I suppose my son has roamed a bit too far in the wilds of the internet. His PC is now behaving badly with frequent crashing. SIREFEF has popped up in av scans and said to be deleted. But I'm not sure as problems continue. The Windows firewall was disabled and could not be restarted. I installed Comodo Firewall. Closing the barndoor after the horse has fled comes to mind. Windows Essentials scan returns a clean sheet.
Now we have followed the instructions here and here are the logs. There are two Malwarebytes logs as the older one showed an infection said to have been deleted. I hope you can guide me in the next steps. Thanks
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.01.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex B Cranfield :: AC-PC [administrator]
02/07/2012 14:43:30
mbam-log-2012-07-02 (14-43-30).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 393802
Time elapsed: 10 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
====================
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.24.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex B Cranfield :: AC-PC [administrator]
24/06/2012 14:40:36
mbam-log-2012-06-24 (14-40-36).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238631
Time elapsed: 1 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\System32\H@tKeysH@@k.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\H@tKeysH@@k.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Alex B Cranfield\AppData\Local\Temp\kpul0.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
(end)
===================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-02 17:59:45
Windows 6.1.7601 Service Pack 1
Running: ol7zhc5x.exe
---- Files - GMER 1.0.15 ----
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map03_TankFactory\T02M03_BackgroundGfx\T02M02_Terrain_host_T02M01_Terrain_host_RoadAsphaltA_RREF_RoadAsphaltA16\mat()\pack.bin 188 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map04_AirField\T02M04_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\mat() 0 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map04_AirField\T02M04_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\mat()\pack.bin 182 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map05_Skirmish\T02M05_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\mat() 0 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map05_Skirmish\T02M05_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\mat()\pack.bin 183 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Shaders\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map04_AirField\T02M04_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\fx() 0 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Shaders\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map04_AirField\T02M04_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\fx()\pack.bin 11079 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Shaders\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map05_Skirmish\T02M05_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\fx() 0 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Shaders\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map05_Skirmish\T02M05_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\fx()\pack.bin 11076 bytes
---- EOF - GMER 1.0.15 ----
===============
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Alex B Cranfield at 18:05:13 on 2012-07-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8169.6525 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=nv1
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\Alex B Cranfield\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "B:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "B:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4EF81454-B91D-4384-8F27-B9159AA268D9} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{4EF81454-B91D-4384-8F27-B9159AA268D9} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "B:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 acedrv11;acedrv11;\??\C:\Windows\system32\drivers\acedrv11.sys --> C:\Windows\system32\drivers\acedrv11.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-6-27 1326176]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-29 136176]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-6-27 681056]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 257224]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-29 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-02 15:18:49--------d-----w-C:\Users\Alex B Cranfield\AppData\Local\Secunia PSI
2012-07-02 15:18:41--------d-----w-C:\Program Files (x86)\Secunia
2012-07-02 14:52:48--------d-----w-C:\ProgramData\Comodo
2012-07-02 14:52:44--------d-----w-C:\Program Files\COMODO
2012-07-02 13:11:4769000----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4B27389-5975-4088-B797-A9AC35020098}\offreg.dll
