Jump to content

Response for log request


Recommended Posts

As per instructions from LDTate, please find DDS.txt pasted below along with multiple attachments supplied.

Cheers

Jules

DDS (Ver_2011-07-14.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Jules and Tab at 23:54:32 on 2011-07-18

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.2013.864 [GMT 10:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Windows\SysWOW64\wwSecure.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

D:\Program Files (x86)\Logitech\SetPointP\SetPoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Windows Sidebar\sidebar.exe

D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

D:\Program Files (x86)\ScanSoft\OmniPageSE2.0\opwareSE2.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

D:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

D:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: FlashFXP Helper for Internet Explorer: {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\Program Files (x86)\FlashFXP\IEFlash.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll

TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [TomTomHOME.exe] "D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

mRun: [Adobe Acrobat Speed Launcher] "D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [OpwareSE2] "D:\Program Files (x86)\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\JULESA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{2B4A005F-86F4-43F6-BC42-BD8920CD4DCB} : DHCPNameServer = 10.188.66.103 10.176.66.71

TCP: Interfaces\{9FE5E0C7-21F8-443F-BA99-9D8C2EAED168} : NameServer = 192.168.1.1

TCP: Interfaces\{9FE5E0C7-21F8-443F-BA99-9D8C2EAED168}\445435B445F405 : DHCPNameServer = 10.1.1.1

TCP: Interfaces\{9FE5E0C7-21F8-443F-BA99-9D8C2EAED168}\4505C494E4B4 : DHCPNameServer = 10.1.1.1 192.168.1.1

TCP: Interfaces\{9FE5E0C7-21F8-443F-BA99-9D8C2EAED168}\C696E6B6379737 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{CDDFE472-86E3-44F9-93FF-8EBA83A89CE0} : NameServer = 192.168.1.1

SSODL: WebCheck - <orphaned>

x64-Run: [EvtMgr6] D:\Program Files (x86)\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jules and Tab\AppData\Roaming\Mozilla\Firefox\Profiles\mw9cm6nw.default\

FF - prefs.js: browser.startup.homepage - hxxp://forum.avast.com/index.php?topic=81334.0

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Users\Jules and Tab\AppData\Roaming\Mozilla\Firefox\Profiles\mw9cm6nw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll

FF - component: C:\Users\Jules and Tab\AppData\Roaming\Mozilla\Firefox\Profiles\mw9cm6nw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Jules and Tab\AppData\Roaming\Mozilla\Firefox\Profiles\mw9cm6nw.default\extensions\{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}\components\RadioWMPCore.dll

FF - component: C:\Users\Jules and Tab\AppData\Roaming\Mozilla\Firefox\Profiles\mw9cm6nw.default\extensions\{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Jules and Tab\AppData\Roaming\Mozilla\Firefox\Profiles\mw9cm6nw.default\extensions\engine@conduit.com\components\RadioWMPCore.dll

FF - component: C:\Users\Jules and Tab\AppData\Roaming\Mozilla\Firefox\Profiles\mw9cm6nw.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - component: D:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\GuffinsEI\Installr\1.bin\NPu4EISb.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

FF - plugin: D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll

FF - plugin: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-6-15 69376]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-4-22 600920]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-12-31 288088]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-12-31 22360]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-12-26 64856]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-7-9 42184]

R2 Ext2Fsd;Linux ext2 file system driver;C:\Windows\System32\drivers\ext2fsd.sys [2010-1-1 744072]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-5-25 1355968]

R2 TomTomHOMEService;TomTomHOMEService;D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]

R2 ubsbm;Unibrain 1394 SBM Driver;C:\Windows\System32\drivers\UBSBM.sys [2010-2-26 24064]

R2 ubumapi;Unibrain 1394 FireAPI Driver;C:\Windows\System32\drivers\UBUMAPI.sys [2010-2-26 92160]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]

R3 ubohci;Unibrain 1394 OHCI Driver;C:\Windows\System32\drivers\ubohci.sys [2010-2-26 132608]

R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-14 23040]

R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-19 136176]

S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-19 136176]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2009-8-28 21504]

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2010-2-24 726816]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-2-25 20992]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);C:\Windows\System32\drivers\s0017bus.sys [2010-7-16 113704]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;C:\Windows\System32\drivers\s0017mdfl.sys [2010-7-16 19496]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;C:\Windows\System32\drivers\s0017mdm.sys [2010-7-16 152616]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s0017mgmt.sys [2010-7-16 133160]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);C:\Windows\System32\drivers\s0017nd5.sys [2010-7-16 34856]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;C:\Windows\System32\drivers\s0017obex.sys [2010-7-16 128552]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);C:\Windows\System32\drivers\s0017unic.sys [2010-7-16 145960]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-25 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-25 1255736]

.

