bobstothard

image attached

hi kahdah, i've just installed the 197.16_notebook_winvista_win7_32bit_international_whql driver from nvidia and have the same problem. The machine didn't blue screen but when loading windows the screen is all fuzzy, (see attached) I'm starting to think it may be a hardware issue. unless you have any other advice i think what i might do now is take a copy of the disk as i have it now. Then do a fresh install of windows and install the driver before anything else and see if i get the same issue.

hi kahdah, here is the combofix log ComboFix 10-06-14.01 - Bob 14/06/2010 19:20:05.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3070.2017 [GMT 1:00] Running from: c:\users\Bob\Downloads\Browser Downloads\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 ))))))))))))))))))))))))))))))) . 2010-06-14 18:27 . 2010-06-14 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-08 20:55 . 2010-06-08 20:55 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-03 16:39 . 2010-06-03 16:39 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys 2010-06-03 16:39 . 2010-06-03 16:39 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys 2010-05-31 13:04 . 2010-05-31 13:04 -------- d-----w- c:\users\Bob\New folder 2010-05-26 18:36 . 2010-03-17 00:01 215656 ----a-w- c:\windows\system32\nvcod1910.dll 2010-05-26 17:23 . 2010-05-26 17:23 -------- d-----w- c:\users\Bob\AppData\Roaming\Malwarebytes 2010-05-26 17:23 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-26 17:23 . 2010-05-26 17:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-26 17:23 . 2010-05-26 17:23 -------- d-----w- c:\programdata\Malwarebytes 2010-05-26 17:23 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-26 16:47 . 2010-05-26 17:17 -------- d-----w- C:\NVIDIA 2010-05-25 19:33 . 2010-05-25 19:56 -------- d-----w- c:\program files\WhoCrashed 2010-05-25 19:20 . 2010-05-25 19:20 -------- d-----w- c:\program files\Phyxion.net 2010-05-25 17:31 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-14 18:23 . 2010-01-12 18:59 -------- d-----w- c:\users\Bob\AppData\Roaming\uTorrent 2010-06-14 17:49 . 2010-01-11 13:20 -------- d-----w- c:\programdata\Microsoft Help 2010-06-14 17:46 . 2010-05-13 16:35 -------- d-----w- c:\users\Bob\AppData\Roaming\Dropbox 2010-06-14 17:43 . 2010-01-13 08:13 -------- d-----w- c:\programdata\VMware 2010-06-14 17:42 . 2010-01-11 15:40 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-13 20:03 . 2010-01-24 00:46 -------- d-----w- c:\users\Bob\AppData\Roaming\Spotify 2010-06-08 20:56 . 2010-01-13 23:22 -------- d-----w- c:\program files\Common Files\Java 2010-06-08 20:55 . 2010-01-14 08:46 -------- d-----w- c:\program files\Java 2010-06-03 16:39 . 2010-01-11 14:59 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-03 16:39 . 2010-01-11 14:59 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-05-28 17:16 . 2010-01-11 12:59 -------- d-----w- c:\users\Bob\AppData\Roaming\Apple Computer 2010-05-26 17:21 . 2010-03-23 19:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-26 16:02 . 2010-01-10 19:55 -------- d-----w- c:\program files\Microsoft 2010-05-20 08:02 . 2010-01-12 18:59 -------- d-----w- c:\program files\uTorrent 2010-05-18 08:20 . 2010-01-26 21:32 -------- d-----w- c:\program files\Google 2010-05-17 13:33 . 2010-03-04 17:24 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-13 20:13 . 2010-05-13 16:35 89831 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\Uninstall.exe 2010-05-12 16:51 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-05-10 17:26 . 2010-05-10 17:26 655360 ----a-w- c:\users\Bob\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll 2010-05-10 17:26 . 2010-05-10 17:26 282624 ----a-w- c:\users\Bob\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll 2010-05-10 17:26 . 2010-05-10 17:26 208896 ----a-w- c:\users\Bob\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll 2010-05-08 14:13 . 2010-05-08 13:34 -------- d-----w- c:\users\Bob\AppData\Roaming\vlc 2010-05-08 13:34 . 2010-05-08 13:34 -------- d-----w- c:\program files\VideoLAN 2010-05-05 21:42 . 2010-05-05 21:42 45126 ----a-r- c:\users\Bob\AppData\Roaming\Microsoft\Installer\{C7DEE429-4C9B-4126-894F-50B4F54FF196}\_6FEFF9B68218417F98F549.exe 2010-05-05 21:42 . 2010-05-05 21:42 45126 ----a-r- c:\users\Bob\AppData\Roaming\Microsoft\Installer\{C7DEE429-4C9B-4126-894F-50B4F54FF196}\_322FD67B4052E9187FCAD5.exe 2010-05-05 21:42 . 2010-05-05 21:42 -------- d-----w- c:\program files\MetaGeek 2010-05-05 17:01 . 