2012-07-02 05:13:359013136----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4B27389-5975-4088-B797-A9AC35020098}\mpengine.dll
2012-07-01 21:12:07--------d-----w-C:\FRST
2012-07-01 19:53:20--------d-----w-C:\Users\Alex B Cranfield\AppData\Roaming\.techniclauncher
2012-07-01 01:32:039013136----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-27 05:27:52--------d-----w-C:\Users\Alex B Cranfield\AppData\Roaming\.minecraft
2012-06-25 18:34:27--------d-----w-C:\Program Files (x86)\Oracle
2012-06-25 18:34:21772504----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2012-06-21 17:29:192622464----a-w-C:\Windows\System32\wucltux.dll
2012-06-21 17:29:1799840----a-w-C:\Windows\System32\wudriver.dll
2012-06-21 17:29:1636864----a-w-C:\Windows\System32\wuapp.exe
2012-06-21 17:29:16186752----a-w-C:\Windows\System32\wuwebv.dll
2012-06-20 18:19:12328704----a-w-C:\Windows\System32\services.exe.5E70A9395C42F257
2012-06-20 18:16:34328704----a-w-C:\Windows\System32\services.exe.13B11F54766E4BC0
2012-06-20 18:13:46328704----a-w-C:\Windows\System32\services.exe.2F0EBF178F8CDA76
2012-06-20 06:08:25328704----a-w-C:\Windows\System32\services.exe.EFDCF3C0DE9D76C9
2012-06-20 06:05:38328704----a-w-C:\Windows\System32\services.exe.7D08DDE78A2C300F
2012-06-20 06:02:50328704----a-w-C:\Windows\System32\services.exe.06350B7DC891B4E7
2012-06-20 05:59:52328704----a-w-C:\Windows\System32\services.exe.4CC2CBB91681EA81
2012-06-20 05:57:07328704----a-w-C:\Windows\System32\services.exe.0C936E7AC2128E53
2012-06-20 05:54:22328704----a-w-C:\Windows\System32\services.exe.4FB20B60410F182A
2012-06-20 05:51:36328704----a-w-C:\Windows\System32\services.exe.A8D6F6D5B515D10C
2012-06-20 05:48:49328704----a-w-C:\Windows\System32\services.exe.DE31CEB0332A7696
2012-06-20 05:46:16328704----a-w-C:\Windows\System32\services.exe.61D33793C4B13E16
2012-06-20 05:44:21328704----a-w-C:\Windows\System32\services.exe.8967B0D850F76966
2012-06-20 05:41:44328704----a-w-C:\Windows\System32\services.exe.E614E9ACD9D74CA8
2012-06-20 05:39:13328704----a-w-C:\Windows\System32\services.exe.678CB384D2B3CC4B
2012-06-20 05:36:25328704----a-w-C:\Windows\System32\services.exe.F8364D651D752FEF
2012-06-20 05:33:36328704----a-w-C:\Windows\System32\services.exe.D6116BF0D9D71914
2012-06-13 10:28:06927800------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-13 10:28:06927800------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0D87F20-8597-4D03-84D0-1F85E66BCAFE}\gapaengine.dll
2012-06-13 05:57:149216----a-w-C:\Windows\System32\rdrmemptylst.exe
2012-06-12 16:32:20--------d-----w-C:\Users\Alex B Cranfield\AppData\Roaming\LoneSurvivor
2012-06-11 20:51:54--------d-----w-C:\Users\Alex B Cranfield\AppData\Roaming\Braid
.
==================== Find3M ====================
.
2012-07-02 15:20:29426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-02 15:20:2870344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-01 16:26:36283304----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-01 16:26:36283304----a-w-C:\Windows\SysWow64\PnkBstrB.exe
2012-07-01 16:26:10280904----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-27 05:40:49955840----a-w-C:\Windows\System32\npdeployJava1.dll
2012-06-27 05:40:49839096----a-w-C:\Windows\System32\deployJava1.dll
2012-06-20 18:21:35328704----a-w-C:\Windows\System32\services.exe
2012-06-01 19:26:3376888----a-w-C:\Windows\SysWow64\PnkBstrA.exe
2012-05-26 16:13:16466456----a-w-C:\Windows\System32\wrap_oal.dll
2012-05-26 16:13:16444952----a-w-C:\Windows\SysWow64\wrap_oal.dll
2012-05-26 16:13:16122904----a-w-C:\Windows\System32\OpenAL32.dll
2012-05-26 16:13:16109080----a-w-C:\Windows\SysWow64\OpenAL32.dll
2012-05-18 02:06:482311680----a-w-C:\Windows\System32\jscript9.dll
2012-05-18 01:59:141392128----a-w-C:\Windows\System32\wininet.dll
2012-05-18 01:58:391494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:302382848----a-w-C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:371800192----a-w-C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:471129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:391427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:333146752----a-w-C:\Windows\System32\win32k.sys
2012-05-05 09:38:37283200----a-w-C:\Windows\System32\drivers\dtsoftbus01.sys
2012-05-04 18:29:16687504----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-05-04 11:06:225559664----a-w-C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:533968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:503913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20209920----a-w-C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21210944----a-w-C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:5677312----a-w-C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55149504----a-w-C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37184320----a-w-C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37140288----a-w-C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:361462272----a-w-C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:421158656----a-w-C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:403216384----a-w-C:\Windows\System32\msi.dll