=============== Created Last 30 ================

.

2011-07-16 06:32:03 -------- d-----w- C:\Users\Jules and Tab\AppData\Roaming\VG Solutions

2011-07-13 09:00:53 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-13 09:00:53 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-07-13 09:00:52 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-07-13 09:00:50 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-13 09:00:50 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-13 09:00:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-13 09:00:50 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-13 09:00:50 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-13 09:00:50 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-13 09:00:50 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-13 09:00:48 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-13 08:48:14 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-07-13 08:42:00 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS

2011-07-13 08:42:00 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys

2011-07-11 01:16:10 -------- d-----w- C:\ProgramData\KingsIsle Entertainment

2011-07-09 12:03:03 -------- d-----w- C:\Users\Jules and Tab\AppData\Local\eventMobileplugin

2011-07-09 09:50:56 -------- d--h--w- C:\ProgramData\tks

2011-07-09 09:49:39 -------- d-----w- C:\ProgramData\Aiseesoft Studio

2011-06-19 09:18:38 -------- d-----w- C:\Users\Jules and Tab\AppData\Local\Google

.

==================== Find3M ====================

.

2011-07-06 09:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 09:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-04 11:43:53 40112 ----a-w- C:\Windows\avastSS.scr

2011-07-04 11:36:56 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-07-04 11:32:24 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-06-16 22:37:34 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-14 15:39:13 15880 ----a-w- C:\Windows\System32\lsdelete.exe

2011-06-14 15:37:31 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys

2011-06-09 21:05:13 138872 ----a-w- C:\Windows\SysWow64\drivers\AnyDVD.sys

2011-06-09 21:05:13 138872 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys

2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-05-07 06:38:00 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll

2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll

2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll

2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll

2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll

2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll

2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe

2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll

2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll

2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll

2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll

2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll

2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll

2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

2011-05-03 18:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-04-23 06:32:33 419840 ----a-w- C:\Windows\System32\systemcpl.dll

2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

.

============= FINISH: 23:56:38.58 ===============

mbam-log-2011-07-18 (20-02-52).txt

Ark_and_Attach.zip

Avast Logs.zip

dds.txt

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

2011/07/19 17:15:07.0702 1632 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/19 17:15:08.0498 1632 ================================================================================

2011/07/19 17:15:08.0498 1632 SystemInfo:

2011/07/19 17:15:08.0498 1632

2011/07/19 17:15:08.0498 1632 OS Version: 6.1.7601 ServicePack: 1.0

2011/07/19 17:15:08.0498 1632 Product type: Workstation

2011/07/19 17:15:08.0498 1632 ComputerName: DESKTOPPC

2011/07/19 17:15:08.0498 1632 UserName: Jules and Tab

2011/07/19 17:15:08.0498 1632 Windows directory: C:\Windows

2011/07/19 17:15:08.0498 1632 System windows directory: C:\Windows

2011/07/19 17:15:08.0498 1632 Running under WOW64

2011/07/19 17:15:08.0498 1632 Processor architecture: Intel x64

2011/07/19 17:15:08.0498 1632 Number of processors: 2

2011/07/19 17:15:08.0498 1632 Page size: 0x1000

2011/07/19 17:15:08.0498 1632 Boot type: Normal boot

2011/07/19 17:15:08.0498 1632 ================================================================================

2011/07/19 17:15:10.0261 1632 Initialize success

2011/07/19 17:15:20.0713 4060 ================================================================================

2011/07/19 17:15:20.0713 4060 Scan started

2011/07/19 17:15:20.0713 4060 Mode: Manual;

2011/07/19 17:15:20.0713 4060 ================================================================================

2011/07/19 17:15:22.0117 4060 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

2011/07/19 17:15:22.0163 4060 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys

2011/07/19 17:15:22.0226 4060 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

2011/07/19 17:15:22.0257 4060 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

2011/07/19 17:15:22.0335 4060 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/07/19 17:15:22.0366 4060 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/07/19 17:15:22.0397 4060 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/07/19 17:15:22.0460 4060 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

2011/07/19 17:15:22.0491 4060 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

2011/07/19 17:15:22.0538 4060 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

2011/07/19 17:15:22.0553 4060 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

