Solved Another Sirefef infection?

M

MrScopes

Posts: 15   +0
I suppose my son has roamed a bit too far in the wilds of the internet. His PC is now behaving badly with frequent crashing. SIREFEF has popped up in av scans and said to be deleted. But I'm not sure as problems continue. The Windows firewall was disabled and could not be restarted. I installed Comodo Firewall. Closing the barndoor after the horse has fled comes to mind. Windows Essentials scan returns a clean sheet.

Now we have followed the instructions here and here are the logs. There are two Malwarebytes logs as the older one showed an infection said to have been deleted. I hope you can guide me in the next steps. Thanks

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.01.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex B Cranfield :: AC-PC [administrator]

02/07/2012 14:43:30
mbam-log-2012-07-02 (14-43-30).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 393802
Time elapsed: 10 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
====================
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.24.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex B Cranfield :: AC-PC [administrator]
24/06/2012 14:40:36
mbam-log-2012-06-24 (14-40-36).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238631
Time elapsed: 1 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\System32\H@tKeysH@@k.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\H@tKeysH@@k.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Alex B Cranfield\AppData\Local\Temp\kpul0.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
(end)
===================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-02 17:59:45
Windows 6.1.7601 Service Pack 1
Running: ol7zhc5x.exe
---- Files - GMER 1.0.15 ----
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map03_TankFactory\T02M03_BackgroundGfx\T02M02_Terrain_host_T02M01_Terrain_host_RoadAsphaltA_RREF_RoadAsphaltA16\mat()\pack.bin 188 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map04_AirField\T02M04_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\mat() 0 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map04_AirField\T02M04_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\mat()\pack.bin 182 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map05_Skirmish\T02M05_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\mat() 0 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map05_Skirmish\T02M05_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\mat()\pack.bin 183 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Shaders\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map04_AirField\T02M04_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\fx() 0 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Shaders\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map04_AirField\T02M04_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\fx()\pack.bin 11079 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Shaders\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map05_Skirmish\T02M05_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\fx() 0 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Shaders\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map05_Skirmish\T02M05_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\fx()\pack.bin 11076 bytes
---- EOF - GMER 1.0.15 ----
===============
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Alex B Cranfield at 18:05:13 on 2012-07-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8169.6525 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=nv1
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\Alex B Cranfield\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "B:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "B:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4EF81454-B91D-4384-8F27-B9159AA268D9} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{4EF81454-B91D-4384-8F27-B9159AA268D9} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "B:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 acedrv11;acedrv11;\??\C:\Windows\system32\drivers\acedrv11.sys --> C:\Windows\system32\drivers\acedrv11.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-6-27 1326176]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-29 136176]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-6-27 681056]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 257224]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-29 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-02 15:18:49--------d-----w-C:\Users\Alex B Cranfield\AppData\Local\Secunia PSI
2012-07-02 15:18:41--------d-----w-C:\Program Files (x86)\Secunia
2012-07-02 14:52:48--------d-----w-C:\ProgramData\Comodo
2012-07-02 14:52:44--------d-----w-C:\Program Files\COMODO
2012-07-02 13:11:4769000----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4B27389-5975-4088-B797-A9AC35020098}\offreg.dll
2012-07-02 05:13:359013136----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4B27389-5975-4088-B797-A9AC35020098}\mpengine.dll
2012-07-01 21:12:07--------d-----w-C:\FRST
2012-07-01 19:53:20--------d-----w-C:\Users\Alex B Cranfield\AppData\Roaming\.techniclauncher
2012-07-01 01:32:039013136----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-27 05:27:52--------d-----w-C:\Users\Alex B Cranfield\AppData\Roaming\.minecraft
2012-06-25 18:34:27--------d-----w-C:\Program Files (x86)\Oracle
2012-06-25 18:34:21772504----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2012-06-21 17:29:192622464----a-w-C:\Windows\System32\wucltux.dll
2012-06-21 17:29:1799840----a-w-C:\Windows\System32\wudriver.dll
2012-06-21 17:29:1636864----a-w-C:\Windows\System32\wuapp.exe
2012-06-21 17:29:16186752----a-w-C:\Windows\System32\wuwebv.dll
2012-06-20 18:19:12328704----a-w-C:\Windows\System32\services.exe.5E70A9395C42F257
2012-06-20 18:16:34328704----a-w-C:\Windows\System32\services.exe.13B11F54766E4BC0
2012-06-20 18:13:46328704----a-w-C:\Windows\System32\services.exe.2F0EBF178F8CDA76
2012-06-20 06:08:25328704----a-w-C:\Windows\System32\services.exe.EFDCF3C0DE9D76C9
2012-06-20 06:05:38328704----a-w-C:\Windows\System32\services.exe.7D08DDE78A2C300F
2012-06-20 06:02:50328704----a-w-C:\Windows\System32\services.exe.06350B7DC891B4E7
2012-06-20 05:59:52328704----a-w-C:\Windows\System32\services.exe.4CC2CBB91681EA81
2012-06-20 05:57:07328704----a-w-C:\Windows\System32\services.exe.0C936E7AC2128E53
2012-06-20 05:54:22328704----a-w-C:\Windows\System32\services.exe.4FB20B60410F182A
2012-06-20 05:51:36328704----a-w-C:\Windows\System32\services.exe.A8D6F6D5B515D10C
2012-06-20 05:48:49328704----a-w-C:\Windows\System32\services.exe.DE31CEB0332A7696
2012-06-20 05:46:16328704----a-w-C:\Windows\System32\services.exe.61D33793C4B13E16
2012-06-20 05:44:21328704----a-w-C:\Windows\System32\services.exe.8967B0D850F76966
2012-06-20 05:41:44328704----a-w-C:\Windows\System32\services.exe.E614E9ACD9D74CA8
2012-06-20 05:39:13328704----a-w-C:\Windows\System32\services.exe.678CB384D2B3CC4B
2012-06-20 05:36:25328704----a-w-C:\Windows\System32\services.exe.F8364D651D752FEF
2012-06-20 05:33:36328704----a-w-C:\Windows\System32\services.exe.D6116BF0D9D71914
2012-06-13 10:28:06927800------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-13 10:28:06927800------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0D87F20-8597-4D03-84D0-1F85E66BCAFE}\gapaengine.dll
2012-06-13 05:57:149216----a-w-C:\Windows\System32\rdrmemptylst.exe
2012-06-12 16:32:20--------d-----w-C:\Users\Alex B Cranfield\AppData\Roaming\LoneSurvivor
2012-06-11 20:51:54--------d-----w-C:\Users\Alex B Cranfield\AppData\Roaming\Braid
.
==================== Find3M ====================
.
2012-07-02 15:20:29426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-02 15:20:2870344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-01 16:26:36283304----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-01 16:26:36283304----a-w-C:\Windows\SysWow64\PnkBstrB.exe
2012-07-01 16:26:10280904----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-27 05:40:49955840----a-w-C:\Windows\System32\npdeployJava1.dll
2012-06-27 05:40:49839096----a-w-C:\Windows\System32\deployJava1.dll
2012-06-20 18:21:35328704----a-w-C:\Windows\System32\services.exe
2012-06-01 19:26:3376888----a-w-C:\Windows\SysWow64\PnkBstrA.exe
2012-05-26 16:13:16466456----a-w-C:\Windows\System32\wrap_oal.dll
2012-05-26 16:13:16444952----a-w-C:\Windows\SysWow64\wrap_oal.dll
2012-05-26 16:13:16122904----a-w-C:\Windows\System32\OpenAL32.dll
2012-05-26 16:13:16109080----a-w-C:\Windows\SysWow64\OpenAL32.dll
2012-05-18 02:06:482311680----a-w-C:\Windows\System32\jscript9.dll
2012-05-18 01:59:141392128----a-w-C:\Windows\System32\wininet.dll
2012-05-18 01:58:391494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:302382848----a-w-C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:371800192----a-w-C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:471129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:391427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:333146752----a-w-C:\Windows\System32\win32k.sys
2012-05-05 09:38:37283200----a-w-C:\Windows\System32\drivers\dtsoftbus01.sys
2012-05-04 18:29:16687504----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-05-04 11:06:225559664----a-w-C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:533968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:503913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20209920----a-w-C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21210944----a-w-C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:5677312----a-w-C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55149504----a-w-C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37184320----a-w-C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37140288----a-w-C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:361462272----a-w-C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:421158656----a-w-C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:403216384----a-w-C:\Windows\System32\msi.dll
2012-04-07 11:26:292342400----a-w-C:\Windows\SysWow64\msi.dll
2012-04-06 05:22:4011174400----a-w-C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:22:00159744----a-w-C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52909312----a-w-C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:041067520----a-w-C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52442368----a-w-C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46503808----a-w-C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02236544----a-w-C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44120320----a-w-C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:3021504----a-w-C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:2659392----a-w-C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:2043520----a-w-C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:426800896----a-w-C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:5026181632----a-w-C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:1064000----a-w-C:\Windows\System32\coinst.dll
2012-04-06 01:54:467479296----a-w-C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:5619753984----a-w-C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:241120768----a-w-C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:501831424----a-w-C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:344731904----a-w-C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:046203392----a-w-C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:1651200----a-w-C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:1446080----a-w-C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:0844544----a-w-C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:0644032----a-w-C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:5416090624----a-w-C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:3013764096----a-w-C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:247431680----a-w-C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:544795904----a-w-C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28514560----a-w-C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20360448----a-w-C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:0617408----a-w-C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:0414848----a-w-C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:0414848----a-w-C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:0041984----a-w-C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:5233280----a-w-C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44343040----a-w-C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:5654784----a-w-C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:4841984----a-w-C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:4244544----a-w-C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:3432256----a-w-C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:0253248----a-w-C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:0854784----a-w-C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:0854784----a-w-C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:0453760----a-w-C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:0453760----a-w-C:\Windows\SysWow64\amdpcom32.dll
2012-04-05 21:34:26187392----a-w-C:\Windows\System32\clinfo.exe
2012-04-05 21:34:1074752----a-w-C:\Windows\System32\OpenVideo64.dll
2012-04-05 21:34:0464512----a-w-C:\Windows\SysWow64\OpenVideo.dll
2012-04-05 21:33:5663488----a-w-C:\Windows\System32\OVDecode64.dll
2012-04-05 21:33:5256320----a-w-C:\Windows\SysWow64\OVDecode.dll
2012-04-05 21:33:4416457216----a-w-C:\Windows\System32\amdocl64.dll
2012-04-05 21:32:5613007872----a-w-C:\Windows\SysWow64\amdocl.dll
2012-04-04 14:56:4024904----a-w-C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 18:07:24.46 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 28/06/2011 23:56:23
System Uptime: 02/07/2012 17:41:30 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8P67 PRO
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
B: is FIXED (NTFS) - 931 GiB total, 285.712 GiB free.
C: is FIXED (NTFS) - 60 GiB total, 11.081 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&108ABD8A&0&00E4
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&108ABD8A&0&00E4
Service:
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&DDEC341&0&00E1
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&DDEC341&0&00E1
Service:
.
Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1102&DEV_0005&SUBSYS_10031102&REV_00\5&D93DF5B&0&0000E6
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1102&DEV_0005&SUBSYS_10031102&REV_00\5&D93DF5B&0&0000E6
Service:
.
==== System Restore Points ===================
.
RP410: 02/07/2012 15:53:10 - Device Driver Package Install: COMODO Network Service
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
American Conquest
American Conquest - Fight Back
Amnesia: The Dark Descent
Apple Software Update
Application Profiles
Atom Zombie Smasher
µTorrent
Audiosurf
Bastion
Battlefield 3™
BBC iPlayer Desktop
Bid-O-Matic v2.14.8
BIT.TRIP RUNNER
Braid
Call of Pripyat Complete v1.0.2
Carmageddon EFLC 2.0.1.1
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Cave Story+
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cheat Engine 6.1
Company of Heroes
Company of Heroes: Tales of Valor
Cossacks II: Battle for Europe
Cossacks II: Napoleonic Wars
Cossacks: Art of War
Cossacks: Back to War
Cossacks: European Wars
Crayon Physics Deluxe
Creation Kit
DAEMON Tools Lite
Dark Messiah Might and Magic Single Player
Darwinia
Day of Defeat: Source
Dead Island
DEFCON
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dragon NaturallySpeaking 11
EDGE
Empire: Total War
Endless Space
ESN Sonar
Evil Genius
Fallout 3
Fallout New Vegas
Far Cry 2
From Dust
Frozen Synapse
FUEL
GameSpy Arcade
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Grand Theft Auto: San Andreas
Gratuitous Space Battles
GRID
Hitman: Blood Money
HOMEFRONT
HydraVision
Impulse®
Intel(R) Management Engine Components
Jagged Alliance 2
Jagged Alliance 2 Gold
Jamestown
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Just Cause 2
Killing Floor
Left 4 Dead 2
LIMBO
Lone Survivor
Malwarebytes Anti-Malware version 1.61.0.1400
Max Payne 3
MechWarrior 4 Mercenaries
Medieval II: Total War
Medieval II: Total War Kingdoms
Microsoft .NET Framework 1.1
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mount & Blade
Mount & Blade: Warband
Mount & Blade: With Fire and Sword
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Napoleon: Total War
New Star Soccer 5 v1.07
NVIDIA PhysX
OpenAL
Orcs Must Die!
Origin
Portal
ProtectDisc Driver, Version 11
Psychonauts
PunkBuster Services
QuickTime
RAGE
Rapture3D 2.4.11 Game
Red Orchestra 2: Heroes of Stalingrad
Rockstar Games Social Club
Rome: Total War - Alexander
Rome: Total War Gold Edition
S.T.A.L.K.E.R. - Clear Sky
S.T.A.L.K.E.R.: Call of Pripyat
Saints Row: The Third
Secunia PSI (3.0.0.2004)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Shank
Sid Meier's Alpha Centauri
Sid Meier's Civilization V
Sid Meier's Railroads!
SimCity 4 Deluxe
Solar 2
SotS Tutorial Videos
Space Pirates and Zombies
Steam
Stronghold
Stronghold 3
Stronghold Crusader Extreme
Super Meat Boy
Superbrothers: Sword & Sworcery EP
swMSM
Sword of the Stars
Sword of the Stars II
System Requirements Lab CYRI
TeamSpeak 3 Client
Terraria
The Elder Scrolls V: Skyrim
The Saboteur™
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Fast Lane Stuff
The Sims™ 3 Generations
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Sims™ 3 Outdoor Living Stuff
The Sims™ 3 Town Life Stuff
The Sims™ 3 World Adventures
The Witcher 2 Enhanced Edition version 3.0
Tom Clancy's EndWar
Total War: SHOGUN 2
Total War: Shogun 2 - TEd
Tunatic
Ubisoft Game Launcher
UFO: Extraterrestrials Gold
Universe Sandbox
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 2.0.1
Wargame: European Escalation
Warhammer® 40,000™: Dawn of War® II
Wings of Prey
X3: Albion Prelude
X3: Terran Conflict
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
25/06/2012 15:40:45, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.359.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
25/06/2012 15:30:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.359.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
02/07/2012 17:41:52, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
02/07/2012 17:41:52, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
02/07/2012 17:41:40, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
02/07/2012 16:33:01, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
02/07/2012 15:53:06, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
02/07/2012 13:41:41, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
02/07/2012 13:36:14, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
02/07/2012 13:36:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
02/07/2012 13:36:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
02/07/2012 13:36:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
02/07/2012 13:36:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
02/07/2012 13:36:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
02/07/2012 13:36:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
01/07/2012 22:03:45, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
01/07/2012 09:29:57, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Thanks for the help. Here is the log:
Scan result of Farbar Recovery Scan Tool Version: 20-06-2012 04
Ran by SYSTEM at 02-07-2012 16:40:34
Running from F:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9454920 2011-12-20] (COMODO)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "B:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [x]
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Alex B Cranfield\...\Run: [Google Update] "C:\Users\Alex B Cranfield\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-15] (Google Inc.)
HKU\Alex B Cranfield\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2010-07-23] (Acresso Corporation)
HKU\Alex B Cranfield\...\Run: [DAEMON Tools Lite] "B:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKU\Work\...\Run: [QuickTime Task] "B:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [x]
HKU\Work\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-06-29] (Google Inc.)
HKU\Work\...\Run: [Google Update] "C:\Users\Work\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-02] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Windows\system32\guard64.dll
Tcpip\..\Interfaces\{4EF81454-B91D-4384-8F27-B9159AA268D9}: [NameServer]8.26.56.26,156.154.70.22
Startup: C:\Users\Alex B Cranfield\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Services (Whitelisted) ======