2012-04-07 11:26:292342400----a-w-C:\Windows\SysWow64\msi.dll
2012-04-06 05:22:4011174400----a-w-C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:22:00159744----a-w-C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52909312----a-w-C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:041067520----a-w-C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52442368----a-w-C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46503808----a-w-C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02236544----a-w-C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44120320----a-w-C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:3021504----a-w-C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:2659392----a-w-C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:2043520----a-w-C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:426800896----a-w-C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:5026181632----a-w-C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:1064000----a-w-C:\Windows\System32\coinst.dll
2012-04-06 01:54:467479296----a-w-C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:5619753984----a-w-C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:241120768----a-w-C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:501831424----a-w-C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:344731904----a-w-C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:046203392----a-w-C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:1651200----a-w-C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:1446080----a-w-C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:0844544----a-w-C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:0644032----a-w-C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:5416090624----a-w-C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:3013764096----a-w-C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:247431680----a-w-C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:544795904----a-w-C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28514560----a-w-C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20360448----a-w-C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:0617408----a-w-C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:0414848----a-w-C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:0414848----a-w-C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:0041984----a-w-C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:5233280----a-w-C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44343040----a-w-C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:5654784----a-w-C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:4841984----a-w-C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:4244544----a-w-C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:3432256----a-w-C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:0253248----a-w-C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:0854784----a-w-C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:0854784----a-w-C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:0453760----a-w-C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:0453760----a-w-C:\Windows\SysWow64\amdpcom32.dll
2012-04-05 21:34:26187392----a-w-C:\Windows\System32\clinfo.exe
2012-04-05 21:34:1074752----a-w-C:\Windows\System32\OpenVideo64.dll
2012-04-05 21:34:0464512----a-w-C:\Windows\SysWow64\OpenVideo.dll
2012-04-05 21:33:5663488----a-w-C:\Windows\System32\OVDecode64.dll
2012-04-05 21:33:5256320----a-w-C:\Windows\SysWow64\OVDecode.dll
2012-04-05 21:33:4416457216----a-w-C:\Windows\System32\amdocl64.dll
2012-04-05 21:32:5613007872----a-w-C:\Windows\SysWow64\amdocl.dll
2012-04-04 14:56:4024904----a-w-C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 18:07:24.46 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 28/06/2011 23:56:23
System Uptime: 02/07/2012 17:41:30 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8P67 PRO
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
B: is FIXED (NTFS) - 931 GiB total, 285.712 GiB free.
C: is FIXED (NTFS) - 60 GiB total, 11.081 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&108ABD8A&0&00E4
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&108ABD8A&0&00E4
Service:
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&DDEC341&0&00E1
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&DDEC341&0&00E1
Service:
.
Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1102&DEV_0005&SUBSYS_10031102&REV_00\5&D93DF5B&0&0000E6
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1102&DEV_0005&SUBSYS_10031102&REV_00\5&D93DF5B&0&0000E6
Service:
.
==== System Restore Points ===================
.
