS.SYSfffff880`04000000fffff880`040190000x000190000x4ce7a66520/11/2010 11:43:49
    kbdhid.sysfffff880`02cc5000fffff880`02cd30000x0000e0000x4ce7a3f520/11/2010 11:33:25
    NuidFltr.sysfffff880`02df4000fffff880`02e000000x0000c0000x4d9f930808/04/2011 23:58:16
    mouhid.sysfffff880`041f3000fffff880`042000000x0000d0000x4a5bca9414/07/2009 01:00:20
    point64.sysfffff880`0164d000fffff880`0165d0000x000100000x4d9f930608/04/2011 23:58:14
    usbprint.sysfffff880`0107f000fffff880`0108b0000x0000c0000x4a5bd37a14/07/2009 01:38:18
    xusb21.sysfffff880`011de000fffff880`011eed800x00010d800x49dcb49c08/04/2009 15:28:44
     
  24. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    This is not how BSV log looks like.
    You did something wrong.
    Redo.
     
  25. MrScopes

    MrScopes TS Rookie Topic Starter

    Hello, The BSV was set to show 'all drivers'. Here are the other views of the two logs saved. I don't know why I'm not seeing more .DMP files that these.

    ----------------------
    A problem has been detected and Windows has been shut down to prevent damage
    to your computer.

    The problem seems to be caused by the following file: dtsoftbus01.sys

    DRIVER_VERIFIER_IOMANAGER_VIOLATION

    If this is the first time you've seen this stop error screen,
    restart your computer. If this screen appears again, follow
    these steps:

    Check to make sure any new hardware or software is properly installed.
    If this is a new installation, ask your hardware or software manufacturer
    for any Windows updates you might need.

    If problems continue, disable or remove any newly installed hardware
    or software. Disable BIOS memory options such as caching or shadowing.
    If you need to use safe mode to remove or disable components, restart
    your computer, press F8 to select Advanced Startup Options, and then
    select Safe Mode.

    Technical Information:

    *** STOP: 0x000000c9 (0x000000000000023e, 0xfffff880017a4324, 0xfffff98008588ea0,
    0x0000000000000000)

    *** dtsoftbus01.sys - Address 0xfffff880017a4324 base at 0xfffff880017a3000 DateStamp
    0x4f10358a
    ---------------------
    << I have deleted the program Deamon Tools Lite which this last sys file referes to. >>
    << Here is the other .DMP file
    -------------------------
    A problem has been detected and Windows has been shut down to prevent damage
    to your computer.
    The problem seems to be caused by the following file: Wdf01000.sys
    SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    If this is the first time you've seen this stop error screen,
    restart your computer. If this screen appears again, follow
    these steps:
    Check to make sure any new hardware or software is properly installed.
    If this is a new installation, ask your hardware or software manufacturer
    for any Windows updates you might need.
    If problems continue, disable or remove any newly installed hardware
    or software. Disable BIOS memory options such as caching or shadowing.
    If you need to use safe mode to remove or disable components, restart
    your computer, press F8 to select Advanced Startup Options, and then
    select Safe Mode.
    Technical Information:
    *** STOP: 0x1000007e (0xffffffff80000003, 0xfffff800030d2fd0, 0xfffff88003362298,
    0xfffff88003361af0)
    *** Wdf01000.sys - Address 0xfffff88000eb5289 base at 0xfffff88000e97000 DateStamp
    0x4a5bc19f
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...