2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2779416 2011-12-19] (COMODO)
2 DragonSvc; C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-06-01] ()
2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [1326176 2012-06-26] (Secunia)
2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [681056 2012-06-26] (Secunia)

========================== Drivers (Whitelisted) =============

2 acedrv11; C:\Windows\System32\Drivers\acedrv11.sys [191616 2010-02-24] (Protect Software GmbH)
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2011-07-06] ()
1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2011-12-19] (COMODO)
1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [43248 2011-12-19] (COMODO)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-05-05] (DT Soft Ltd)
1 inspect; C:\Windows\System32\Drivers\inspect.sys [93200 2011-12-19] (COMODO)
3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [33792 2005-03-09] ()
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2011-07-06] ()

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-02 07:18 - 2012-07-02 07:18 - 00000000 ____D C:\Program Files (x86)\Secunia
2012-07-02 06:52 - 2012-07-02 06:53 - 00000000 ____D C:\Users\All Users\Comodo
2012-07-02 06:52 - 2012-07-02 06:52 - 00001846 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
2012-07-02 06:52 - 2012-07-02 06:52 - 00000000 ____D C:\Program Files\COMODO
2012-07-01 21:01 - 2012-07-02 07:32 - 00001298 ____A C:\Windows\setupact.log
2012-07-01 21:01 - 2012-07-01 21:01 - 00000000 ____A C:\Windows\setuperr.log
2012-07-01 13:18 - 2012-07-01 13:18 - 00000000 ____D C:\Windows\erdnt
2012-07-01 13:18 - 2012-07-01 13:18 - 00000000 ____D C:\Qoobox
2012-07-01 13:12 - 2012-07-02 16:40 - 00000000 ____D C:\FRST
2012-07-01 11:53 - 2012-07-01 12:06 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\.techniclauncher
2012-06-29 10:08 - 2012-06-29 10:08 - 00000020 ____A C:\Users\Alex B Cranfield\Desktop\seed.txt
2012-06-26 21:45 - 2012-06-29 07:23 - 00000000 ___RD C:\Users\Alex B Cranfield\Desktop\Split-Screen Minecraft
2012-06-26 21:40 - 2012-06-26 21:40 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-26 21:40 - 2012-06-26 21:40 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-26 21:40 - 2012-06-26 21:40 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-26 21:40 - 2012-06-26 21:40 - 00000000 ____D C:\Program Files\Java
2012-06-26 21:27 - 2012-06-26 21:29 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\.minecraft
2012-06-26 10:43 - 2012-05-04 10:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-26 10:42 - 2012-06-26 10:42 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-26 10:42 - 2012-06-26 10:42 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-25 10:34 - 2012-06-25 10:34 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-25 10:34 - 2012-05-04 10:29 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-21 09:29 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 09:29 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 09:29 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 09:29 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 09:29 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 09:29 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 09:29 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 09:29 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 09:29 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 10:19 - 2012-06-20 10:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5E70A9395C42F257
2012-06-20 10:16 - 2012-06-20 10:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.13B11F54766E4BC0
2012-06-20 10:13 - 2012-06-20 10:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2F0EBF178F8CDA76
2012-06-19 22:08 - 2012-06-19 22:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EFDCF3C0DE9D76C9
2012-06-19 22:05 - 2012-06-19 22:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7D08DDE78A2C300F
2012-06-19 22:02 - 2012-06-19 22:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.06350B7DC891B4E7
2012-06-19 21:59 - 2012-06-19 21:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4CC2CBB91681EA81
2012-06-19 21:57 - 2012-06-19 21:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0C936E7AC2128E53
2012-06-19 21:54 - 2012-06-19 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4FB20B60410F182A
2012-06-19 21:51 - 2012-06-19 21:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A8D6F6D5B515D10C
2012-06-19 21:48 - 2012-06-19 21:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE31CEB0332A7696
2012-06-19 21:46 - 2012-06-19 21:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61D33793C4B13E16
2012-06-19 21:44 - 2012-06-19 21:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8967B0D850F76966
2012-06-19 21:41 - 2012-06-19 21:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E614E9ACD9D74CA8
2012-06-19 21:39 - 2012-06-19 21:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.678CB384D2B3CC4B
2012-06-19 21:36 - 2012-06-19 21:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8364D651D752FEF
2012-06-19 21:33 - 2012-06-19 21:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D6116BF0D9D71914
2012-06-17 11:15 - 2012-06-17 11:15 - 00001189 ____A C:\Users\Alex B Cranfield\Desktop\CM Switcher EFLC.lnk
2012-06-12 22:49 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 22:49 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 22:49 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-12 22:49 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 22:49 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 22:49 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-12 22:49 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 22:49 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 22:49 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 22:49 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-12 22:49 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 22:49 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 22:49 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 22:49 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 22:49 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-12 22:49 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-12 22:49 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-12 22:49 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-12 22:49 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-12 22:49 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-12 22:49 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-12 22:49 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-12 22:49 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-12 22:49 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-12 22:49 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-12 22:49 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-12 22:49 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-12 22:49 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-12 21:57 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 21:57 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 21:57 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 21:57 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 21:57 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 21:57 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 21:57 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 21:57 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 21:57 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 21:57 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 21:57 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 21:57 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-12 21:57 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-12 21:57 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-12 21:57 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 21:57 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 21:57 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-12 08:32 - 2012-06-12 08:32 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\LoneSurvivor
2012-06-11 12:51 - 2012-06-12 08:16 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Braid
2012-06-05 15:48 - 2012-06-05 15:48 - 00001769 ____A C:\Users\Alex B Cranfield\Desktop\Skyrim.lnk
2012-06-05 15:48 - 2012-06-05 15:48 - 00001341 ____A C:\Users\Alex B Cranfield\Desktop\Skyrim.exe - Shortcut.lnk
2012-06-04 06:58 - 2012-06-04 06:58 - 00001389 ____A C:\Users\Alex B Cranfield\Desktop\Max Payne 3.lnk