RP410: 02/07/2012 15:53:10 - Device Driver Package Install: COMODO Network Service
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
American Conquest
American Conquest - Fight Back
Amnesia: The Dark Descent
Apple Software Update
Application Profiles
Atom Zombie Smasher
µTorrent
Audiosurf
Bastion
Battlefield 3™
BBC iPlayer Desktop
Bid-O-Matic v2.14.8
BIT.TRIP RUNNER
Braid
Call of Pripyat Complete v1.0.2
Carmageddon EFLC 2.0.1.1
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Cave Story+
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cheat Engine 6.1
Company of Heroes
Company of Heroes: Tales of Valor
Cossacks II: Battle for Europe
Cossacks II: Napoleonic Wars
Cossacks: Art of War
Cossacks: Back to War
Cossacks: European Wars
Crayon Physics Deluxe
Creation Kit
DAEMON Tools Lite
Dark Messiah Might and Magic Single Player
Darwinia
Day of Defeat: Source
Dead Island
DEFCON
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dragon NaturallySpeaking 11
EDGE
Empire: Total War
Endless Space
ESN Sonar
Evil Genius
Fallout 3
Fallout New Vegas
Far Cry 2
From Dust
Frozen Synapse
FUEL
GameSpy Arcade
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Grand Theft Auto: San Andreas
Gratuitous Space Battles
GRID
Hitman: Blood Money
HOMEFRONT
HydraVision
Impulse®
Intel(R) Management Engine Components
Jagged Alliance 2
Jagged Alliance 2 Gold
Jamestown
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Just Cause 2
Killing Floor
Left 4 Dead 2
LIMBO
Lone Survivor
Malwarebytes Anti-Malware version 1.61.0.1400
Max Payne 3
MechWarrior 4 Mercenaries
Medieval II: Total War
Medieval II: Total War Kingdoms
Microsoft .NET Framework 1.1
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mount & Blade
Mount & Blade: Warband
Mount & Blade: With Fire and Sword
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Napoleon: Total War
New Star Soccer 5 v1.07
NVIDIA PhysX
OpenAL
Orcs Must Die!
Origin
Portal
ProtectDisc Driver, Version 11
Psychonauts
PunkBuster Services
QuickTime
RAGE
Rapture3D 2.4.11 Game
Red Orchestra 2: Heroes of Stalingrad
Rockstar Games Social Club
Rome: Total War - Alexander
Rome: Total War Gold Edition
S.T.A.L.K.E.R. - Clear Sky
S.T.A.L.K.E.R.: Call of Pripyat
Saints Row: The Third
Secunia PSI (3.0.0.2004)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Shank
Sid Meier's Alpha Centauri
Sid Meier's Civilization V
Sid Meier's Railroads!
SimCity 4 Deluxe
Solar 2
SotS Tutorial Videos
Space Pirates and Zombies
Steam
Stronghold
Stronghold 3
Stronghold Crusader Extreme
Super Meat Boy
Superbrothers: Sword & Sworcery EP
swMSM
Sword of the Stars
Sword of the Stars II
System Requirements Lab CYRI
TeamSpeak 3 Client
Terraria
The Elder Scrolls V: Skyrim
The Saboteur™
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Fast Lane Stuff
The Sims™ 3 Generations
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Sims™ 3 Outdoor Living Stuff
The Sims™ 3 Town Life Stuff
The Sims™ 3 World Adventures
The Witcher 2 Enhanced Edition version 3.0
Tom Clancy's EndWar
Total War: SHOGUN 2
Total War: Shogun 2 - TEd
Tunatic
Ubisoft Game Launcher
UFO: Extraterrestrials Gold
Universe Sandbox
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 2.0.1
Wargame: European Escalation
Warhammer® 40,000™: Dawn of War® II
Wings of Prey
X3: Albion Prelude
X3: Terran Conflict
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
25/06/2012 15:40:45, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.359.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
25/06/2012 15:30:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.359.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
02/07/2012 17:41:52, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
02/07/2012 17:41:52, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
02/07/2012 17:41:40, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
02/07/2012 16:33:01, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
02/07/2012 15:53:06, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
02/07/2012 13:41:41, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
02/07/2012 13:36:14, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
02/07/2012 13:36:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
02/07/2012 13:36:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
02/07/2012 13:36:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
02/07/2012 13:36:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
02/07/2012 13:36:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
02/07/2012 13:36:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
01/07/2012 22:03:45, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
01/07/2012 09:29:57, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
.