2011/07/19 17:15:22.0585 4060 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/19 17:15:22.0616 4060 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/07/19 17:15:22.0647 4060 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

2011/07/19 17:15:22.0678 4060 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/07/19 17:15:22.0709 4060 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

2011/07/19 17:15:22.0772 4060 AnyDVD (1f8e9426219263cb3ce9ac1735a68d9e) C:\Windows\system32\Drivers\AnyDVD.sys

2011/07/19 17:15:22.0803 4060 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

2011/07/19 17:15:22.0881 4060 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/07/19 17:15:22.0912 4060 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/07/19 17:15:22.0959 4060 aswFsBlk (55353cd0da287b2c3782485740965b54) C:\Windows\system32\drivers\aswFsBlk.sys

2011/07/19 17:15:23.0006 4060 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys

2011/07/19 17:15:23.0021 4060 aswRdr (91e7aca95933633b2557f47cdfdb74c3) C:\Windows\system32\drivers\aswRdr.sys

2011/07/19 17:15:23.0099 4060 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys

2011/07/19 17:15:23.0146 4060 aswSP (4d939ecb19dc930056593390d1c87c43) C:\Windows\system32\drivers\aswSP.sys

2011/07/19 17:15:23.0177 4060 aswTdi (d633426c5a207ce21767569aa4946891) C:\Windows\system32\drivers\aswTdi.sys

2011/07/19 17:15:23.0224 4060 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/19 17:15:23.0271 4060 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

2011/07/19 17:15:23.0349 4060 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys

2011/07/19 17:15:23.0396 4060 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/07/19 17:15:23.0443 4060 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/07/19 17:15:23.0489 4060 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/07/19 17:15:23.0536 4060 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/07/19 17:15:23.0599 4060 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/19 17:15:23.0630 4060 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/19 17:15:23.0661 4060 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/19 17:15:23.0692 4060 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/07/19 17:15:23.0723 4060 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/19 17:15:23.0755 4060 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/19 17:15:23.0786 4060 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/07/19 17:15:23.0817 4060 BthAvrcp (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys

2011/07/19 17:15:23.0879 4060 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

2011/07/19 17:15:23.0911 4060 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/07/19 17:15:23.0942 4060 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

2011/07/19 17:15:24.0004 4060 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

2011/07/19 17:15:24.0051 4060 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

2011/07/19 17:15:24.0082 4060 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/19 17:15:24.0145 4060 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

2011/07/19 17:15:24.0207 4060 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/07/19 17:15:24.0238 4060 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/07/19 17:15:24.0332 4060 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/19 17:15:24.0363 4060 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

2011/07/19 17:15:24.0410 4060 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

2011/07/19 17:15:24.0441 4060 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/19 17:15:24.0488 4060 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

2011/07/19 17:15:24.0519 4060 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/07/19 17:15:24.0566 4060 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

2011/07/19 17:15:24.0659 4060 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

2011/07/19 17:15:24.0691 4060 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/07/19 17:15:24.0722 4060 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/07/19 17:15:24.0800 4060 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/07/19 17:15:24.0847 4060 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/19 17:15:24.0956 4060 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/07/19 17:15:25.0081 4060 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys

2011/07/19 17:15:25.0127 4060 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/07/19 17:15:25.0159 4060 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

2011/07/19 17:15:25.0221 4060 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/07/19 17:15:25.0283 4060 Ext2Fsd (77541bb9ea03008ff40035f2d3ef114e) C:\Windows\system32\drivers\Ext2Fsd.sys

2011/07/19 17:15:25.0330 4060 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/07/19 17:15:25.0361 4060 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/19 17:15:25.0408 4060 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/07/19 17:15:25.0439 4060 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/07/19 17:15:25.0486 4060 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/19 17:15:25.0533 4060 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

2011/07/19 17:15:25.0580 4060 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/07/19 17:15:25.0611 4060 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/19 17:15:25.0658 4060 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/19 17:15:25.0689 4060 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/19 17:15:25.0720 4060 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/07/19 17:15:25.0798 4060 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/19 17:15:25.0861 4060 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

2011/07/19 17:15:25.0907 4060 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

2011/07/19 17:15:25.0939 4060 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/07/19 17:15:25.0970 4060 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/07/19 17:15:26.0001 4060 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/07/19 17:15:26.0048 4060 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/19 17:15:26.0126 4060 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

2011/07/19 17:15:26.0173 4060 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

2011/07/19 17:15:26.0235 4060 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/19 17:15:26.0266 4060 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

2011/07/19 17:15:26.0329 4060 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