============ 3 Months Modified Files and Folders =============

2012-07-02 16:40 - 2012-07-01 13:12 - 00000000 ____D C:\FRST
2012-07-02 07:32 - 2012-07-01 21:01 - 00001298 ____A C:\Windows\setupact.log
2012-07-02 07:32 - 2012-04-05 23:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-02 07:32 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-02 07:31 - 2011-06-28 14:53 - 01974868 ____A C:\Windows\WindowsUpdate.log
2012-07-02 07:28 - 2009-07-13 21:13 - 00800138 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-02 07:20 - 2012-04-05 23:41 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-02 07:20 - 2011-06-29 01:28 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-02 07:18 - 2012-07-02 07:18 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\Secunia PSI
2012-07-02 07:18 - 2012-07-02 07:18 - 00000000 ____D C:\Program Files (x86)\Secunia
2012-07-02 07:13 - 2011-06-29 01:28 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-02 07:13 - 2011-06-29 01:28 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-02 07:13 - 2009-07-13 20:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-02 07:13 - 2009-07-13 20:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-02 06:59 - 2011-12-02 06:54 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1006UA.job
2012-07-02 06:55 - 2011-07-15 16:40 - 00000952 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1000UA.job
2012-07-02 06:53 - 2012-07-02 06:52 - 00000000 ____D C:\Users\All Users\Comodo
2012-07-02 06:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2012-07-02 06:52 - 2012-07-02 06:52 - 00001846 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
2012-07-02 06:52 - 2012-07-02 06:52 - 00000000 ____D C:\Program Files\COMODO
2012-07-02 05:59 - 2011-12-02 06:54 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1006Core.job
2012-07-02 04:36 - 2011-11-02 09:08 - 00779776 __ASH C:\Users\Alex B Cranfield\Desktop\Thumbs.db
2012-07-01 22:46 - 2011-12-17 16:48 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\vlc
2012-07-01 21:01 - 2012-07-01 21:01 - 00000000 ____A C:\Windows\setuperr.log
2012-07-01 13:43 - 2011-10-09 08:04 - 00000000 ____D C:\tmp
2012-07-01 13:18 - 2012-07-01 13:18 - 00000000 ____D C:\Windows\erdnt
2012-07-01 13:18 - 2012-07-01 13:18 - 00000000 ____D C:\Qoobox
2012-07-01 13:16 - 2011-06-30 05:12 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\DAEMON Tools Lite
2012-07-01 13:16 - 2011-06-30 04:15 - 00000000 ___RD C:\Users\Alex B Cranfield\Desktop\Office + Media
2012-07-01 12:06 - 2012-07-01 11:53 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\.techniclauncher
2012-07-01 11:46 - 2012-05-17 14:59 - 00007609 ____A C:\Users\Alex B Cranfield\AppData\Local\resmon.resmoncfg
2012-07-01 08:26 - 2011-09-29 11:40 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-01 08:26 - 2011-06-29 02:25 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-01 08:26 - 2011-06-29 02:25 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-01 03:39 - 2011-06-29 01:36 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\uTorrent
2012-07-01 02:55 - 2011-07-15 16:40 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1000Core.job
2012-06-29 16:51 - 2011-11-11 03:24 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\Skyrim
2012-06-29 13:56 - 2012-05-15 03:55 - 00002453 ____A C:\Users\Alex B Cranfield\Desktop\Google Chrome.lnk
2012-06-29 10:08 - 2012-06-29 10:08 - 00000020 ____A C:\Users\Alex B Cranfield\Desktop\seed.txt
2012-06-29 07:23 - 2012-06-26 21:45 - 00000000 ___RD C:\Users\Alex B Cranfield\Desktop\Split-Screen Minecraft
2012-06-26 21:40 - 2012-06-26 21:40 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-26 21:40 - 2012-06-26 21:40 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-26 21:40 - 2012-06-26 21:40 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-26 21:40 - 2012-06-26 21:40 - 00000000 ____D C:\Program Files\Java
2012-06-26 21:40 - 2012-03-31 03:40 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-06-26 21:40 - 2011-07-01 03:42 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-26 21:29 - 2012-06-26 21:27 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\.minecraft
2012-06-26 10:42 - 2012-06-26 10:42 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-26 10:42 - 2012-06-26 10:42 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-26 10:42 - 2011-07-30 17:42 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-25 10:34 - 2012-06-25 10:34 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-24 13:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-24 09:28 - 2011-07-14 08:55 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\TS3Client
2012-06-24 09:28 - 2011-07-14 08:55 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\TeamSpeak 3 Client
2012-06-20 10:21 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-06-20 10:19 - 2012-06-20 10:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5E70A9395C42F257
2012-06-20 10:16 - 2012-06-20 10:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.13B11F54766E4BC0
2012-06-20 10:16 - 2011-11-26 05:58 - 00112264 ____A C:\Users\Work\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-20 10:13 - 2012-06-20 10:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2F0EBF178F8CDA76
2012-06-19 22:08 - 2012-06-19 22:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EFDCF3C0DE9D76C9
2012-06-19 22:05 - 2012-06-19 22:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7D08DDE78A2C300F
2012-06-19 22:02 - 2012-06-19 22:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.06350B7DC891B4E7
2012-06-19 21:59 - 2012-06-19 21:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4CC2CBB91681EA81
2012-06-19 21:57 - 2012-06-19 21:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0C936E7AC2128E53
2012-06-19 21:54 - 2012-06-19 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4FB20B60410F182A
2012-06-19 21:51 - 2012-06-19 21:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A8D6F6D5B515D10C
2012-06-19 21:48 - 2012-06-19 21:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE31CEB0332A7696
2012-06-19 21:46 - 2012-06-19 21:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61D33793C4B13E16
2012-06-19 21:44 - 2012-06-19 21:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8967B0D850F76966
2012-06-19 21:41 - 2012-06-19 21:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E614E9ACD9D74CA8
2012-06-19 21:39 - 2012-06-19 21:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.678CB384D2B3CC4B
2012-06-19 21:36 - 2012-06-19 21:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8364D651D752FEF
2012-06-19 21:33 - 2012-06-19 21:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D6116BF0D9D71914
2012-06-17 11:15 - 2012-06-17 11:15 - 00001189 ____A C:\Users\Alex B Cranfield\Desktop\CM Switcher EFLC.lnk
2012-06-17 02:24 - 2011-07-06 01:34 - 00000000 ____D C:\Users\All Users\Solidshield
2012-06-15 15:30 - 2011-06-30 06:11 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-06-13 05:05 - 2011-06-28 14:56 - 00000000 ____D C:\users\Alex B Cranfield
2012-06-13 02:15 - 2009-07-13 20:45 - 00423872 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-12 22:53 - 2011-07-18 02:51 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-12 08:32 - 2012-06-12 08:32 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\LoneSurvivor
2012-06-12 08:16 - 2012-06-11 12:51 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Braid
2012-06-10 22:09 - 2011-10-28 01:54 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2012-06-05 15:48 - 2012-06-05 15:48 - 00001769 ____A C:\Users\Alex B Cranfield\Desktop\Skyrim.lnk
2012-06-05 15:48 - 2012-06-05 15:48 - 00001341 ____A C:\Users\Alex B Cranfield\Desktop\Skyrim.exe - Shortcut.lnk
2012-06-04 06:58 - 2012-06-04 06:58 - 00001389 ____A C:\Users\Alex B Cranfield\Desktop\Max Payne 3.lnk
2012-06-03 14:28 - 2011-07-01 22:09 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-03 08:38 - 2011-11-28 11:29 - 00000000 ____D C:\Users\All Users\Rockstar Games
2012-06-03 08:38 - 2011-06-28 23:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-02 14:19 - 2012-06-21 09:29 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 09:29 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 09:29 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 09:29 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 09:29 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 09:29 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 09:29 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-21 09:29 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-21 09:29 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 11:26 - 2011-06-29 02:25 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-05-31 10:54 - 2012-05-31 10:54 - 00000000 __SHD C:\Users\All Users\SecuROM
2012-05-29 10:04 - 2012-05-24 05:35 - 00000000 ____D C:\tedbackup
2012-05-27 21:35 - 2012-05-27 21:35 - 00004096 ____A C:\Users\Public\Documents\000031A7.LCS
2012-05-27 21:35 - 2012-05-27 21:35 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\ProtectDISC
2012-05-27 20:48 - 2012-05-27 20:48 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\Ironfront
2012-05-26 08:19 - 2012-05-26 08:19 - 00000000 ____D C:\Program Files\WinRAR
2012-05-26 08:16 - 2012-05-26 08:13 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Wroom
2012-05-26 08:13 - 2011-07-22 10:55 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-05-26 08:13 - 2011-07-22 10:55 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-05-26 08:13 - 2011-07-22 10:55 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-05-26 08:13 - 2011-07-22 10:55 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-05-25 11:32 - 2012-05-19 07:27 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Activision
2012-05-25 11:11 - 2012-05-25 11:11 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\MoreTerra
2012-05-21 22:07 - 2012-05-21 22:06 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\ArmA 2
2012-05-21 22:01 - 2012-05-21 22:01 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\Spirited_Machine
2012-05-21 21:55 - 2012-05-21 21:55 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Spirited Machine
2012-05-21 21:39 - 2011-06-29 01:29 - 00785606 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-21 21:30 - 2012-05-21 21:14 - 00000000 ____D C:\Users\All Users\ManiaPlanet
2012-05-17 18:47 - 2012-06-12 22:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-12 22:49 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-12 22:49 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-12 22:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-12 22:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-12 22:49 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-12 22:49 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-12 22:49 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-12 22:49 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-12 22:49 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-12 22:49 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-12 22:49 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-12 22:49 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-12 22:49 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-12 22:49 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 15:11 - 2011-06-29 01:29 - 00001945 ____A C:\Windows\epplauncher.mif
2012-05-17 15:10 - 2012-05-17 15:10 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-05-17 15:10 - 2012-05-17 15:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-05-17 14:58 - 2012-05-17 14:58 - 00906006 ____A C:\Users\Alex B Cranfield\AppData\Local\census.cache
2012-05-17 14:57 - 2012-05-17 14:57 - 00128152 ____A C:\Users\Alex B Cranfield\AppData\Local\ars.cache
2012-05-17 14:51 - 2012-05-17 14:51 - 00000036 ____A C:\Users\Alex B Cranfield\AppData\Local\housecall.guid.cache
2012-05-17 14:48 - 2012-06-12 22:49 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-12 22:49 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-12 22:49 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-12 22:49 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-12 22:49 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-12 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-12 22:49 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-12 22:49 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-12 22:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-12 22:49 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-12 22:49 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-12 22:49 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-12 22:49 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-17 09:26 - 2011-12-19 06:34 - 00000000 ____D C:\Windows\Minidump
2012-05-17 09:24 - 2012-05-17 09:24 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Malwarebytes
2012-05-17 09:23 - 2012-05-17 09:23 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-05-17 09:23 - 2012-05-17 09:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-16 06:28 - 2012-05-16 06:04 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\ArmA 2 OA
2012-05-16 05:39 - 2012-05-16 05:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Chart Controls
2012-05-15 03:55 - 2011-06-29 01:28 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\Google
2012-05-14 17:32 - 2012-06-12 21:57 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 12:15 - 2012-05-14 12:15 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-13 23:50 - 2012-05-13 15:34 - 00000000 ____D C:\Users\Alex B Cranfield\Desktop\SC4 Maps
2012-05-13 01:32 - 2012-05-12 01:51 - 00000528 ____A C:\Windows\eReg.dat
2012-05-12 03:06 - 2012-05-12 03:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-12 03:06 - 2012-05-12 03:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-10 22:43 - 2009-07-13 23:47 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-07 03:15 - 2011-09-29 11:40 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\PunkBuster
2012-05-06 08:14 - 2012-05-06 08:13 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\SniperV2
2012-05-06 08:10 - 2011-11-28 12:06 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\SKIDROW
2012-05-06 06:21 - 2012-05-06 06:21 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Google
2012-05-05 02:07 - 2012-05-05 02:07 - 00000000 ____D C:\Users\All Users\ATI
2012-05-05 01:52 - 2012-05-05 01:52 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2012-05-05 01:52 - 2012-05-05 01:52 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-05-05 01:52 - 2012-04-18 10:45 - 00000000 ____D C:\Users\All Users\AMD
2012-05-05 01:52 - 2011-06-28 15:03 - 00000000 ____D C:\Program Files\ATI Technologies
2012-05-05 01:43 - 2011-06-28 15:05 - 00112264 ____A C:\Users\Alex B Cranfield\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-05 01:42 - 2011-06-30 05:12 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-05-05 01:38 - 2012-05-05 01:38 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-05-04 16:43 - 2012-05-04 16:43 - 00000000 ____D C:\Program Files (x86)\BRS
2012-05-04 16:43 - 2011-07-22 10:55 - 00000000 ____D C:\Users\All Users\Codemasters
2012-05-04 16:43 - 2011-07-22 10:55 - 00000000 ____D C:\Program Files (x86)\OpenAL
2012-05-04 10:29 - 2012-06-26 10:43 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-04 10:29 - 2012-06-25 10:34 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-04 10:29 - 2011-07-30 17:42 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 03:06 - 2012-06-12 21:57 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 21:57 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 21:57 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 10:47 - 2012-02-14 07:59 - 00000000 ____D C:\Users\Alex B Cranfield\Desktop\pics
2012-04-30 21:40 - 2012-06-12 21:57 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-29 01:13 - 2012-04-29 01:08 - 00000000 ____D C:\Program Files (x86)\Bid-O-Matic
2012-04-27 19:55 - 2012-06-12 21:57 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 11:08 - 2012-05-17 10:42 - 55656824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-04-26 10:01 - 2012-04-26 09:59 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Mount&Blade With Fire and Sword
2012-04-25 21:41 - 2012-06-12 21:57 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 21:57 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 21:57 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-12 21:57 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 21:57 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 21:57 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 21:57 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 21:57 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 21:57 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 07:51 - 2012-04-23 07:51 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Local\The Witcher 2
2012-04-23 07:34 - 2012-04-23 01:04 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Crayon Physics Deluxe
2012-04-23 02:08 - 2012-04-23 02:03 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Mount&Blade Warband
2012-04-21 08:41 - 2012-04-21 08:41 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-04-20 13:58 - 2011-10-13 21:33 - 00001804 ____A C:\Users\Alex B Cranfield\Desktop\Games.lnk
2012-04-20 11:13 - 2011-06-29 01:28 - 00000000 ____D C:\Program Files (x86)\Google
2012-04-19 02:37 - 2012-04-19 02:37 - 00000295 ____A C:\Windows\EReg072.dat
2012-04-18 10:43 - 2012-04-18 10:43 - 00601728 ____A C:\Windows\System32\atiicdxx.dat
2012-04-18 10:42 - 2012-04-18 10:42 - 00157144 ____A C:\Windows\SysWOW64\ativvsva.dat
2012-04-18 10:42 - 2012-04-18 10:42 - 00157144 ____A C:\Windows\System32\ativvsva.dat
2012-04-18 10:41 - 2012-04-18 10:41 - 00204952 ____A C:\Windows\SysWOW64\ativvsvl.dat
2012-04-18 10:41 - 2012-04-18 10:41 - 00204952 ____A C:\Windows\System32\ativvsvl.dat
2012-04-14 05:47 - 2012-04-14 05:47 - 00020761 ____A C:\Windows\System32\hs_err_pid4696.log
2012-04-11 15:57 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-04-07 04:31 - 2012-06-12 21:57 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-12 21:57 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-06 15:43 - 2012-04-06 15:43 - 00000050 ____A C:\user.js
2012-04-06 15:43 - 2012-04-06 15:43 - 00000000 ____D C:\Users\Alex B Cranfield\AppData\Roaming\Mozilla
2012-04-06 15:43 - 2012-04-06 15:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-06 15:43 - 2012-04-06 15:42 - 00000000 ____D C:\Program Files (x86)\fbphotozoom
2012-04-06 08:39 - 2011-11-26 05:58 - 00000000 ____D C:\users\Work
2012-04-06 08:39 - 2009-07-13 23:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-04-06 08:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-04-05 21:22 - 2012-04-05 21:22 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\System32\atiapfxx.blb
2012-04-05 18:22 - 2012-04-05 18:22 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-04-05 18:21 - 2012-04-18 10:41 - 00909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-04-05 18:20 - 2010-09-28 17:54 - 01067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 00503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-04-05 18:16 - 2012-04-05 18:16 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 00236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-04-05 18:14 - 2012-04-05 18:14 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-04-05 18:13 - 2012-04-05 18:13 - 06800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-04-05 18:10 - 2012-04-05 18:10 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-04-05 18:00 - 2010-09-28 17:23 - 00064000 ____A (AMD) C:\Windows\System32\coinst.dll
2012-04-05 17:54 - 2010-09-28 17:37 - 07479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-04-05 17:50 - 2012-04-05 17:50 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-04-05 17:35 - 2012-04-05 17:35 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-04-05 17:34 - 2012-04-18 10:43 - 06203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 04731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 02631008 ____A C:\Windows\System32\atiumd6a.cap
2012-04-05 17:25 - 2012-04-05 17:25 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-04-05 17:23 - 2012-04-05 17:23 - 07431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-04-05 17:22 - 2012-04-18 10:42 - 04795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-04-05 17:21 - 2012-04-05 17:21 - 02664704 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-04-05 17:11 - 2012-04-05 17:11 - 00514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-04-05 17:10 - 2012-04-05 17:10 - 00343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-04-05 17:10 - 2012-04-05 17:10 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 00044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-04-05 17:09 - 2010-09-28 17:14 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-04-05 17:09 - 2010-09-28 17:13 - 00032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-04-05 13:34 - 2012-04-05 13:34 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-04-05 13:34 - 2012-04-05 13:34 - 00074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-04-05 13:34 - 2012-04-05 13:34 - 00064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-04-05 13:33 - 2012-04-05 13:33 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-04-05 13:33 - 2012-04-05 13:33 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-04-05 13:33 - 2012-04-05 13:33 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-04-05 13:32 - 2012-04-05 13:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-04-04 06:56 - 2012-05-17 09:23 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