==== End Of File ===========================
Now we have followed the instructions here and here are the logs. There are two Malwarebytes logs as the older one showed an infection said to have been deleted. I hope you can guide me in the next steps. Thanks
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.01.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex B Cranfield :: AC-PC [administrator]
02/07/2012 14:43:30
mbam-log-2012-07-02 (14-43-30).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 393802
Time elapsed: 10 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
====================
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.24.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex B Cranfield :: AC-PC [administrator]
24/06/2012 14:40:36
mbam-log-2012-06-24 (14-40-36).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238631
Time elapsed: 1 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Windows\Installer\{806a4915-b82b-4d1a-e52e-42e3fb3d59ea}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\System32\H@tKeysH@@k.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\H@tKeysH@@k.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Alex B Cranfield\AppData\Local\Temp\kpul0.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
(end)
===================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-02 17:59:45
Windows 6.1.7601 Service Pack 1
Running: ol7zhc5x.exe
---- Files - GMER 1.0.15 ----
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map03_TankFactory\T02M03_BackgroundGfx\T02M02_Terrain_host_T02M01_Terrain_host_RoadAsphaltA_RREF_RoadAsphaltA16\mat()\pack.bin 188 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map04_AirField\T02M04_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\mat() 0 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map04_AirField\T02M04_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\mat()\pack.bin 182 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map05_Skirmish\T02M05_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\mat() 0 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Materials\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map05_Skirmish\T02M05_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\mat()\pack.bin 183 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Shaders\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map04_AirField\T02M04_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\fx() 0 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Shaders\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map04_AirField\T02M04_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\fx()\pack.bin 11079 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Shaders\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map05_Skirmish\T02M05_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\fx() 0 bytes
File C:\Users\Alex B Cranfield\AppData\Local\Temp\HNG\live\_packed\_Out\Shaders\Environments\Models\MasterCompounds\Gamemap_Sections\Terrain02\Map05_Skirmish\T02M05_GamemapConfiguration\T02M03_GamemapConfiguration_host_T02M01_GamemapConfiguration_host_PavementA_RREF_PavementA2\fx()\pack.bin 11076 bytes
---- EOF - GMER 1.0.15 ----
===============
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Alex B Cranfield at 18:05:13 on 2012-07-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8169.6525 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=nv1
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\Alex B Cranfield\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "B:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "B:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4EF81454-B91D-4384-8F27-B9159AA268D9} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{4EF81454-B91D-4384-8F27-B9159AA268D9} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "B:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 acedrv11;acedrv11;\??\C:\Windows\system32\drivers\acedrv11.sys --> C:\Windows\system32\drivers\acedrv11.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-6-27 1326176]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-29 136176]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-6-27 681056]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 257224]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-29 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-02 15:18:49--------d-----w-C:\Users\Alex B Cranfield\AppData\Local\Secunia PSI
2012-07-02 15:18:41--------d-----w-C:\Program Files (x86)\Secunia
2012-07-02 14:52:48--------d-----w-C:\ProgramData\Comodo
2012-07-02 14:52:44--------d-----w-C:\Program Files\COMODO
2012-07-02 13:11:4769000----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4B27389-5975-4088-B797-A9AC35020098}\offreg.dll
2012-07-02 05:13:359013136----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4B27389-5975-4088-B797-A9AC35020098}\mpengine.dll