2011/07/19 17:15:26.0609 4060 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys

2011/07/19 17:15:26.0750 4060 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/07/19 17:15:26.0812 4060 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

2011/07/19 17:15:26.0843 4060 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/19 17:15:26.0890 4060 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/19 17:15:26.0937 4060 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

2011/07/19 17:15:26.0968 4060 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/07/19 17:15:27.0015 4060 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/07/19 17:15:27.0046 4060 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

2011/07/19 17:15:27.0077 4060 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

2011/07/19 17:15:27.0124 4060 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

2011/07/19 17:15:27.0140 4060 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

2011/07/19 17:15:27.0187 4060 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/19 17:15:27.0218 4060 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/19 17:15:27.0249 4060 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/07/19 17:15:27.0343 4060 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys

2011/07/19 17:15:27.0405 4060 LHidFilt (ceb6e18dcfad5c72b81c7da1ac3c1cc1) C:\Windows\system32\DRIVERS\LHidFilt.Sys

2011/07/19 17:15:27.0452 4060 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/19 17:15:27.0514 4060 LMouFilt (f9e48f18be4d2b365f138987b8e7885b) C:\Windows\system32\DRIVERS\LMouFilt.Sys

2011/07/19 17:15:27.0561 4060 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/19 17:15:27.0592 4060 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/19 17:15:27.0623 4060 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/19 17:15:27.0655 4060 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/19 17:15:27.0701 4060 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/07/19 17:15:27.0717 4060 LUsbFilt (51b20b742c9e35ade40b840f6f4f5ee2) C:\Windows\system32\Drivers\LUsbFilt.Sys

2011/07/19 17:15:27.0764 4060 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/07/19 17:15:27.0795 4060 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/07/19 17:15:27.0826 4060 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/07/19 17:15:27.0857 4060 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/19 17:15:27.0889 4060 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/07/19 17:15:27.0935 4060 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/19 17:15:27.0967 4060 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

2011/07/19 17:15:28.0013 4060 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

2011/07/19 17:15:28.0060 4060 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/19 17:15:28.0107 4060 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

2011/07/19 17:15:28.0154 4060 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/19 17:15:28.0201 4060 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/19 17:15:28.0232 4060 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/19 17:15:28.0263 4060 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

2011/07/19 17:15:28.0310 4060 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

2011/07/19 17:15:28.0372 4060 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys

2011/07/19 17:15:28.0403 4060 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/07/19 17:15:28.0435 4060 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/19 17:15:28.0450 4060 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

2011/07/19 17:15:28.0513 4060 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/19 17:15:28.0544 4060 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/19 17:15:28.0559 4060 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/07/19 17:15:28.0622 4060 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

2011/07/19 17:15:28.0653 4060 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

2011/07/19 17:15:28.0700 4060 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/07/19 17:15:28.0731 4060 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/07/19 17:15:28.0793 4060 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys

2011/07/19 17:15:28.0825 4060 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/07/19 17:15:28.0871 4060 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/19 17:15:28.0934 4060 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

2011/07/19 17:15:28.0981 4060 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/19 17:15:29.0012 4060 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/19 17:15:29.0059 4060 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/19 17:15:29.0105 4060 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/19 17:15:29.0152 4060 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

2011/07/19 17:15:29.0215 4060 Netaapl (fe2c3783b211484022702c052b03cee0) C:\Windows\system32\DRIVERS\netaapl64.sys

2011/07/19 17:15:29.0261 4060 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/19 17:15:29.0293 4060 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/19 17:15:29.0371 4060 netr7364 (621559a521682a888d83db34c6ec0bf8) C:\Windows\system32\DRIVERS\netr7364.sys

2011/07/19 17:15:29.0433 4060 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/07/19 17:15:29.0480 4060 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/07/19 17:15:29.0511 4060 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/19 17:15:29.0589 4060 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

2011/07/19 17:15:29.0636 4060 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/07/19 17:15:29.0667 4060 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

2011/07/19 17:15:29.0729 4060 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

2011/07/19 17:15:29.0776 4060 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

2011/07/19 17:15:29.0823 4060 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

2011/07/19 17:15:29.0901 4060 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/07/19 17:15:29.0932 4060 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

2011/07/19 17:15:29.0995 4060 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys

2011/07/19 17:15:30.0026 4060 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

2011/07/19 17:15:30.0057 4060 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

2011/07/19 17:15:30.0104 4060 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/07/19 17:15:30.0166 4060 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys

2011/07/19 17:15:30.0197 4060 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/07/19 17:15:30.0244 4060 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/07/19 17:15:30.0369 4060 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys

2011/07/19 17:15:30.0431 4060 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/19 17:15:30.0463 4060 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/07/19 17:15:30.0525 4060 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/19 17:15:30.0587 4060 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/07/19 17:15:30.0634 4060 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/07/19 17:15:30.0665 4060 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/19 17:15:30.0697 4060 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/19 17:15:30.0728 4060 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/19 17:15:30.0790 4060 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/19 17:15:30.0821 4060 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/19 17:15:30.0853 4060 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/19 17:15:30.0899 4060 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/19 17:15:30.0946 4060 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/07/19 17:15:30.0977 4060 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/19 17:15:31.0024 4060 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

2011/07/19 17:15:31.0055 4060 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/19 17:15:31.0087 4060 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/19 17:15:31.0165 4060 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

2011/07/19 17:15:31.0211 4060 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

2011/07/19 17:15:31.0258 4060 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

2011/07/19 17:15:31.0336 4060 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/07/19 17:15:31.0399 4060 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/19 17:15:31.0461 4060 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys

2011/07/19 17:15:31.0492 4060 s0017bus (032f537623a7b2fb81aaa184c30b70c3) C:\Windows\system32\DRIVERS\s0017bus.sys

2011/07/19 17:15:31.0539 4060 s0017mdfl (9964a28e569b4ff105b446ef8978fd5c) C:\Windows\system32\DRIVERS\s0017mdfl.sys

2011/07/19 17:15:31.0586 4060 s0017mdm (06347087d274c23dcfa8c4ab5c4314db) C:\Windows\system32\DRIVERS\s0017mdm.sys

2011/07/19 17:15:31.0617 4060 s0017mgmt (f0f0747b3fa50272de6b1bf575fa4700) C:\Windows\system32\DRIVERS\s0017mgmt.sys

2011/07/19 17:15:31.0664 4060 s0017nd5 (7224412cea2ff2df7d4842c1b0e71045) C:\Windows\system32\DRIVERS\s0017nd5.sys

2011/07/19 17:15:31.0695 4060 s0017obex (3feadbc7f09b8b596cbfb82f12aba87f) C:\Windows\system32\DRIVERS\s0017obex.sys

2011/07/19 17:15:31.0726 4060 s0017unic (2b63bea31d939888b2a8f3f14d89b5c1) C:\Windows\system32\DRIVERS\s0017unic.sys

2011/07/19 17:15:31.0757 4060 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

2011/07/19 17:15:31.0789 4060 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

2011/07/19 17:15:31.0851 4060 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/19 17:15:31.0913 4060 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/07/19 17:15:31.0976 4060 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/19 17:15:32.0007 4060 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/07/19 17:15:32.0054 4060 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/07/19 17:15:32.0132 4060 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

2011/07/19 17:15:32.0163 4060 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/19 17:15:32.0194 4060 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/19 17:15:32.0225 4060 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/07/19 17:15:32.0272 4060 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/19 17:15:32.0303 4060 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/07/19 17:15:32.0350 4060 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/07/19 17:15:32.0413 4060 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/07/19 17:15:32.0475 4060 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

2011/07/19 17:15:32.0537 4060 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/19 17:15:32.0584 4060 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/19 17:15:32.0647 4060 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/07/19 17:15:32.0693 4060 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

2011/07/19 17:15:32.0725 4060 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

2011/07/19 17:15:32.0756 4060 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

2011/07/19 17:15:32.0896 4060 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys

2011/07/19 17:15:32.0959 4060 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/19 17:15:33.0021 4060 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/19 17:15:33.0052 4060 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/07/19 17:15:33.0083 4060 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/07/19 17:15:33.0130 4060 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/19 17:15:33.0161 4060 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

2011/07/19 17:15:33.0302 4060 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/19 17:15:33.0349 4060 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

2011/07/19 17:15:33.0427 4060 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/19 17:15:33.0458 4060 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/07/19 17:15:33.0505 4060 ubohci (a951327a058ef7bf6d3e980b0022160c) C:\Windows\system32\DRIVERS\ubohci.sys

2011/07/19 17:15:33.0536 4060 ubsbm (365dfb1d1406720ca6681d38e4eaab47) C:\Windows\system32\DRIVERS\ubsbm.sys

2011/07/19 17:15:33.0567 4060 ubumapi (92f01c31c87131f73ecdbb94256abfd1) C:\Windows\system32\DRIVERS\ubumapi.sys