ZeroAccess:
C:\Windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}
C:\Windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\L
C:\Windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8168.82 MB
Available physical RAM: 7387.63 MB
Total Pagefile: 8166.97 MB
Available Pagefile: 7388.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive b: (Main Drive Volume) (Fixed) (Total:931.41 GB) (Free:285.71 GB) NTFS
2 Drive c: () (Fixed) (Total:59.62 GB) (Free:11.11 GB) NTFS
3 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive f: (UDISK 2.0) (Removable) (Total:0.96 GB) (Free:0.84 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 59 GB 0 B
Disk 1 Online 931 GB 1024 KB *
Disk 2 Online 981 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 59 GB 1024 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 59 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Dynamic Data 992 KB 31 KB
Partition 2 Dynamic Data 100 MB 1024 KB
Partition 3 Dynamic Data 931 GB 101 MB

======================================================================================================

Disk: 1
Partition 1
Type : 42
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 1
Partition 2
Type : 42
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D System Rese NTFS Simple 100 MB Healthy

======================================================================================================

Disk: 1
Partition 3
Type : 42
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 B Main Drive NTFS Simple 931 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 980 MB 16 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0E
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F UDISK 2.0 FAT Removable 980 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-07-02 03:52

======================= End Of Log ==========================
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    2.3 KB · Views: 2
I have followed these instruction with the exception of uninstalling the COMODO firwall when COMBOFIX complained about it running. Here are the Logs. Thanks for this.
======
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012 04
Ran by SYSTEM at 2012-07-04 20:07:58 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
C:\Windows\System32\services.exe.5E70A9395C42F257 moved successfully.
C:\Windows\System32\services.exe.13B11F54766E4BC0 moved successfully.
C:\Windows\System32\services.exe.2F0EBF178F8CDA76 moved successfully.
C:\Windows\System32\services.exe.EFDCF3C0DE9D76C9 moved successfully.
C:\Windows\System32\services.exe.7D08DDE78A2C300F moved successfully.
C:\Windows\System32\services.exe.06350B7DC891B4E7 moved successfully.
C:\Windows\System32\services.exe.4CC2CBB91681EA81 moved successfully.
C:\Windows\System32\services.exe.0C936E7AC2128E53 moved successfully.
C:\Windows\System32\services.exe.4FB20B60410F182A moved successfully.
C:\Windows\System32\services.exe.A8D6F6D5B515D10C moved successfully.
C:\Windows\System32\services.exe.DE31CEB0332A7696 moved successfully.
C:\Windows\System32\services.exe.61D33793C4B13E16 moved successfully.
C:\Windows\System32\services.exe.8967B0D850F76966 moved successfully.
C:\Windows\System32\services.exe.E614E9ACD9D74CA8 moved successfully.
C:\Windows\System32\services.exe.678CB384D2B3CC4B moved successfully.
C:\Windows\System32\services.exe.F8364D651D752FEF moved successfully.
C:\Windows\System32\services.exe.D6116BF0D9D71914 moved successfully.
C:\Windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea} moved successfully.

==== End of Fixlog ====

ComboFix 12-07-04.04 - Alex B Cranfield 04/07/2012 20:38:16.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8169.6637 [GMT 1:00]
Running from: G:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
B:\install.exe
c:\programdata\ntuser.dat
c:\users\Alex B Cranfield\AppData\Roaming\7za.exe
c:\users\Alex B Cranfield\AppData\Roaming\a.7z
c:\users\Alex B Cranfield\AppData\Roaming\Google\Update\1
c:\users\Alex B Cranfield\AppData\Roaming\Google\Update\1\SD\m.txt
c:\users\Alex B Cranfield\AppData\Roaming\Google\Update\1\SD\s.txt
c:\users\Alex B Cranfield\AppData\Roaming\googleoez.txt
c:\users\Alex B Cranfield\AppData\Roaming\Microsoft\Windows\Recent\Battlefield 3.url
c:\users\Alex B Cranfield\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\@
c:\windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\L\00000004.@
c:\windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\L\1afb2d56
c:\windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\L\201d3dde
c:\windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\U\000000cb.@
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 19:40 . 2012-07-04 19:40--------d-----w-c:\users\Work\AppData\Local\temp
2012-07-04 19:40 . 2012-07-04 19:40--------d-----w-c:\users\Default\AppData\Local\temp
2012-07-04 19:37 . 2012-07-04 19:37--------d-----w-c:\program files\COMODO
2012-07-04 15:50 . 2012-05-17 23:12927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{465F2705-7F7C-4337-B6D0-F6B77C4A76BD}\gapaengine.dll
2012-07-04 15:50 . 2012-05-31 04:049013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3705E7D0-03CC-4E9C-B2F1-9EA08883A137}\mpengine.dll
2012-07-03 05:39 . 2012-05-31 04:049013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-02 15:18 . 2012-07-02 15:18--------d-----w-c:\users\Alex B Cranfield\AppData\Local\Secunia PSI
2012-07-02 15:18 . 2012-07-02 15:18--------d-----w-c:\program files (x86)\Secunia
2012-07-02 14:52 . 2012-07-02 16:11--------d-----w-c:\programdata\Comodo
2012-07-01 21:12 . 2012-07-03 00:40--------d-----w-C:\FRST
2012-07-01 19:53 . 2012-07-01 20:06--------d-----w-c:\users\Alex B Cranfield\AppData\Roaming\.techniclauncher
2012-06-27 05:40 . 2012-06-27 05:40--------d-----w-c:\program files\Java
2012-06-27 05:27 . 2012-06-27 05:29--------d-----w-c:\users\Alex B Cranfield\AppData\Roaming\.minecraft
2012-06-26 18:43 . 2012-06-26 18:43--------d-----w-c:\program files (x86)\Common Files\Java
2012-06-25 18:34 . 2012-06-25 18:34--------d-----w-c:\program files (x86)\Oracle
2012-06-25 18:34 . 2012-05-04 18:29772504----a-w-c:\windows\SysWow64\npDeployJava1.dll
2012-06-21 17:29 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-21 17:29 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-06-21 17:29 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-06-21 17:29 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-06-21 17:29 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2012-06-21 17:29 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
2012-06-21 17:29 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
2012-06-21 17:29 . 2012-06-02 14:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-21 17:29 . 2012-06-02 14:1536864----a-w-c:\windows\system32\wuapp.exe
2012-06-13 10:28 . 2012-05-17 23:12927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-13 05:57 . 2012-04-26 05:4177312----a-w-c:\windows\system32\rdpwsx.dll
2012-06-12 16:32 . 2012-06-12 16:32--------d-----w-c:\users\Alex B Cranfield\AppData\Roaming\LoneSurvivor
2012-06-11 20:51 . 2012-06-12 16:16--------d-----w-c:\users\Alex B Cranfield\AppData\Roaming\Braid
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-02 15:20 . 2012-04-06 07:41426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-02 15:20 . 2011-06-29 09:2870344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-01 16:26 . 2011-09-29 19:40283304----a-w-c:\windows\SysWow64\PnkBstrB.xtr
2012-07-01 16:26 . 2011-06-29 10:25283304----a-w-c:\windows\SysWow64\PnkBstrB.exe
2012-07-01 16:26 . 2011-06-29 10:25280904----a-w-c:\windows\SysWow64\PnkBstrB.ex0
2012-06-27 05:40 . 2012-03-31 11:40955840----a-w-c:\windows\system32\npdeployJava1.dll
2012-06-27 05:40 . 2011-07-01 11:42839096----a-w-c:\windows\system32\deployJava1.dll
2012-06-20 18:21 . 2009-07-13 23:19328704----a-w-c:\windows\system32\services.exe
2012-06-01 19:26 . 2011-06-29 10:2576888----a-w-c:\windows\SysWow64\PnkBstrA.exe
2012-05-26 16:13 . 2011-07-22 18:55466456----a-w-c:\windows\system32\wrap_oal.dll
2012-05-26 16:13 . 2011-07-22 18:55444952----a-w-c:\windows\SysWow64\wrap_oal.dll
2012-05-26 16:13 . 2011-07-22 18:55122904----a-w-c:\windows\system32\OpenAL32.dll
2012-05-26 16:13 . 2011-07-22 18:55109080----a-w-c:\windows\SysWow64\OpenAL32.dll
2012-05-05 09:38 . 2012-05-05 09:38283200----a-w-c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-04 18:29 . 2011-07-31 01:42687504----a-w-c:\windows\SysWow64\deployJava1.dll
2012-04-06 05:22 . 2012-04-06 05:2211174400----a-w-c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22159744----a-w-c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-18 18:41909312----a-w-c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-09-29 01:541067520----a-w-c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16442368----a-w-c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16503808----a-w-c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16236544----a-w-c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14120320----a-w-c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:1421504----a-w-c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:1459392----a-w-c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:1443520----a-w-c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:136800896----a-w-c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:1026181632----a-w-c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2010-09-29 01:2364000----a-w-c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2010-09-29 01:377479296----a-w-c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:5019753984----a-w-c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:351120768----a-w-c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:341831424----a-w-c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:344731904----a-w-c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-18 18:436203392----a-w-c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:3051200----a-w-c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:3046080----a-w-c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:3044544----a-w-c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:3044032----a-w-c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:2916090624----a-w-c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:2513764096----a-w-c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:237431680----a-w-c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-18 18:424795904----a-w-c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11514560----a-w-c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11360448----a-w-c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:1117408----a-w-c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:1114848----a-w-c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:1114848----a-w-c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:1141984----a-w-c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:1033280----a-w-c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10343040----a-w-c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-09-29 01:1454784----a-w-c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:0941984----a-w-c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:0944544----a-w-c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2010-09-29 01:1332256----a-w-c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:0953248----a-w-c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\amdpcom32.dll
2012-04-05 21:34 . 2012-04-05 21:34187392----a-w-c:\windows\system32\clinfo.exe
2012-04-05 21:34 . 2012-04-05 21:3474752----a-w-c:\windows\system32\OpenVideo64.dll
2012-04-05 21:34 . 2012-04-05 21:3464512----a-w-c:\windows\SysWow64\OpenVideo.dll
2012-04-05 21:33 . 2012-04-05 21:3363488----a-w-c:\windows\system32\OVDecode64.dll
2012-04-05 21:33 . 2012-04-05 21:3356320----a-w-c:\windows\SysWow64\OVDecode.dll
2012-04-05 21:33 . 2012-04-05 21:3316457216----a-w-c:\windows\system32\amdocl64.dll
2012-04-05 21:32 . 2012-04-05 21:3213007872----a-w-c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="b:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="b:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-6-27 572000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 136176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-06-27 681056]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 136176]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-03 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-05 283200]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-06-27 1326176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
.
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{000784d3-969a-11e1-8214-f46d043a072e}]
\shell\AutoRun\command - F:\autorun2.exe /autorun
\shell\goodies\command - f:\goodies\ar505enu.exe
\shell\log\command - f:\goodies\machine\machine.exe -l
\shell\machine\command - f:\goodies\machine\machine.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:20]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 09:28]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 09:28]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1000Core.job
- c:\users\Alex B Cranfield\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 00:40]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1000UA.job
- c:\users\Alex B Cranfield\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 00:40]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1006Core.job
- c:\users\Work\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 14:54]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1006UA.job
- c:\users\Work\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 14:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.funmoods.com/?f=1&a=nv1
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4EF81454-B91D-4384-8F27-B9159AA268D9}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Sid Meier's Alpha Centauri - b:\program files (x86)\Firaxis Games\Sid Meier's Alpha Centauri\Uninst.isu
AddRemove-{8C3727F2-8E37-49E4-820C-03B1677F53B6} - c:\program files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3507175674-1591832934-3731166373-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ee,02,f1,16,01,ec,ec,17,81,f3,4b,16,d5,33,dd,93,52,5f,12,cd,e8,7f,d3,
7c,7a,53,c7,df,f9,21,1c,c4,59,9a,b0,0f,05,cc,5a,54,e8,97,a1,8a,20,bf,fd,66,\
"??"=hex:d5,ca,29,05,79,32,36,4d,92,58,b4,49,7f,2e,99,a3
.
[HKEY_USERS\S-1-5-21-3507175674-1591832934-3731166373-1000\Software\SecuROM\License information*]
"datasecu"=hex:cc,53,14,9a,af,b1,63,0c,21,32,ca,9d,d0,4c,c4,84,58,38,18,2d,af,
a9,2f,4a,85,db,0f,3d,b9,6a,dc,43,e5,f5,4e,e9,53,0c,58,8e,f1,6a,cb,4c,3b,1c,\
"rkeysecu"=hex:b7,22,7d,08,43,ec,15,9c,b1,60,be,d5,a9,da,71,9d
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-07-04 20:42:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 19:42
.
Pre-Run: 11,584,548,864 bytes free
Post-Run: 11,463,495,680 bytes free
.
- - End Of File - - 5F132459B3791F15646A982211381D2A
 