2012-07-01 21:12:07--------d-----w-C:\FRST
2012-07-01 19:53:20--------d-----w-C:\Users\Alex B Cranfield\AppData\Roaming\.techniclauncher
2012-07-01 01:32:039013136----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-27 05:27:52--------d-----w-C:\Users\Alex B Cranfield\AppData\Roaming\.minecraft
2012-06-25 18:34:27--------d-----w-C:\Program Files (x86)\Oracle
2012-06-25 18:34:21772504----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2012-06-21 17:29:192622464----a-w-C:\Windows\System32\wucltux.dll
2012-06-21 17:29:1799840----a-w-C:\Windows\System32\wudriver.dll
2012-06-21 17:29:1636864----a-w-C:\Windows\System32\wuapp.exe
2012-06-21 17:29:16186752----a-w-C:\Windows\System32\wuwebv.dll
2012-06-20 18:19:12328704----a-w-C:\Windows\System32\services.exe.5E70A9395C42F257
2012-06-20 18:16:34328704----a-w-C:\Windows\System32\services.exe.13B11F54766E4BC0
2012-06-20 18:13:46328704----a-w-C:\Windows\System32\services.exe.2F0EBF178F8CDA76
2012-06-20 06:08:25328704----a-w-C:\Windows\System32\services.exe.EFDCF3C0DE9D76C9
2012-06-20 06:05:38328704----a-w-C:\Windows\System32\services.exe.7D08DDE78A2C300F
2012-06-20 06:02:50328704----a-w-C:\Windows\System32\services.exe.06350B7DC891B4E7
2012-06-20 05:59:52328704----a-w-C:\Windows\System32\services.exe.4CC2CBB91681EA81
2012-06-20 05:57:07328704----a-w-C:\Windows\System32\services.exe.0C936E7AC2128E53
2012-06-20 05:54:22328704----a-w-C:\Windows\System32\services.exe.4FB20B60410F182A
2012-06-20 05:51:36328704----a-w-C:\Windows\System32\services.exe.A8D6F6D5B515D10C
2012-06-20 05:48:49328704----a-w-C:\Windows\System32\services.exe.DE31CEB0332A7696
2012-06-20 05:46:16328704----a-w-C:\Windows\System32\services.exe.61D33793C4B13E16
2012-06-20 05:44:21328704----a-w-C:\Windows\System32\services.exe.8967B0D850F76966
2012-06-20 05:41:44328704----a-w-C:\Windows\System32\services.exe.E614E9ACD9D74CA8
2012-06-20 05:39:13328704----a-w-C:\Windows\System32\services.exe.678CB384D2B3CC4B
2012-06-20 05:36:25328704----a-w-C:\Windows\System32\services.exe.F8364D651D752FEF
2012-06-20 05:33:36328704----a-w-C:\Windows\System32\services.exe.D6116BF0D9D71914
2012-06-13 10:28:06927800------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-13 10:28:06927800------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0D87F20-8597-4D03-84D0-1F85E66BCAFE}\gapaengine.dll
2012-06-13 05:57:149216----a-w-C:\Windows\System32\rdrmemptylst.exe
2012-06-12 16:32:20--------d-----w-C:\Users\Alex B Cranfield\AppData\Roaming\LoneSurvivor
2012-06-11 20:51:54--------d-----w-C:\Users\Alex B Cranfield\AppData\Roaming\Braid
.
==================== Find3M ====================
.
2012-07-02 15:20:29426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-02 15:20:2870344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-01 16:26:36283304----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-01 16:26:36283304----a-w-C:\Windows\SysWow64\PnkBstrB.exe
2012-07-01 16:26:10280904----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-27 05:40:49955840----a-w-C:\Windows\System32\npdeployJava1.dll
2012-06-27 05:40:49839096----a-w-C:\Windows\System32\deployJava1.dll
2012-06-20 18:21:35328704----a-w-C:\Windows\System32\services.exe
2012-06-01 19:26:3376888----a-w-C:\Windows\SysWow64\PnkBstrA.exe
2012-05-26 16:13:16466456----a-w-C:\Windows\System32\wrap_oal.dll
2012-05-26 16:13:16444952----a-w-C:\Windows\SysWow64\wrap_oal.dll
2012-05-26 16:13:16122904----a-w-C:\Windows\System32\OpenAL32.dll
2012-05-26 16:13:16109080----a-w-C:\Windows\SysWow64\OpenAL32.dll
2012-05-18 02:06:482311680----a-w-C:\Windows\System32\jscript9.dll
2012-05-18 01:59:141392128----a-w-C:\Windows\System32\wininet.dll
2012-05-18 01:58:391494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:302382848----a-w-C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:371800192----a-w-C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:471129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:391427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:333146752----a-w-C:\Windows\System32\win32k.sys
2012-05-05 09:38:37283200----a-w-C:\Windows\System32\drivers\dtsoftbus01.sys
2012-05-04 18:29:16687504----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-05-04 11:06:225559664----a-w-C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:533968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:503913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20209920----a-w-C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21210944----a-w-C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:5677312----a-w-C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55149504----a-w-C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37184320----a-w-C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37140288----a-w-C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:361462272----a-w-C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:421158656----a-w-C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:403216384----a-w-C:\Windows\System32\msi.dll