2010-05-05 17:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf 2010-05-05 17:00 . 2010-05-05 17:00 -------- d-----w- c:\users\Bob\AppData\Roaming\Teleca 2010-05-05 16:59 . 2010-05-05 16:59 -------- d-----w- c:\program files\Common Files\Teleca Shared 2010-05-05 16:59 . 2010-05-05 16:59 -------- d-----w- c:\programdata\Teleca 2010-05-05 16:59 . 2010-05-05 16:57 -------- d-----w- c:\program files\HTC 2010-05-05 16:57 . 2010-05-05 16:57 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys 2010-05-05 16:57 . 2010-05-05 16:57 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2010-05-02 11:34 . 2010-01-13 08:23 -------- d-----w- c:\users\Bob\AppData\Roaming\VMware 2010-04-30 22:27 . 2010-01-11 12:58 -------- d-----w- c:\program files\iTunes 2010-04-30 22:27 . 2010-04-30 22:27 -------- d-----w- c:\program files\iPod 2010-04-30 22:27 . 2010-01-11 12:57 -------- d-----w- c:\program files\Common Files\Apple 2010-04-30 22:25 . 2010-04-30 22:25 -------- d-----w- c:\program files\Bonjour 2010-04-30 22:22 . 2010-04-30 22:22 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe 2010-04-29 10:17 . 2010-04-27 14:37 158 ----a-w- c:\users\Bob\moreusers.bat 2010-04-21 20:51 . 2010-04-21 20:51 -------- d-----w- c:\program files\SyncToy 2.1 2010-04-21 20:51 . 2010-04-21 20:51 -------- d-----w- c:\program files\Microsoft Sync Framework 2010-04-21 20:23 . 2010-03-29 11:46 -------- d-----w- c:\users\Bob\AppData\Roaming\DiskSpaceFan 2010-04-20 19:00 . 2010-04-20 18:57 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-20 18:39 . 2010-04-20 18:25 -------- d-----w- c:\program files\QuickTime 2010-04-20 18:15 . 2010-04-20 18:15 -------- d-----w- c:\program files\Visual CertExam Suite 2010-04-14 17:53 . 2010-04-14 17:53 136 ----a-w- c:\windows\UNlock.dat 2010-04-11 11:19 . 2010-04-10 18:29 41 ----a-w- c:\users\Bob\jagex_runescape_preferences.dat 2010-04-11 10:18 . 2010-04-10 18:32 69 ----a-w- c:\users\Bob\jagex_runescape_preferences2.dat 2010-04-10 18:32 . 2010-04-10 18:32 0 ----a-w- c:\users\Bob\jagex__preferences3.dat 2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2009-09-12 23:05 . 2009-09-12 23:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2009-09-12 23:06 . 2009-09-12 23:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2009-09-12 23:06 . 2009-09-12 23:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2009-09-12 23:06 . 2009-09-12 23:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2009-09-12 23:06 . 2009-09-12 23:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2009-09-12 23:07 . 2009-09-12 23:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2009-09-12 23:06 . 2009-09-12 23:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2009-09-12 23:06 . 2009-09-12 23:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2009-08-14 13:33 . 2009-08-14 13:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2009-09-12 23:06 . 2009-09-12 23:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-19 322352] "Google Update"="c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-26 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248] "RtHDVCpl"="RtHDVCpl.exe" [2008-02-04 4907008] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-03 198160] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Bob\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 136176] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2010-05-05 24576] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-15 216200] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-03 242896] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584] S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-02-04 77824] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-15 308064] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464] S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-22 70704] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-07-29 51288] S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536] . Contents of the 'Scheduled Tasks' folder 2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 16:10] 2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 16:10] 2010-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2423535537-1617997293-4219122223-1001Core.job - c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-26 19:00] 2010-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2423535537-1617997293-4219122223-1001UA.job - c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-26 19:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll Trusted Zone: glasgow FF - ProfilePath - c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\lnhlosvg.default\ FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll FF - plugin: c:\users\Bob\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\users\Bob\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll FF - plugin: c:\users\Bob\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . . ------- File Associations ------- . .txt=Notepad++_file . . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(4256) c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . Completion time: 2010-06-14 19:31:11 ComboFix-quarantined-files.txt 2010-06-14 18:31 Pre-Run: 20,546,813,952 bytes free Post-Run: 21,447,139,328 bytes free - - End Of File - - 99A2F29F4478B927419958FB00E23811

hi kahdah, here are the logs you requested, thanks for helping bob ark.txt OTL.Txt

Hi, hoping someone can help sometime last week i began getting the following BSOD whenever booting windows Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4145 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 26/05/2010 18:35:07 mbam-log-2010-05-26 (18-35-07).txt Scan type: Quick scan Objects scanned: 125003 Time elapsed: 5 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\4dw4r3 (Rootkit.TDSS) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toy5knq8oc (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Here is the DDS Log DDS (Ver_10-03-17.01) - NTFSx86 Run by Bob at 21:07:07.16 on 26/05/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3070.472 [GMT 1:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Windows\system32\lsm.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\AERTSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Windows\system32\DRIVERS\o2flash.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\system32\vmnat.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Windows\system32\taskhost.exe C:\Program Files\RealVNC\VNC4\winvnc4.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Windows\system32\vmnetdhcp.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\VMware\VMware Workstation\vmware-tray.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Users\Bob\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Common Files\Teleca Shared\logger.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\AVG\AVG9\avgscanx.exe C:\Windows\system32\conhost.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Notepad++\notepad++.exe C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Bob\Downloads\Browser Downloads\Defogger.exe C:\Windows\system32\conhost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Bob\Downloads\Browser Downloads\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.google.co.uk/ uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_07\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [Google Update] "c:\users\bob\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\bob\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\bob\appdata\roaming\dropbox\bin\Dropbox.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_07\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL LSP: c:\program files\vmware\vmware workstation\vsocklib.dll Trusted Zone: glasgow DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll AppInit_DLLs: avgrsstx.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\bob\appdata\roaming\mozilla\firefox\profiles\lnhlosvg.default\ FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJPI150_07.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - plugin: c:\users\bob\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\users\bob\appdata\roaming\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\users\bob\appdata\roaming\facebook\npfbplugin_1_0_3.