Jump to content

Cleaning a gamer's PC, is it truly clean?

Azlan

By Azlan
in Resolved Malware Removal Logs

 Share

Recommended Posts

Azlan

Azlan

Posted
Posted

Here's the case, this computer belongs to my 10 year old brother who is actively playing Minecraft and TF2 all day long, he would go on the net to find mods and skins for the games.. But he dont care about the malwares and everything.. As long as he can game on it and it doesnt lag..

 

I did a scan in October because I cant access task manager and deleted some files

 

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225159
Time elapsed: 5 minute(s), 42 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
 
Folders Detected: 1
C:\Users\user\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.
 
Files Detected: 4
C:\Users\user\Downloads\CheatEngine62.exe (PUP.Optional.Somoto) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-1375052093-4268391962-1033398323-1001\$RP7T3YP.exe (PUP.Optional.FirSeriaInstaller) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\dclogs\2013-10-05-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ampere2.dat (Malware.Trace) -> Quarantined and deleted successfully.
 
(end)
 
But I still havent figured out what caused it to happen..
 
Today I ran a scan again with MBAM and got this
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.22.04
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
user :: ADMIN [administrator]
 
22/11/2013 16:08:34
mbam-log-2013-11-22 (16-08-34).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231215
Time elapsed: 4 minute(s), 59 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 3
HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 3
C:\Users\user\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\CT3289075 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\CT3289075\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
Files Detected: 19
C:\ProgramData\InstallMate\{4BC0EB22-ECC0-4E84-AC6F-A4E29023C9D4}\Custom.dll (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{4DFDAD03-37A5-422F-A0C4-7F87961E8FF5}\Custom.dll (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{CFA1C080-FB7B-4652-A4B9-B3591442E276}\Custom.dll (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1375052093-4268391962-1033398323-1001\$RGOJGNN.exe (PUP.Optional.Firseria) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1375052093-4268391962-1033398323-1001\$RMPBD3T.exe (PUP.Optional.Firseria) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1375052093-4268391962-1033398323-1001\$RNI782T.exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1375052093-4268391962-1033398323-1001\$RUZ25V6.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\DownloadManager.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\Installer.exe.0 (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp2789.tmp_TF2_Injector.exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp3C3.tmp_TF2_Injector.exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp4719.tmp_TF2_Injector.exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tmp8F6.tmp_TF2_Injector.exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\dclogs\2013-11-05-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ampere2.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\CT3289075\CT3289075.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\CT3289075\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\CT3289075\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\CT3289075\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
(end)
 