Looks good :)

Any current issues?

=================================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

============================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
No issues so far. Here are the logs
=============
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.01.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex B Cranfield :: AC-PC [administrator]

04/07/2012 21:11:23
mbam-log-2012-07-04 (21-11-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239147
Time elapsed: 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
=========
OTL logfile created on: 04/07/2012 21:13:47 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = G:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 6.54 Gb Available Physical Memory | 82.03% Memory free
15.95 Gb Paging File | 14.28 Gb Available in Paging File | 89.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.62 Gb Total Space | 10.75 Gb Free Space | 18.02% Space Free | Partition Type: NTFS
Drive F: | 591.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 980.72 Mb Total Space | 959.11 Mb Free Space | 97.80% Space Free | Partition Type: FAT

Computer Name: AC-PC | User Name: Alex B Cranfield | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/04 21:08:30 | 000,595,968 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2012/06/27 08:25:06 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012/06/27 08:25:04 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012/06/01 20:26:33 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/09/30 22:26:54 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010/07/23 17:46:02 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2010/07/23 14:19:26 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/08/12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/02 16:20:29 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/27 08:25:06 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/06/27 08:25:04 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/06/01 20:26:33 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/03/21 07:24:08 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/07/23 14:19:26 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/05 10:38:37 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/04/06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/12/16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011/07/06 10:30:26 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/07/06 10:30:26 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/21 07:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/02/24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=nv1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B CE B7 75 35 36 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {B2588E23-F3A0-4776-B291-FCF9977A320C}
IE - HKCU\..\SearchScopes\{B2588E23-F3A0-4776-B291-FCF9977A320C}: "URL" = http://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex B Cranfield\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex B Cranfield\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Alex B Cranfield\AppData\Roaming\IDM\idmmzcc5

[2012/04/07 00:43:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex B Cranfield\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/04/07 00:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = B:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = B:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = B:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = B:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = B:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = B:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = B:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Fast save = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfkldcdlaoihmldmhbcjdkbioaegdgh\1.1_0\
CHR - Extension: Heroes & Generals updater (live) = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdbmojodailncinonfdhpafgopelmbj\1.0.3.5_0\
CHR - Extension: FBPHOTOZOOM = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.9_0\
CHR - Extension: Gmail = C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/04 20:41:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] B:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EF81454-B91D-4384-8F27-B9159AA268D9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EF81454-B91D-4384-8F27-B9159AA268D9}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/22 00:09:24 | 000,000,337 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2002/09/10 03:18:28 | 000,049,152 | R--- | M] (Microsoft Corporation) - F:\AUTORUN2.EXE -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/04 20:42:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/04 20:41:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/04 20:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/07/04 20:37:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/04 20:37:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/04 20:37:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/04 20:35:36 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/07/02 16:18:49 | 000,000,000 | ---D | C] -- C:\Users\Alex B Cranfield\AppData\Local\Secunia PSI
[2012/07/02 16:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012/07/02 15:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/07/01 22:18:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/01 22:18:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/01 22:12:07 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/01 20:53:20 | 000,000,000 | ---D | C] -- C:\Users\Alex B Cranfield\AppData\Roaming\.techniclauncher
[2012/06/27 06:45:17 | 000,000,000 | R--D | C] -- C:\Users\Alex B Cranfield\Desktop\Split-Screen Minecraft
[2012/06/27 06:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/27 06:27:52 | 000,000,000 | ---D | C] -- C:\Users\Alex B Cranfield\AppData\Roaming\.minecraft
[2012/06/26 19:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/25 19:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/17 20:15:32 | 000,000,000 | ---D | C] -- C:\Users\Alex B Cranfield\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Carmageddon EFLC 2.0.1.1
[2012/06/17 10:10:27 | 000,000,000 | ---D | C] -- B:\Alex B Cranfield\Documents\Criterion Games
[2012/06/12 17:32:20 | 000,000,000 | ---D | C] -- C:\Users\Alex B Cranfield\AppData\Roaming\LoneSurvivor
[2012/06/11 21:51:54 | 000,000,000 | ---D | C] -- C:\Users\Alex B Cranfield\AppData\Roaming\Braid
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/04 21:13:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/04 21:12:24 | 000,800,138 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/04 21:12:24 | 000,678,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/04 21:12:24 | 000,131,204 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/04 21:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/04 20:55:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1000UA.job
[2012/07/04 20:53:05 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 20:53:05 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 20:46:18 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/04 20:46:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/04 20:45:59 | 2129,256,447 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/04 20:41:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/04 20:32:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1006UA.job
[2012/07/04 06:32:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1006Core.job
[2012/07/03 16:49:38 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3507175674-1591832934-3731166373-1000Core.job
[2012/07/02 16:18:42 | 000,001,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/07/01 20:46:16 | 000,007,609 | ---- | M] () -- C:\Users\Alex B Cranfield\AppData\Local\resmon.resmoncfg
[2012/07/01 17:26:36 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/07/01 17:26:36 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/01 17:26:10 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/06/29 22:56:20 | 000,002,453 | ---- | M] () -- C:\Users\Alex B Cranfield\Desktop\Google Chrome.lnk
[2012/06/17 20:15:32 | 000,001,189 | ---- | M] () -- C:\Users\Alex B Cranfield\Desktop\CM Switcher EFLC.lnk
[2012/06/13 11:15:24 | 000,423,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/06 00:48:55 | 000,001,769 | ---- | M] () -- C:\Users\Alex B Cranfield\Desktop\Skyrim.lnk
[2012/06/06 00:48:46 | 000,001,341 | ---- | M] () -- C:\Users\Alex B Cranfield\Desktop\Skyrim.exe - Shortcut.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/04 20:37:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/04 20:37:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/04 20:37:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/04 20:37:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/04 20:37:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/02 16:18:42 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/07/02 16:18:42 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/06/17 20:15:32 | 000,001,189 | ---- | C] () -- C:\Users\Alex B Cranfield\Desktop\CM Switcher EFLC.lnk
[2012/06/06 00:48:55 | 000,001,769 | ---- | C] () -- C:\Users\Alex B Cranfield\Desktop\Skyrim.lnk
[2012/06/06 00:48:46 | 000,001,341 | ---- | C] () -- C:\Users\Alex B Cranfield\Desktop\Skyrim.exe - Shortcut.lnk
[2012/05/17 23:59:21 | 000,007,609 | ---- | C] () -- C:\Users\Alex B Cranfield\AppData\Local\resmon.resmoncfg
[2012/05/17 23:58:01 | 000,906,006 | ---- | C] () -- C:\Users\Alex B Cranfield\AppData\Local\census.cache
[2012/05/17 23:57:54 | 000,128,152 | ---- | C] () -- C:\Users\Alex B Cranfield\AppData\Local\ars.cache
[2012/05/17 23:51:58 | 000,000,036 | ---- | C] () -- C:\Users\Alex B Cranfield\AppData\Local\housecall.guid.cache
[2012/05/12 10:51:51 | 000,000,528 | ---- | C] () -- C:\Windows\eReg.dat
[2012/04/19 11:37:56 | 000,000,295 | ---- | C] () -- C:\Windows\EReg072.dat
[2012/04/18 19:42:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/18 19:41:00 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/29 17:44:07 | 000,001,235 | ---- | C] () -- C:\Users\Alex B Cranfield\AppData\Roaming\SAS7_000.DAT
[2011/12/24 20:47:30 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/10/30 21:25:16 | 000,003,584 | ---- | C] () -- C:\Users\Alex B Cranfield\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/30 13:51:26 | 000,080,593 | ---- | C] () -- C:\Users\Alex B Cranfield\bad trip.jpg
[2011/10/19 12:14:37 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/26 23:14:11 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2011/06/29 19:25:31 | 000,000,104 | ---- | C] () -- C:\Users\Alex B Cranfield\AppData\Local\fusioncache.dat
[2011/06/29 11:25:25 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/06/29 11:25:24 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/06/29 11:25:23 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/06/29 10:29:44 | 000,785,606 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/29 08:25:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/06/29 08:25:48 | 000,028,905 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/06/29 00:04:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2012/06/27 06:29:44 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\.minecraft
[2012/07/01 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\.techniclauncher
[2012/05/25 20:32:05 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Activision
[2011/07/06 17:56:52 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\AtomZombieData
[2011/12/24 22:01:21 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/02/03 20:25:56 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\BigHugeEngine
[2011/10/09 19:23:36 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Blender Foundation
[2012/06/12 17:16:14 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Braid
[2011/12/24 20:47:30 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Broken Rules
[2012/03/09 17:57:12 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Cobra Mobile
[2012/04/23 16:34:08 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Crayon Physics Deluxe
[2012/07/01 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\DAEMON Tools Lite
[2012/01/02 19:40:00 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\DMCache
[2011/12/20 13:17:12 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\fltk.org
[2011/07/04 19:24:16 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\FUEL
[2011/10/30 22:39:52 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Graphisoft
[2012/06/12 17:32:20 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\LoneSurvivor
[2011/12/29 21:32:39 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\MinMaxGames
[2012/05/25 20:11:01 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\MoreTerra
[2011/08/26 23:20:06 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\MotioninJoy
[2012/04/23 11:08:26 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Mount&Blade Warband
[2012/04/26 19:01:00 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Mount&Blade With Fire and Sword
[2011/12/29 17:18:49 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Nuance
[2011/10/28 10:06:27 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Origin
[2012/05/28 06:35:36 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\ProtectDISC
[2011/12/16 10:01:02 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\PunkBuster
[2012/05/22 06:55:56 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Spirited Machine
[2011/06/29 19:20:44 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Stardock
[2011/12/11 18:18:05 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Stylus Studio
[2011/12/30 22:36:16 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\System
[2011/09/25 15:40:31 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\SystemRequirementsLab
[2011/07/06 11:39:08 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\The Creative Assembly
[2012/06/24 18:28:38 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\TS3Client
[2011/12/01 19:44:24 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Ubisoft
[2012/07/01 12:39:28 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\uTorrent
[2012/05/26 17:16:01 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\Wroom
[2011/12/30 22:37:45 | 000,000,000 | -HSD | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\wyUpdate AU
[2011/09/23 06:21:59 | 000,000,000 | ---D | M] -- C:\Users\Alex B Cranfield\AppData\Roaming\XRay Engine
[2012/03/13 07:20:36 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8
< End of report >
 