2012-04-07 11:26:292342400----a-w-C:\Windows\SysWow64\msi.dll
2012-04-06 05:22:4011174400----a-w-C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:22:00159744----a-w-C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52909312----a-w-C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:041067520----a-w-C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52442368----a-w-C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46503808----a-w-C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02236544----a-w-C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44120320----a-w-C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:3021504----a-w-C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:2659392----a-w-C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:2043520----a-w-C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:426800896----a-w-C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:5026181632----a-w-C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:1064000----a-w-C:\Windows\System32\coinst.dll
2012-04-06 01:54:467479296----a-w-C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:5619753984----a-w-C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:241120768----a-w-C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:501831424----a-w-C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:344731904----a-w-C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:046203392----a-w-C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:1651200----a-w-C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:1446080----a-w-C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:0844544----a-w-C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:0644032----a-w-C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:5416090624----a-w-C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:3013764096----a-w-C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:247431680----a-w-C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:544795904----a-w-C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28514560----a-w-C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20360448----a-w-C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:0617408----a-w-C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:0414848----a-w-C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:0414848----a-w-C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:0041984----a-w-C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:5233280----a-w-C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44343040----a-w-C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:5654784----a-w-C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:4841984----a-w-C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:4244544----a-w-C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:3432256----a-w-C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:0253248----a-w-C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:0854784----a-w-C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:0854784----a-w-C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:0453760----a-w-C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:0453760----a-w-C:\Windows\SysWow64\amdpcom32.dll
2012-04-05 21:34:26187392----a-w-C:\Windows\System32\clinfo.exe
2012-04-05 21:34:1074752----a-w-C:\Windows\System32\OpenVideo64.dll
2012-04-05 21:34:0464512----a-w-C:\Windows\SysWow64\OpenVideo.dll
2012-04-05 21:33:5663488----a-w-C:\Windows\System32\OVDecode64.dll
2012-04-05 21:33:5256320----a-w-C:\Windows\SysWow64\OVDecode.dll
2012-04-05 21:33:4416457216----a-w-C:\Windows\System32\amdocl64.dll
2012-04-05 21:32:5613007872----a-w-C:\Windows\SysWow64\amdocl.dll
2012-04-04 14:56:4024904----a-w-C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 18:07:24.46 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 28/06/2011 23:56:23
System Uptime: 02/07/2012 17:41:30 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8P67 PRO
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
B: is FIXED (NTFS) - 931 GiB total, 285.712 GiB free.
C: is FIXED (NTFS) - 60 GiB total, 11.081 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&108ABD8A&0&00E4
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&108ABD8A&0&00E4
Service:
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&DDEC341&0&00E1
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&DDEC341&0&00E1
Service:
.
Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1102&DEV_0005&SUBSYS_10031102&REV_00\5&D93DF5B&0&0000E6
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1102&DEV_0005&SUBSYS_10031102&REV_00\5&D93DF5B&0&0000E6
Service:
.
==== System Restore Points ===================
.