After running MBAM, I ran DDS.. Here's the logs.. I wanna make sure that my brother's computer is really clean from unwanted malwares..
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.45.2
Run by user at 16:25:41 on 2013-11-22
Microsoft Windows 8  6.2.9200.0.1252.60.2057.18.3999.2404 [GMT 8:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\DAODx.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\Program Files\Steam.exe
C:\Users\user\AppData\Roaming\tdd.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [steam] "D:\Program Files\steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Windows Runner] C:\Users\user\AppData\Roaming\tdd.exe
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [installValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe -s
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-System: EnableLUA = dword:0
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
TCP: Interfaces\{7B973AAA-AC39-4459-AC01-505769C22994} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7B973AAA-AC39-4459-AC01-505769C22994} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-12-8 79016]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-12-8 26280]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2012-12-15 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 bckd;bckd;C:\Windows\System32\Drivers\bckd.sys [2013-3-1 127216]
R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2013-3-1 2649840]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-6-28 2470736]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-11-18 9216]
R3 athur;Qualcomm Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\Drivers\athuw8x.sys [2012-12-9 3744256]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-4-23 98744]
R3 AU8168;AU 8168 NT Driver;C:\Windows\System32\Drivers\au630x64.sys [2013-9-23 792648]
S3 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\Drivers\amdkmafd.sys [2012-9-23 21160]
S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-12-8 683664]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== Created Last 30 ================
.
2013-11-22 01:19:43 -------- d-----w- C:\Users\user\AppData\Roaming\broeselhud Installer
2013-11-22 01:11:24 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24F51A10-B69A-439A-9E86-D18BCB0407F5}\mpengine.dll
2013-11-21 01:12:06 10285968 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-11-19 13:12:38 -------- d-----w- C:\Users\user\AppData\Local\ElevatedDiagnostics
2013-11-18 12:27:30 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
2013-11-18 12:23:07 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2013-11-18 07:50:55 -------- d-----w- C:\Users\user\AppData\Local\CRE
2013-11-18 07:50:54 -------- d-----w- C:\Program Files (x86)\Conduit
2013-11-17 23:58:28 87552 ----a-w- C:\Users\user\AppData\Roaming\tdd.exe
2013-11-17 14:12:44 86528 ----a-w- C:\Users\user\AppData\Roaming\wrk.exe
2013-11-16 08:21:09 -------- d-----w- C:\Users\user\AppData\Roaming\eve Updater
2013-11-16 06:40:41 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-16 06:40:41 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-15 09:55:19 -------- d-----w- C:\Program Files\ASUS
2013-11-15 03:15:03 300720 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10225.bin
2013-11-13 04:23:40 2304512 ----a-w- C:\Windows\System32\authui.dll
2013-11-13 04:23:40 2035712 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-08 04:43:26 -------- d-----w- C:\Users\user\AppData\Roaming\openvr
2013-11-05 09:22:34 -------- d-----w- C:\ProgramData\WinterSoft
2013-11-05 09:22:33 -------- d-----w- C:\ProgramData\InstallMate
2013-10-31 11:21:36 -------- d-----w- C:\Users\user\openvr
2013-10-31 11:12:02 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-10 11:53:35 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
2013-10-10 09:21:20 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-10 09:20:43 723968 ----a-w- C:\Windows\System32\BFE.DLL
2013-10-04 10:08:19 1200937 ----a-w- C:\Windows\unins000.exe
2013-10-02 23:25:41 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-01 23:37:57 1569280 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-01 23:26:49 1890816 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-01 22:22:19 1022976 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-23 22:30:14 419328 ----a-w- C:\Windows\System32\schannel.dll
2013-09-23 22:30:03 323072 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-23 06:04:04 792648 ----a-w- C:\Windows\System32\drivers\au630x64.sys
2013-09-23 06:04:04 78920 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-09-13 22:36:37 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-09-13 22:36:23 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-09-13 22:36:23 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-09-13 22:36:14 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll
2013-09-13 22:34:14 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-09-13 22:33:55 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2013-09-13 22:33:55 142848 ----a-w- C:\Windows\System32\wuwebv.dll
2013-09-13 22:33:54 99328 ----a-w- C:\Windows\System32\wudriver.dll
2013-09-13 22:33:54 1622016 ----a-w- C:\Windows\System32\wucltux.dll
2013-09-13 22:33:42 328192 ----a-w- C:\Windows\System32\ubpm.dll
2013-09-13 22:33:39 175104 ----a-w- C:\Windows\System32\storewuauth.dll
2013-09-04 03:11:23 576512 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-08-30 05:43:40 61784 ----a-w- C:\Windows\System32\drivers\crashdmp.sys
2013-08-30 05:20:13 1173504 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2013-08-29 23:48:12 914432 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
.
============= FINISH: 16:26:56.02 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 08/12/2012 21:00:41
System Uptime: 22/11/2013 16:15:46 (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | M5A97 LE R2.0
Processor: AMD FX-4170 Quad-Core Processor             | Socket 942 | 4200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 97 GiB total, 21.81 GiB free.
D: is FIXED (NTFS) - 368 GiB total, 306.831 GiB free.
E: is CDROM (CDFS)