Also this log:

OTL Extras logfile created on: 04/07/2012 21:13:47 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = G:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 6.54 Gb Available Physical Memory | 82.03% Memory free
15.95 Gb Paging File | 14.28 Gb Available in Paging File | 89.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.62 Gb Total Space | 10.75 Gb Free Space | 18.02% Space Free | Partition Type: NTFS
Drive F: | 591.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 980.72 Mb Total Space | 959.11 Mb Free Space | 97.80% Space Free | Partition Type: FAT

Computer Name: AC-PC | User Name: Alex B Cranfield | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{391ED0B2-B886-A6D0-B1A6-C25A7FE5B452}" = ATI AVIVO64 Codecs
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F8A27CA-6788-7965-3259-5C3B9C37FCD8}" = ATI Problem Report Wizard
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Microsoft Security Client" = Microsoft Security Essentials
"PROSetDX" = Intel(R) Network Connections 15.6.25.0
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A49BF17-D3D0-49F1-B17E-ACAE15F94CE2}}_is1" = New Star Soccer 5 v1.07
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = The Saboteur™
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{93DF9F1F-17EB-82C0-F82B-9ABC230D6DE5}" = Application Profiles
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C4AB18B3-CA6C-1A25-4766-E2CE3F706B3C}" = BBC iPlayer Desktop
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse®
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Bid-O-Matic v2.14.8" = Bid-O-Matic v2.14.8
"Call of Pripyat Complete_is1" = Call of Pripyat Complete v1.0.2
"Carmageddon EFLC 2.0.1.1" = Carmageddon EFLC 2.0.1.1
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"Fallout New Vegas_is1" = Fallout New Vegas
"Frozen Synapse_is1" = Frozen Synapse
"GameSpy Arcade" = GameSpy Arcade
"Impulse®" = Impulse®
"Jagged Alliance 2 Gold_is1" = Jagged Alliance 2 Gold
"Jagged Alliance 2_is1" = Jagged Alliance 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MechWarrior Mercenaries" = MechWarrior 4 Mercenaries
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Origin" = Origin
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky
"Secunia PSI" = Secunia PSI (3.0.0.2004)
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"Steam App 102600" = Orcs Must Die!
"Steam App 10500" = Empire: Total War
"Steam App 105600" = Terraria
"Steam App 107100" = Bastion
"Steam App 107200" = Space Pirates and Zombies
"Steam App 115200" = Cossacks II: Napoleonic Wars
"Steam App 115210" = American Conquest
"Steam App 115220" = American Conquest - Fight Back
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 1250" = Killing Floor
"Steam App 12750" = GRID
"Steam App 12800" = FUEL
"Steam App 12900" = Audiosurf
"Steam App 1500" = Darwinia
"Steam App 1520" = DEFCON
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 200900" = Cave Story+
"Steam App 201310" = X3: Albion Prelude
"Steam App 202480" = Creation Kit
"Steam App 202920" = Total War: Shogun 2 - TEd
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 208140" = Endless Space
"Steam App 209830" = Lone Survivor
"Steam App 2100" = Dark Messiah Might and Magic Single Player
"Steam App 21800" = Tom Clancy's EndWar
"Steam App 22100" = Mount & Blade
"Steam App 26800" = Braid
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 2820" = X3: Terran Conflict
"Steam App 300" = Day of Defeat: Source
"Steam App 33460" = From Dust
"Steam App 34030" = Napoleon: Total War
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 37030" = UFO: Extraterrestrials Gold
"Steam App 3720" = Evil Genius
"Steam App 3830" = Psychonauts
"Steam App 38740" = EDGE
"Steam App 400" = Portal
"Steam App 40800" = Super Meat Boy
"Steam App 40950" = Stronghold
"Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
"Steam App 41800" = Gratuitous Space Battles
"Steam App 42990" = Sword of the Stars II
"Steam App 45300" = Wings of Prey
"Steam App 4560" = Company of Heroes
"Steam App 4700" = Medieval II: Total War
"Steam App 47400" = Stronghold 3
"Steam App 4760" = Rome: Total War Gold Edition
"Steam App 4770" = Rome: Total War - Alexander
"Steam App 4780" = Medieval II: Total War Kingdoms
"Steam App 48000" = LIMBO
"Steam App 4850" = Cossacks: Back to War
"Steam App 4870" = Cossacks: Art of War
"Steam App 48700" = Mount & Blade: Warband
"Steam App 48720" = Mount & Blade: With Fire and Sword
"Steam App 4880" = Cossacks: European Wars
"Steam App 4890" = Cossacks II: Battle for Europe
"Steam App 550" = Left 4 Dead 2
"Steam App 55040" = Atom Zombie Smasher
"Steam App 55100" = HOMEFRONT
"Steam App 55230" = Saints Row: The Third
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 58610" = Wargame: European Escalation
"Steam App 6120" = Shank
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 6860" = Hitman: Blood Money
"Steam App 72200" = Universe Sandbox
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7600" = Sid Meier's Railroads!
"Steam App 8190" = Just Cause 2
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91310" = Dead Island
"Steam App 9200" = RAGE
"Steam App 94200" = Jamestown
"Steam App 97000" = Solar 2
"Sword of the Stars" = Sword of the Stars
"Sword of the Stars Tutorial Videos" = SotS Tutorial Videos
"The Witcher 2 Enhanced Edition_is1" = The Witcher 2 Enhanced Edition version 3.0
"Tunatic" = Tunatic
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17/06/2012 17:00:01 | Computer Name = AC-PC | Source = Windows Backup | ID = 4103
Description =

Error - 22/06/2012 16:54:36 | Computer Name = AC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ja2.exe, version: 1.0.0.1, time stamp:
0x4efad373 Faulting module name: ja2.exe, version: 1.0.0.1, time stamp: 0x4efad373
Exception
code: 0xc0000005 Fault offset: 0x003d21a7 Faulting process id: 0x908 Faulting application
start time: 0x01cd50b923a7c5cd Faulting application path: B:\Program Files (x86)\Strategy
First\Jagged Alliance 2\ja2.exe Faulting module path: B:\Program Files (x86)\Strategy
First\Jagged Alliance 2\ja2.exe Report Id: 79935ea3-bcac-11e1-b747-f46d043a072e

Error - 23/06/2012 06:32:21 | Computer Name = AC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmplayer.exe, version: 12.0.7601.17514,
time stamp: 0x4ce7a485 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x7d3966ff Faulting process id:
0x16c0 Faulting application start time: 0x01cd5126ed986cf1 Faulting application path:
C:\Program Files (x86)\Windows Media Player\wmplayer.exe Faulting module path: unknown
Report
Id: b68331b4-bd1e-11e1-b747-f46d043a072e

Error - 23/06/2012 09:20:27 | Computer Name = AC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmplayer.exe, version: 12.0.7601.17514,
time stamp: 0x4ce7a485 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x1d8815ff Faulting process id:
0x11b4 Faulting application start time: 0x01cd512b7afa1b6f Faulting application path:
C:\Program Files (x86)\Windows Media Player\wmplayer.exe Faulting module path: unknown
Report
Id: 323b592c-bd36-11e1-b747-f46d043a072e

Error - 24/06/2012 17:00:01 | Computer Name = AC-PC | Source = Windows Backup | ID = 4103
Description =

Error - 25/06/2012 12:06:18 | Computer Name = AC-PC | Source = Application Hang | ID = 1002
Description = The program java.exe version 6.0.310.5 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: ff8 Start Time:
01cd52ec5b544f2d Termination Time: 9 Application Path: C:\Program Files (x86)\Java\jre6\bin\java.exe

Report
Id: b1311e74-bedf-11e1-8279-f46d043a072e

Error - 26/06/2012 14:35:06 | Computer Name = AC-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 19.0.1084.56 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1328 Start
Time: 01cd535d7679b5db Termination Time: 0 Application Path: C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id:

Error - 29/06/2012 12:17:01 | Computer Name = AC-PC | Source = Application Hang | ID = 1002
Description = The program java.exe version 7.0.50.5 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 98c8 Start Time:
01cd560b22a82b37 Termination Time: 336 Application Path: C:\Program Files\Java\jre7\bin\java.exe

Report
Id: da06f254-c205-11e1-8279-f46d043a072e

Error - 01/07/2012 12:19:29 | Computer Name = AC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 20.0.1132.47, time
stamp: 0x4fec0d4d Faulting module name: npesnlaunch.dll, version: 1.122.0.0, time
stamp: 0x4facdbb2 Exception code: 0xc0000005 Fault offset: 0x00006d0e Faulting process
id: 0x520 Faulting application start time: 0x01cd57a4fcbc23f6 Faulting application
path: C:\Users\Alex B Cranfield\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
Report
Id: 87ff7ad2-c398-11e1-b741-f46d043a072e

Error - 01/07/2012 17:08:45 | Computer Name = AC-PC | Source = System Restore | ID = 8193
Description =

Error - 01/07/2012 17:20:42 | Computer Name = AC-PC | Source = Windows Backup | ID = 4103
Description =

[ Media Center Events ]
Error - 08/10/2011 22:22:37 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
Description = 03:22:37 - Error connecting to the internet. 03:22:37 - Unable
to contact server..

Error - 08/10/2011 22:22:45 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
Description = 03:22:44 - Error connecting to the internet. 03:22:44 - Unable
to contact server..

Error - 22/10/2011 22:57:44 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
Description = 03:57:44 - Failed to retrieve Directory (Error: The remote name could
not be resolved: 'data.tvdownload.microsoft.com')

Error - 25/10/2011 22:59:58 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
Description = 03:59:57 - Error connecting to the internet. 03:59:57 - Unable
to contact server..

Error - 27/11/2011 22:32:11 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
Description = 02:32:11 - Failed to retrieve Directory (Error: The remote name could
not be resolved: 'data.tvdownload.microsoft.com')

Error - 20/12/2011 22:29:40 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
Description = 02:29:40 - Error connecting to the internet. 02:29:40 - Unable
to contact server..

Error - 20/12/2011 22:29:50 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
Description = 02:29:47 - Error connecting to the internet. 02:29:47 - Unable
to contact server..

Error - 20/12/2011 23:31:19 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
Description = 03:31:10 - Failed to retrieve MCEClientUX (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 21/12/2011 00:31:35 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
Description = 04:31:34 - Error connecting to the internet. 04:31:34 - Unable
to contact server..

Error - 21/12/2011 01:31:46 | Computer Name = AC-PC | Source = MCUpdate | ID = 0
Description = 05:31:45 - Error connecting to the internet. 05:31:45 - Unable
to contact server..

[ System Events ]
Error - 04/07/2012 15:09:19 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 04/07/2012 15:20:35 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 04/07/2012 15:20:51 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 04/07/2012 15:20:51 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 04/07/2012 15:35:47 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 04/07/2012 15:35:47 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 04/07/2012 15:39:10 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 04/07/2012 15:40:09 | Computer Name = AC-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 04/07/2012 15:40:27 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 04/07/2012 15:41:08 | Computer Name = AC-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Well, I'm not sure. I've run the recommended tests but it can't finish the ESET. First it froze at about 30%, so restarted with the on-off switch. Next it arrived at 99% complete but continued scanning for so long that I went to bed. This morning BSOD - I've recorded the error codes if required. I've restarted and the ESET scan is running now.