RP410: 02/07/2012 15:53:10 - Device Driver Package Install: COMODO Network Service
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
American Conquest
American Conquest - Fight Back
Amnesia: The Dark Descent
Apple Software Update
Application Profiles
Atom Zombie Smasher
µTorrent
Audiosurf
Bastion
Battlefield 3™
BBC iPlayer Desktop
Bid-O-Matic v2.14.8
BIT.TRIP RUNNER
Braid
Call of Pripyat Complete v1.0.2
Carmageddon EFLC 2.0.1.1
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Cave Story+
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cheat Engine 6.1
Company of Heroes
Company of Heroes: Tales of Valor
Cossacks II: Battle for Europe
Cossacks II: Napoleonic Wars
Cossacks: Art of War
Cossacks: Back to War
Cossacks: European Wars
Crayon Physics Deluxe
Creation Kit
DAEMON Tools Lite
Dark Messiah Might and Magic Single Player
Darwinia
Day of Defeat: Source
Dead Island
DEFCON
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dragon NaturallySpeaking 11
EDGE
Empire: Total War
Endless Space
ESN Sonar
Evil Genius
Fallout 3
Fallout New Vegas
Far Cry 2
From Dust
Frozen Synapse
FUEL
GameSpy Arcade
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Grand Theft Auto: San Andreas
Gratuitous Space Battles
GRID
Hitman: Blood Money
HOMEFRONT
HydraVision
Impulse®
Intel(R) Management Engine Components
Jagged Alliance 2
Jagged Alliance 2 Gold
Jamestown
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Just Cause 2
Killing Floor
Left 4 Dead 2
LIMBO
Lone Survivor
Malwarebytes Anti-Malware version 1.61.0.1400
Max Payne 3
MechWarrior 4 Mercenaries
Medieval II: Total War
Medieval II: Total War Kingdoms
Microsoft .NET Framework 1.1
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mount & Blade
Mount & Blade: Warband
Mount & Blade: With Fire and Sword
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Napoleon: Total War
New Star Soccer 5 v1.07
NVIDIA PhysX
OpenAL
Orcs Must Die!
Origin
Portal
ProtectDisc Driver, Version 11
Psychonauts
PunkBuster Services
QuickTime
RAGE
Rapture3D 2.4.11 Game
Red Orchestra 2: Heroes of Stalingrad
Rockstar Games Social Club
Rome: Total War - Alexander
Rome: Total War Gold Edition
S.T.A.L.K.E.R. - Clear Sky
S.T.A.L.K.E.R.: Call of Pripyat
Saints Row: The Third
Secunia PSI (3.0.0.2004)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Shank
Sid Meier's Alpha Centauri
Sid Meier's Civilization V
Sid Meier's Railroads!
SimCity 4 Deluxe
Solar 2
SotS Tutorial Videos
Space Pirates and Zombies
Steam
Stronghold
Stronghold 3
Stronghold Crusader Extreme
Super Meat Boy
Superbrothers: Sword & Sworcery EP
swMSM
Sword of the Stars
Sword of the Stars II
System Requirements Lab CYRI
TeamSpeak 3 Client
Terraria
The Elder Scrolls V: Skyrim
The Saboteur™
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Fast Lane Stuff
The Sims™ 3 Generations
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Sims™ 3 Outdoor Living Stuff
The Sims™ 3 Town Life Stuff
The Sims™ 3 World Adventures
The Witcher 2 Enhanced Edition version 3.0
Tom Clancy's EndWar
Total War: SHOGUN 2
Total War: Shogun 2 - TEd
Tunatic
Ubisoft Game Launcher
UFO: Extraterrestrials Gold
Universe Sandbox
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 2.0.1
Wargame: European Escalation
Warhammer® 40,000™: Dawn of War® II
Wings of Prey
X3: Albion Prelude
X3: Terran Conflict
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
25/06/2012 15:40:45, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.359.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
25/06/2012 15:30:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.359.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
02/07/2012 17:41:52, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
02/07/2012 17:41:52, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
02/07/2012 17:41:40, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
02/07/2012 16:33:01, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
02/07/2012 15:53:06, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
02/07/2012 13:41:41, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
02/07/2012 13:36:14, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
02/07/2012 13:36:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
02/07/2012 13:36:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
02/07/2012 13:36:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
02/07/2012 13:36:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
02/07/2012 13:36:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
02/07/2012 13:36:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2012 13:36:00, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
01/07/2012 22:03:45, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
01/07/2012 09:29:57, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
.
==== End Of File ===========================