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP52: 13/11/2013 12:14:31 - Windows Update
RP53: 18/11/2013 20:22:34 - Installed Hi-Rez Studios Games
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
BeamNG-DRIVE-0.3 (remove only)
BeamNG-Techdemo-0.3 (remove only)
Blue Coat K9 Web Protection
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cheat Engine 6.2
Cheat Engine 6.3
D3DX10
DAEMON Tools Lite
Ezvid
Fraps (remove only)
Google Chrome
Google Update Helper
Hi-Rez Studios Authenticate and Update Service
Java 7 Update 45
Java Auto Updater
LEGO Digital Designer
LEGO MINDSTORMS EV3
LEGO MINDSTORMS EV3 Home Content
LEGO MINDSTORMS EV3 Home Edition
LEGO MINDSTORMS EV3 Home English Support
LEGO MINDSTORMS EV3 Uninstaller
LEGO MINDSTORMS NXT x64 Driver
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Mouse and Keyboard Center
Microsoft Silverlight
Microsoft Silverlight 5.1
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
Nation Toolbar
Need For Speed Most Wanted version 1.3
NI .NET Framework 4
NI EulaDepot
NI MDF Support
NI Security Update (KB 67L8LCQW)
NI Security Update (KB 67L8LCQW) (64-bit)
NI Uninstaller
NI VC2008MSMs x64
NI VC2008MSMs x86
Photo Common
Photo Gallery
RaceRoom Racing Experience Launcher
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RIDGE RACER™ Driftopia
ROBLOX Player for user
ROBLOX Studio for user
RollerCoaster Tycoon 3 Demo
Soldier Front 2
Source Filmmaker
Steam
Team Fortress 2
Test Drive Unlimited 2
Tribes: Ascend
VLC media player 2.0.4
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Center
WinRAR 4.20 (64-bit)
Your Product
.
==== Event Viewer Messages From Past Week ========
.
22/11/2013 11:48:34, Error: usbehci [4]  - A timeout occurred while waiting for the EHCI host controller Interrupt on Async Advance Doorbell response.
22/11/2013 10:03:52, Error: Microsoft-Windows-Kernel-Power [137]  - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S5). This can result in reduced resume performance.
21/11/2013 22:47:06, Error: Service Control Manager [7022]  - The Software Protection service hung on starting.
21/11/2013 22:34:13, Error: usbehci [3]  - A timeout occurred while waiting for the EHCI host controller Asynchronous Schedule to transition to the enabled state.
21/11/2013 21:09:55, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user admin\user SID (S-1-5-21-1375052093-4268391962-1033398323-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
21/11/2013 16:20:04, Error: Microsoft-Windows-Kernel-Power [137]  - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.
16/11/2013 14:40:30, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  General access denied error
16/11/2013 14:40:30, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  General access denied error
15/11/2013 14:50:05, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 08/12/2012 21:00:41
System Uptime: 22/11/2013 16:15:46 (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | M5A97 LE R2.0
Processor: AMD FX-4170 Quad-Core Processor             | Socket 942 | 4200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 97 GiB total, 21.81 GiB free.
D: is FIXED (NTFS) - 368 GiB total, 306.831 GiB free.
E: is CDROM (CDFS)
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP52: 13/11/2013 12:14:31 - Windows Update
RP53: 18/11/2013 20:22:34 - Installed Hi-Rez Studios Games
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
BeamNG-DRIVE-0.3 (remove only)
BeamNG-Techdemo-0.3 (remove only)
Blue Coat K9 Web Protection
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cheat Engine 6.2
Cheat Engine 6.3
D3DX10
DAEMON Tools Lite
Ezvid
Fraps (remove only)
Google Chrome
Google Update Helper
Hi-Rez Studios Authenticate and Update Service
Java 7 Update 45
Java Auto Updater
LEGO Digital Designer
LEGO MINDSTORMS EV3
LEGO MINDSTORMS EV3 Home Content
LEGO MINDSTORMS EV3 Home Edition
LEGO MINDSTORMS EV3 Home English Support
LEGO MINDSTORMS EV3 Uninstaller
LEGO MINDSTORMS NXT x64 Driver
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Mouse and Keyboard Center
Microsoft Silverlight
Microsoft Silverlight 5.1
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
Nation Toolbar
Need For Speed Most Wanted version 1.3
NI .NET Framework 4
NI EulaDepot
NI MDF Support
NI Security Update (KB 67L8LCQW)
NI Security Update (KB 67L8LCQW) (64-bit)
NI Uninstaller
NI VC2008MSMs x64
NI VC2008MSMs x86
Photo Common
Photo Gallery
RaceRoom Racing Experience Launcher
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RIDGE RACER™ Driftopia
ROBLOX Player for user
ROBLOX Studio for user
RollerCoaster Tycoon 3 Demo
Soldier Front 2
Source Filmmaker
Steam
Team Fortress 2
Test Drive Unlimited 2
Tribes: Ascend
VLC media player 2.0.4
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Center
WinRAR 4.20 (64-bit)
Your Product
.
==== Event Viewer Messages From Past Week ========
.
22/11/2013 11:48:34, Error: usbehci [4]  - A timeout occurred while waiting for the EHCI host controller Interrupt on Async Advance Doorbell response.
22/11/2013 10:03:52, Error: Microsoft-Windows-Kernel-Power [137]  - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S5). This can result in reduced resume performance.
21/11/2013 22:47:06, Error: Service Control Manager [7022]  - The Software Protection service hung on starting.
21/11/2013 22:34:13, Error: usbehci [3]  - A timeout occurred while waiting for the EHCI host controller Asynchronous Schedule to transition to the enabled state.
21/11/2013 21:09:55, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user admin\user SID (S-1-5-21-1375052093-4268391962-1033398323-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
21/11/2013 16:20:04, Error: Microsoft-Windows-Kernel-Power [137]  - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.
16/11/2013 14:40:30, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  General access denied error
16/11/2013 14:40:30, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  General access denied error
15/11/2013 14:50:05, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
 
 
 

 

Link to post
Share on other sites
  • 3 weeks later...
  • 2 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.