Another note, I've been using Chrome browser, so I decided to try IE which we rarely use. I find it has an unremovable FunMoods BHO as the default search. This was an issue last year which I thought had been resolved.

I'll be back with the ESET results after I give it another chance.

===============
Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Secunia PSI (3.0.0.2004)
JavaFX 2.1.1
Java(TM) 7 Update 5
Out of date Java installed!
Adobe Flash Player11.3.300.262
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````
Farbar Service Scanner Version: 02-07-2012
Ran by Alex B Cranfield (administrator) on 04-07-2012 at 21:54:12
Running from "G:\"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
 
Let's see if we can get rid of of FunMoods.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=nv1
IE - HKCU\..\SearchScopes\{B2588E23-F3A0-4776-B291-FCF9977A320C}: "URL" = http://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms}

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
Thanks for that. It seems to have zapped Funmood. I've set it to work with the ESET scan again as I need to go to bed. Thanks for all your help.
 
Well, the scan had crashed into a black screen by this morning. One thing I didn't mention is that the Windows Firewall is resurrected and I've uninstalled the Comodo Firewall.
 
Instead of Eset...

Please, run F-Secure Online Scanner

  • Disable your Antivirus program.
  • Checkmark I have read and accepted the license terms.
  • Click on Run Check button.
  • Quick scan (recommended) option will come pre-checked. Don't change it.
  • Click on Start button.
  • When scan is done, in Step 3: Clean the files, leave all settings as they're.
  • Click Next button.
  • Click Full report... button.
  • Copy report's content and paste it into your next reply.
 
Hello,
Here is the F-Secure Online Scanner. Looks good -- only tracking cookies. I also ran the F-secure Easy Clean and it reported clean as well. Perhaps the machine is cleaned and crashes have another cause?

Regards
Larry

[FONT=verdana][FONT=Arial]Scanning Report[/FONT][/FONT]

[FONT=verdana][FONT=Arial]Saturday, July 7, 2012 05:56:17 - 06:23:58[/FONT][/FONT]

[FONT=verdana]Computer name: AC-PC
Scanning type: Quick scan
Target: System[/FONT]
[FONT=verdana][/FONT]
[FONT=verdana][FONT=Arial]20 malware found[/FONT][/FONT]

[FONT=verdana]TrackingCookie.Questionmarket[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.2o7[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Advertising[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Atdmt[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Adtech[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Adform[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Doubleclick[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Revsci[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.WebTrendsLive [/FONT][FONT=verdana](spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Zanox[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Fastclick[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Mookie[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Adbrite[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Xiti[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Webtrends[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Mediaplex[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Tradedoubler[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Statcounter[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Atwola[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]TrackingCookie.Yieldmanager[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana][/FONT]
[FONT=verdana][FONT=Arial]Statistics[/FONT][/FONT]

[FONT=verdana]Scanned:[/FONT]
  • Files: 5816
  • System: 5816
  • Not scanned: 0
[FONT=verdana]Actions:[/FONT]
  • Disinfected: 20
  • Renamed: 0
  • Deleted: 0
  • Not cleaned: 0
  • Submitted: 0
[FONT=verdana][/FONT]
[FONT=verdana][FONT=Arial]Options[/FONT][/FONT]

[FONT=verdana]Scanning engines:[/FONT]
[FONT=verdana][/FONT]
Copyright © 1998-2009 Product support | Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
 
Uninstall JavaFX 2.1.1.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
This is incorrect log.
You clicked on "Scan" button instead of "Fix" button.
Redo.
 
Yes, Here it is
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex B Cranfield
->Temp folder emptied: 4430010 bytes
->Temporary Internet Files folder emptied: 9418118 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 175282421 bytes
->Flash cache emptied: 5351 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Work
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31688 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1363999061 bytes

Total Files Cleaned = 1,481.00 mb


[EMPTYFLASH]

User: Alex B Cranfield
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Work
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Alex B Cranfield
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

User: Work
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07082012_190328

Files\Folders moved on Reboot...
C:\Users\Alex B Cranfield\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Alex B Cranfield\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{14E0690C-9349-41D1-925D-FEC1AB495594}.tmp not found!
File\Folder C:\Users\Alex B Cranfield\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C19B2548-6DEC-4298-8ACD-65D0717E39E3}.tmp not found!

PendingFileRenameOperations files...
File C:\Users\Alex B Cranfield\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Alex B Cranfield\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{14E0690C-9349-41D1-925D-FEC1AB495594}.tmp not found!
File C:\Users\Alex B Cranfield\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C19B2548-6DEC-4298-8ACD-65D0717E39E3}.tmp not found!

Registry entries deleted on Reboot...
 
It is crashing every hour or two.

Here is a log on that:

Problem signature:
Problem Event Name:BlueScreen
OS Version:6.1.7601.2.1.0.256.48
Locale ID:2057

Additional information about the problem:
BCCode:1000007e
BCP1:FFFFFFFF80000003
BCP2:FFFFF800030D2FD0
BCP3:FFFFF88003362298
BCP4:FFFFF88003361AF0
OS Version:6_1_7601
Service Pack:1_0
Product:256_1

Files that help describe the problem:
C:\Windows\Minidump\070812-11715-01.dmp
C:\Users\Alex B Cranfield\AppData\Local\Temp\WER-21418-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
 
Download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
 
Yes. There are only two .dmp logs in the /minidump folder despite many more crashes.
There one from yesterday and one today. Here is the latest. The first two line weres highlighted as the offenders. I renamed MijXfilt.sys to MijXfilt.bk and rebooted but the crashes continue. MijXfilt.sys is a game controller driver which is not being used at this time.
==============

070812-11715-01.dmp08/07/2012 10:42:13SYSTEM_THREAD_EXCEPTION_NOT_HANDLED0x1000007effffffff`80000003fffff800`030d2fd0fffff880`03362298fffff880`03361af0Wdf01000.sysWdf01000.sys+1e289x64ntoskrnl.exe+76fd0C:\Windows\Minidump\070812-11715-01.dmp8157601276,928
-------------------