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-11 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-11 29512] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-11 242896] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584] R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2010-1-11 77824] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-15 308064] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-26 304464] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-26 20952] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-7-29 51288] R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-12 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-5-5 24576] ============== File Associations =============== .txt=Notepad++_file =============== Created Last 30 ================ 2010-05-26 20:04:46 0 ----a-w- c:\users\bob\defogger_reenable 2010-05-26 18:36:06 215656 ----a-w- c:\windows\system32\nvcod1910.dll 2010-05-26 17:23:28 0 d-----w- c:\users\bob\appdata\roaming\Malwarebytes 2010-05-26 17:23:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-26 17:23:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-26 17:23:23 0 d-----w- c:\programdata\Malwarebytes 2010-05-26 17:23:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-26 17:21:54 0 d-----w- c:\windows\system32\appmgmt 2010-05-26 16:47:25 0 d-----w- C:\NVIDIA 2010-05-25 19:33:49 0 d-----w- c:\program files\WhoCrashed 2010-05-25 19:20:11 0 d-----w- c:\program files\Phyxion.net 2010-05-25 18:55:05 0 ----a-w- c:\windows\DbgOut.INI 2010-05-25 17:31:32 2048 ----a-w- c:\windows\system32\tzres.dll 2010-05-24 16:58:56 131072 ---ha-w- c:\windows\DUMP3c0f.DMP 2010-05-24 16:48:20 65536 --sha-w- c:\users\bob\ntuser.dat{0a6b92ca-6754-11df-be36-005056c00008}.TM.blf 2010-05-24 16:48:20 524288 --sha-w- c:\users\bob\ntuser.dat{0a6b92ca-6754-11df-be36-005056c00008}.TMContainer00000000000000000002.regtrans-ms 2010-05-24 16:48:20 524288 --sha-w- c:\users\bob\ntuser.dat{0a6b92ca-6754-11df-be36-005056c00008}.TMContainer00000000000000000001.regtrans-ms 2010-05-24 16:32:31 65536 --sha-w- c:\users\bob\ntuser.dat{dbb1745a-6751-11df-a6db-002186a47cdc}.TM.blf 2010-05-24 16:32:31 524288 --sha-w- c:\users\bob\ntuser.dat{dbb1745a-6751-11df-a6db-002186a47cdc}.TMContainer00000000000000000002.regtrans-ms 2010-05-24 16:32:31 524288 --sha-w- c:\users\bob\ntuser.dat{dbb1745a-6751-11df-a6db-002186a47cdc}.TMContainer00000000000000000001.regtrans-ms 2010-05-21 11:38:21 7772 ----a-w- c:\windows\system32\nvinfo.pb 2010-05-20 19:57:51 65536 --sha-w- c:\users\bob\NTUSER.DAT{c84c936f-6449-11df-b4de-002186a47cdc}.TM.blf 2010-05-20 19:57:51 524288 --sha-w- c:\users\bob\NTUSER.DAT{c84c936f-6449-11df-b4de-002186a47cdc}.TMContainer00000000000000000002.regtrans-ms 2010-05-20 19:57:51 524288 --sha-w- c:\users\bob\NTUSER.DAT{c84c936f-6449-11df-b4de-002186a47cdc}.TMContainer00000000000000000001.regtrans-ms 2010-05-13 16:37:50 0 d-----r- c:\users\bob\My Dropbox 2010-05-13 16:35:29 0 d-----w- c:\users\bob\appdata\roaming\Dropbox 2010-05-11 19:47:28 740864 ----a-w- c:\windows\system32\inetcomm.dll 2010-05-08 13:34:14 0 d-----w- c:\program files\VideoLAN 2010-05-06 19:26:01 50 ----a-w- c:\windows\MegaManager.INI 2010-05-05 21:42:49 0 d-----w- c:\program files\MetaGeek 2010-05-05 17:01:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf 2010-05-05 17:00:11 0 d-----w- c:\users\bob\appdata\roaming\Teleca 2010-05-05 16:59:31 0 d-----w- c:\programdata\Teleca 2010-05-05 16:59:31 0 d-----w- c:\program files\common files\Teleca Shared 2010-05-05 16:57:56 0 d-----w- c:\program files\HTC 2010-05-05 16:57:53 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys 2010-05-05 16:57:53 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2010-04-30 22:27:11 0 d-----w- c:\program files\iPod 2010-04-30 22:25:29 0 d-----w- c:\program files\Bonjour 2010-04-28 17:40:10 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys 2010-04-28 17:40:09 1037312 ----a-w- c:\windows\system32\lsasrv.dll 2010-04-28 17:40:08 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-04-27 14:37:26 158 ----a-w- c:\users\bob\moreusers.bat 2010-04-27 14:25:17 580 ----a-w- c:\users\bob\moreusers.csv 2010-04-27 13:57:25 386 ----a-w- c:\users\bob\createnewser.ps1 2010-04-27 13:55:18 499 ----a-w- c:\users\bob\newusers.csv ==================== Find3M ==================== 2010-04-21 08:53:27 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-11 11:19:01 41 ----a-w- c:\users\bob\jagex_runescape_preferences.dat 2010-04-11 10:18:55 69 ----a-w- c:\users\bob\jagex_runescape_preferences2.dat 2010-04-10 18:32:10 0 ----a-w- c:\users\bob\jagex__preferences3.dat 2010-04-08 12:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 12:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-03-15 08:04:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll 2010-02-27 12:07:48 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-27 12:07:48 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2010-01-22 03:19:16 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 21:09:08.18 =============== Attach.zip