MijXfilt.sysMijXfilt.sys+2689fffff880`011c2000fffff880`011de0000x0001c0000x4d1d8c1e31/12/2010 08:54:06
Wdf01000.sysWdf01000.sys+1e289fffff880`00e97000fffff880`00f3b0000x000a40000x4a5bc19f14/07/2009 00:22:07
ntoskrnl.exefffff800`0305c000fffff800`036440000x005e80000x4fa390f304/05/2012 09:18:59Microsoft® Windows® Operating SystemNT Kernel & System6.1.7601.17835 (win7sp1_gdr.120503-2030)Microsoft CorporationC:\Windows\system32\ntoskrnl.exe
hal.dllfffff800`03013000fffff800`0305c0000x000490000x4ce7c66920/11/2010 14:00:25
kdcom.dllfffff800`00bd1000fffff800`00bdb0000x0000a0000x4d4d806105/02/2011 17:52:49
mcupdate_GenuineIntel.dllfffff880`00cd2000fffff880`00d210000x0004f0000x4ce7c73720/11/2010 14:03:51
PSHED.dllfffff880`00d21000fffff880`00d350000x000140000x4a5be02714/07/2009 02:32:23Microsoft® Windows® Operating SystemPlatform Specific Hardware Error Driver6.1.7600.16385 (win7_rtm.090713-1255)Microsoft CorporationC:\Windows\system32\PSHED.dll
CLFS.SYSfffff880`00d35000fffff880`00d930000x0005e0000x4a5bc11d14/07/2009 00:19:57
CI.dllfffff880`00c00000fffff880`00cc00000x000c00000x4ce7c94420/11/2010 14:12:36
WDFLDR.SYSfffff880`00f3b000fffff880`00f4a0000x0000f0000x4a5bc11a14/07/2009 00:19:54
ACPI.sysfffff880`00f4a000fffff880`00fa10000x000570000x4ce7929420/11/2010 10:19:16
WMILIB.SYSfffff880`00fa1000fffff880`00faa0000x000090000x4a5bc11714/07/2009 00:19:51
msisadrv.sysfffff880`00faa000fffff880`00fb40000x0000a0000x4a5bc0fe14/07/2009 00:19:26
pci.sysfffff880`00fb4000fffff880`00fe70000x000330000x4ce7928f20/11/2010 10:19:11
vdrvroot.sysfffff880`00fe7000fffff880`00ff40000x0000d0000x4a5bcadb14/07/2009 01:01:31
partmgr.sysfffff880`00e00000fffff880`00e150000x000150000x4f641bc117/03/2012 06:06:09
volmgr.sysfffff880`00e15000fffff880`00e2a0000x000150000x4ce792a020/11/2010 10:19:28
volmgrx.sysfffff880`00e2a000fffff880`00e860000x0005c0000x4ce792eb20/11/2010 10:20:43
pciide.sysfffff880`00e86000fffff880`00e8d0000x000070000x4a5bc11514/07/2009 00:19:49
PCIIDEX.SYSfffff880`00cc0000fffff880`00cd00000x000100000x4a5bc11414/07/2009 00:19:48
mountmgr.sysfffff880`00d93000fffff880`00dad0000x0001a0000x4ce7929920/11/2010 10:19:21
vmbus.sysfffff880`00dad000fffff880`00de90000x0003c0000x4ce79b8920/11/2010 10:57:29
winhv.sysfffff880`00de9000fffff880`00dfd0000x000140000x4ce792c220/11/2010 10:20:02
atapi.sysfffff880`00e8d000fffff880`00e960000x000090000x4a5bc11314/07/2009 00:19:47
ataport.SYSfffff880`0108f000fffff880`010b90000x0002a0000x4ce7929320/11/2010 10:19:15
msahci.sysfffff880`010b9000fffff880`010c40000x0000b0000x4ce7a41620/11/2010 11:33:58
amdxata.sysfffff880`010c4000fffff880`010cf0000x0000b0000x4ba3a3ca19/03/2010 17:18:18
fltmgr.sysfffff880`010cf000fffff880`0111b0000x0004c0000x4ce7929c20/11/2010 10:19:24
fileinfo.sysfffff880`0111b000fffff880`0112f0000x000140000x4a5bc48114/07/2009 00:34:25
MpFilter.sysfffff880`0112f000fffff880`011640000x000350000x4f59e3f609/03/2012 12:05:26
Ntfs.sysfffff880`0125d000fffff880`014000000x001a30000x4d79997b11/03/2011 04:39:39
msrpc.sysfffff880`01164000fffff880`011c20000x0005e0000x4ce7933420/11/2010 10:21:56
ksecdd.sysfffff880`01200000fffff880`0121b0000x0001b0000x4ec483fd17/11/2011 04:48:13
cng.sysfffff880`01000000fffff880`010720000x000720000x4ec48c3517/11/2011 05:23:17
pcw.sysfffff880`0121b000fffff880`0122c0000x000110000x4a5bc0ff14/07/2009 00:19:27
Fs_Rec.sysfffff880`0122c000fffff880`012360000x0000a0000x4f4eefd201/03/2012 04:41:06
ndis.sysfffff880`0142b000fffff880`0151e0000x000f30000x4ce7939220/11/2010 10:23:30
NETIO.SYSfffff880`0151e000fffff880`0157e0000x000600000x4ce7938120/11/2010 10:23:13
ksecpkg.sysfffff880`0157e000fffff880`015a90000x0002b0000x4ec48c5017/11/2011 05:23:44
tcpip.sysfffff880`0169c000fffff880`0189f0000x002030000x4f75701230/03/2012 09:34:26
fwpkclnt.sysfffff880`0189f000fffff880`018e90000x0004a0000x4ce7932120/11/2010 10:21:37
vmstorfl.sysfffff880`018e9000fffff880`018f90000x000100000x4ce79b8a20/11/2010 10:57:30
volsnap.sysfffff880`018f9000fffff880`019450000x0004c0000x4ce792c820/11/2010 10:20:08
spldr.sysfffff880`01945000fffff880`0194d0000x000080000x4a0858bb11/05/2009 17:56:27
rdyboost.sysfffff880`0194d000fffff880`019870000x0003a0000x4ce7982e20/11/2010 10:43:10
mup.sysfffff880`01987000fffff880`019990000x000120000x4a5bc20114/07/2009 00:23:45
hwpolicy.sysfffff880`01999000fffff880`019a20000x000090000x4ce7927e20/11/2010 10:18:54
fvevol.sysfffff880`019a2000fffff880`019dc0000x0003a0000x4ce793b620/11/2010 10:24:06
disk.sysfffff880`019dc000fffff880`019f20000x000160000x4a5bc11d14/07/2009 00:19:57
CLASSPNP.SYSfffff880`01600000fffff880`016300000x000300000x4ce7929b20/11/2010 10:19:23
cdrom.sysfffff880`01668000fffff880`016920000x0002a0000x4ce7929820/11/2010 10:19:20
Null.SYSfffff880`01692000fffff880`0169b0000x000090000x4a5bc10914/07/2009 00:19:37
Beep.SYSfffff880`019f2000fffff880`019f90000x000070000x4a5bca8d14/07/2009 01:00:13
vga.sysfffff880`015a9000fffff880`015b70000x0000e0000x4a5bc58714/07/2009 00:38:47
VIDEOPRT.SYSfffff880`015b7000fffff880`015dc0000x000250000x4a5bc58b14/07/2009 00:38:51
watchdog.sysfffff880`015dc000fffff880`015ec0000x000100000x4a5bc53f14/07/2009 00:37:35
RDPCDD.sysfffff880`015ec000fffff880`015f50000x000090000x4a5bce6214/07/2009 01:16:34
rdpencdd.sysfffff880`015f5000fffff880`015fe0000x000090000x4a5bce6214/07/2009 01:16:34
rdprefmp.sysfffff880`01400000fffff880`014090000x000090000x4a5bce6314/07/2009 01:16:35
Msfs.SYSfffff880`01409000fffff880`014140000x0000b0000x4a5bc11314/07/2009 00:19:47
Npfs.SYSfffff880`01414000fffff880`014250000x000110000x4a5bc11414/07/2009 00:19:48
tdx.sysfffff880`01236000fffff880`012580000x000220000x4ce7933220/11/2010 10:21:54
TDI.SYSfffff880`01072000fffff880`0107f0000x0000d0000x4ce7933e20/11/2010 10:22:06
afd.sysfffff880`04019000fffff880`040a20000x000890000x4efa941828/12/2011 04:59:20
netbt.sysfffff880`040a2000fffff880`040e70000x000450000x4ce7938620/11/2010 10:23:18
ws2ifsl.sysfffff880`040e7000fffff880`040f20000x0000b0000x4a5bccf914/07/2009 01:10:33
wfplwf.sysfffff880`040f2000fffff880`040fb0000x000090000x4a5bccb614/07/2009 01:09:26
pacer.sysfffff880`040fb000fffff880`041210000x000260000x4ce7a86220/11/2010 11:52:18
netbios.sysfffff880`04121000fffff880`041300000x0000f0000x4a5bccb614/07/2009 01:09:26
serial.sysfffff880`04130000fffff880`0414d0000x0001d0000x4a5bcaa814/07/2009 01:00:40
wanarp.sysfffff880`0414d000fffff880`041680000x0001b0000x4ce7a87420/11/2010 11:52:36
termdd.sysfffff880`04168000fffff880`0417c0000x000140000x4ce7ab0c20/11/2010 12:03:40
rdbss.sysfffff880`0417c000fffff880`041cd0000x000510000x4ce7949720/11/2010 10:27:51
nsiproxy.sysfffff880`041cd000fffff880`041d90000x0000c0000x4a5bc15e14/07/2009 00:21:02
mssmbios.sysfffff880`041d9000fffff880`041e40000x0000b0000x4a5bc3be14/07/2009 00:31:10
discache.sysfffff880`041e4000fffff880`041f30000x0000f0000x4a5bc52e14/07/2009 00:37:18
csc.sysfffff880`02cd6000fffff880`02d590000x000830000x4ce7947020/11/2010 10:27:12
dfsc.sysfffff880`02d59000fffff880`02d770000x0001e0000x4ce7944720/11/2010 10:26:31
blbdrive.sysfffff880`02d77000fffff880`02d880000x000110000x4a5bc4df14/07/2009 00:35:59
tunnel.sysfffff880`02d88000fffff880`02dae0000x000260000x4ce7a84620/11/2010 11:51:50
atikmpag.sysfffff880`02c00000fffff880`02c5a0000x0005a0000x4f7e429406/04/2012 02:10:44
atikmdag.sysfffff880`04820000fffff880`0531a0000x00afa0000x4f7e4b6906/04/2012 02:48:25
dxgkrnl.sysfffff880`044e9000fffff880`045dd0000x000f40000x4ce799fa20/11/2010 10:50:50
dxgmms1.sysfffff880`04400000fffff880`044460000x000460000x4ce799c120/11/2010 10:49:53
HDAudBus.sysfffff880`04446000fffff880`0446a0000x000240000x4ce7a65e20/11/2010 11:43:42
HECIx64.sysfffff880`0446a000fffff880`0447b0000x000110000x4cbe2ad720/10/2010 00:33:43
e1c62x64.sysfffff880`0447b000fffff880`044ca0000x0004f0000x4c9924d721/09/2010 22:34:15
usbehci.sysfffff880`044ca000fffff880`044db0000x000110000x4d8c0c0025/03/2011 04:29:04
USBPORT.SYSfffff880`0531a000fffff880`053700000x000560000x4d8c0c0825/03/2011 04:29:12
1394ohci.sysfffff880`05370000fffff880`053ae0000x0003e0000x4ce7a6a820/11/2010 11:44:56
serenum.sysfffff880`044db000fffff880`044e70000x0000c0000x4a5bcaa114/07/2009 01:00:33
wmiacpi.sysfffff880`045dd000fffff880`045e60000x000090000x4a5bc3b614/07/2009 00:31:02
intelppm.sysfffff880`045e6000fffff880`045fc0000x000160000x4a5bc0fd14/07/2009 00:19:25
CompositeBus.sysfffff880`053ae000fffff880`053be0000x000100000x4ce7a3ed20/11/2010 11:33:17
AgileVpn.sysfffff880`053be000fffff880`053d40000x000160000x4a5bccf014/07/2009 01:10:24
rasl2tp.sysfffff880`053d4000fffff880`053f80000x000240000x4ce7a87220/11/2010 11:52:34
ndistapi.sysfffff880`04800000fffff880`0480c0000x0000c0000x4a5bccd814/07/2009 01:10:00
ndiswan.sysfffff880`02c5a000fffff880`02c890000x0002f0000x4ce7a87020/11/2010 11:52:32
raspppoe.sysfffff880`02c89000fffff880`02ca40000x0001b0000x4a5bcce914/07/2009 01:10:17
raspptp.sysfffff880`02ca4000fffff880`02cc50000x000210000x4ce7a86f20/11/2010 11:52:31
rassstp.sysfffff880`02dae000fffff880`02dc80000x0001a0000x4a5bccf114/07/2009 01:10:25
rdpbus.sysfffff880`0480c000fffff880`048170000x0000b0000x4a5bceaa14/07/2009 01:17:46
kbdclass.sysfffff880`02dc8000fffff880`02dd70000x0000f0000x4a5bc11614/07/2009 00:19:50
mouclass.sysfffff880`02dd7000fffff880`02de60000x0000f0000x4a5bc11614/07/2009 00:19:50
swenum.sysfffff880`045fc000fffff880`045fd4800x000014800x4a5bca9214/07/2009 01:00:18
ks.sysfffff880`05ae8000fffff880`05b2b0000x000430000x4ce7a3f320/11/2010 11:33:23
umbus.sysfffff880`05b2b000fffff880`05b3d0000x000120000x4ce7a69520/11/2010 11:44:37
usbhub.sysfffff880`05b3d000fffff880`05b970000x0005a0000x4d8c0c1525/03/2011 04:29:25
NDProxy.SYSfffff880`05b97000fffff880`05bac0000x000150000x4ce7a86420/11/2010 11:52:20
AtihdW76.sysfffff880`05bac000fffff880`05bc70000x0001b0000x4f46315423/02/2012 13:30:12
portcls.sysfffff880`05a00000fffff880`05a3d0000x0003d0000x4a5bcc0314/07/2009 01:06:27
drmk.sysfffff880`05a3d000fffff880`05a5f0000x000220000x4a5bd8e514/07/2009 02:01:25
ksthunk.sysfffff880`05a5f000fffff880`05a642000x000052000x4a5bca9314/07/2009 01:00:19
HdAudio.sysfffff880`05a65000fffff880`05ac10000x0005c0000x4ce7a68720/11/2010 11:44:23
win32k.sysfffff960`00080000fffff960`003950000x003150000x00000000
Dxapi.sysfffff880`05ac1000fffff880`05acd0000x0000c0000x4a5bc57414/07/2009 00:38:28
crashdmp.sysfffff880`05acd000fffff880`05adb0000x0000e0000x4a5bcabd14/07/2009 01:01:01
dump_dumpata.sysfffff880`05adb000fffff880`05ae70000x0000c0000x4a5bc11314/07/2009 00:19:47
dump_msahci.sysfffff880`05bc7000fffff880`05bd20000x0000b0000x4ce7a41620/11/2010 11:33:58
dump_dumpfve.sysfffff880`05bd2000fffff880`05be50000x000130000x4a5bc18f14/07/2009 00:21:51
usbccgp.sysfffff880`01630000fffff880`0164d0000x0001d0000x4d8c0c0a25/03/2011 04:29:14
USBD.SYSfffff880`05be5000fffff880`05be6f000x00001f000x4d8c0bfb25/03/2011 04:28:59
dc3d.sysfffff880`05be7000fffff880`05bf90000x000120000x4d9f930c08/04/2011 23:58:20
HIDPARSE.SYSfffff880`04817000fffff880`0481f0800x000080800x4a5bcbf914/07/2009 01:06:17
hidusb.sysfffff880`02de6000fffff880`02df40000x0000e0000x4ce7a66520/11/2010 11:43:49
HIDCLASS.SYSfffff880`04000000fffff880`040190000x000190000x4ce7a66520/11/2010 11:43:49
kbdhid.sysfffff880`02cc5000fffff880`02cd30000x0000e0000x4ce7a3f520/11/2010 11:33:25
NuidFltr.sysfffff880`02df4000fffff880`02e000000x0000c0000x4d9f930808/04/2011 23:58:16
mouhid.sysfffff880`041f3000fffff880`042000000x0000d0000x4a5bca9414/07/2009 01:00:20
point64.sysfffff880`0164d000fffff880`0165d0000x000100000x4d9f930608/04/2011 23:58:14
usbprint.sysfffff880`0107f000fffff880`0108b0000x0000c0000x4a5bd37a14/07/2009 01:38:18
xusb21.sysfffff880`011de000fffff880`011eed800x00010d800x49dcb49c08/04/2009 15:28:44
 
Hello, The BSV was set to show 'all drivers'. Here are the other views of the two logs saved. I don't know why I'm not seeing more .DMP files that these.

----------------------
A problem has been detected and Windows has been shut down to prevent damage
to your computer.

The problem seems to be caused by the following file: dtsoftbus01.sys

DRIVER_VERIFIER_IOMANAGER_VIOLATION

If this is the first time you've seen this stop error screen,
restart your computer. If this screen appears again, follow
these steps:

Check to make sure any new hardware or software is properly installed.
If this is a new installation, ask your hardware or software manufacturer
for any Windows updates you might need.

If problems continue, disable or remove any newly installed hardware
or software. Disable BIOS memory options such as caching or shadowing.
If you need to use safe mode to remove or disable components, restart
your computer, press F8 to select Advanced Startup Options, and then
select Safe Mode.

Technical Information:

*** STOP: 0x000000c9 (0x000000000000023e, 0xfffff880017a4324, 0xfffff98008588ea0,
0x0000000000000000)

*** dtsoftbus01.sys - Address 0xfffff880017a4324 base at 0xfffff880017a3000 DateStamp
0x4f10358a
---------------------
<< I have deleted the program Deamon Tools Lite which this last sys file referes to. >>
<< Here is the other .DMP file
-------------------------
A problem has been detected and Windows has been shut down to prevent damage
to your computer.
The problem seems to be caused by the following file: Wdf01000.sys
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
If this is the first time you've seen this stop error screen,
restart your computer. If this screen appears again, follow
these steps:
Check to make sure any new hardware or software is properly installed.
If this is a new installation, ask your hardware or software manufacturer
for any Windows updates you might need.
If problems continue, disable or remove any newly installed hardware
or software. Disable BIOS memory options such as caching or shadowing.
If you need to use safe mode to remove or disable components, restart
your computer, press F8 to select Advanced Startup Options, and then
select Safe Mode.
Technical Information:
*** STOP: 0x1000007e (0xffffffff80000003, 0xfffff800030d2fd0, 0xfffff88003362298,
0xfffff88003361af0)
*** Wdf01000.sys - Address 0xfffff88000eb5289 base at 0xfffff88000e97000 DateStamp
0x4a5bc19f
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
783
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back