2011/07/19 17:15:33.0614 4060 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/19 17:15:33.0676 4060 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/19 17:15:33.0723 4060 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

2011/07/19 17:15:33.0754 4060 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/07/19 17:15:33.0832 4060 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys

2011/07/19 17:15:33.0879 4060 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/19 17:15:33.0926 4060 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

2011/07/19 17:15:33.0957 4060 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/19 17:15:34.0004 4060 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/19 17:15:34.0051 4060 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2011/07/19 17:15:34.0082 4060 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/19 17:15:34.0129 4060 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2011/07/19 17:15:34.0175 4060 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/19 17:15:34.0222 4060 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/19 17:15:34.0269 4060 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

2011/07/19 17:15:34.0316 4060 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/19 17:15:34.0331 4060 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/07/19 17:15:34.0409 4060 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

2011/07/19 17:15:34.0441 4060 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

2011/07/19 17:15:34.0472 4060 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

2011/07/19 17:15:34.0503 4060 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

2011/07/19 17:15:34.0534 4060 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

2011/07/19 17:15:34.0581 4060 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

2011/07/19 17:15:34.0612 4060 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

2011/07/19 17:15:34.0675 4060 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/07/19 17:15:34.0706 4060 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/07/19 17:15:34.0753 4060 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/07/19 17:15:34.0784 4060 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

2011/07/19 17:15:34.0831 4060 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/07/19 17:15:34.0878 4060 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/19 17:15:34.0893 4060 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/19 17:15:34.0987 4060 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/07/19 17:15:35.0018 4060 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/19 17:15:35.0112 4060 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/19 17:15:35.0143 4060 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/07/19 17:15:35.0252 4060 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/07/19 17:15:35.0283 4060 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/19 17:15:35.0346 4060 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/19 17:15:35.0392 4060 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

2011/07/19 17:15:35.0439 4060 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys

2011/07/19 17:15:35.0517 4060 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

2011/07/19 17:15:35.0548 4060 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/19 17:15:35.0704 4060 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

2011/07/19 17:15:35.0845 4060 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/07/19 17:15:35.0860 4060 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

2011/07/19 17:15:35.0892 4060 Boot (0x1200) (abb2536928595ec72c83e5af335ff029) \Device\Harddisk2\DR2\Partition0

2011/07/19 17:15:35.0923 4060 Boot (0x1200) (6d5508a12ba9d8f209b538b4176e400d) \Device\Harddisk2\DR2\Partition1

2011/07/19 17:15:35.0938 4060 Boot (0x1200) (37379c3b0b9fdd8c4a26e5d6b0f7aa11) \Device\Harddisk0\DR0\Partition0

2011/07/19 17:15:35.0970 4060 Boot (0x1200) (392e52c50612a99dbda1d3a09cee143f) \Device\Harddisk1\DR1\Partition0

2011/07/19 17:15:35.0985 4060 ================================================================================

2011/07/19 17:15:35.0985 4060 Scan finished

2011/07/19 17:15:35.0985 4060 ================================================================================

2011/07/19 17:15:36.0001 0800 Detected object count: 0

2011/07/19 17:15:36.0001 0800 Actual detected object count: 0

GooredFix by jpshortstuff (03.07.10.1)

Log created at 17:13 on 19/07/2011 (Jules and Tab)

Firefox version 6.0 (en-GB)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\

(none)

C:\Users\Jules and Tab\Application Data\Mozilla\Firefox\Profiles\mw9cm6nw.default\extensions\

{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5} [08:51 21/06/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"bkmrksync@nokia.com"="D:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\" [03:47 26/06/2010]

---------- Old Logs ----------

GooredFix[07.13.24_19-07-2011].txt

-=E.O.F=-

Computer has been behaving normally, however a lot of family pictures have been corrupted and a suspect mismatch extension .jpg file has been found amongst the damaged files by Mbam. PC has not been restarted since these scans.

Thanks for your assistance.

Link to post
Share on other sites

We'll keep at it.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 11-07-20.02 - Jules and Tab 20/07/2011 19:28:01.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.2013.841 [GMT 10:00]

Running from: c:\users\Jules and Tab\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\GuffinsEI

c:\program files (x86)\GuffinsEI\Installr\1.bin\NPu4EISb.dll

c:\program files (x86)\GuffinsEI\Installr\1.bin\u4EIPlug.dll

c:\users\Jules and Tab\AppData\Roaming\inst.exe

c:\windows\XSxS

.

.

((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 )))))))))))))))))))))))))))))))

.

.

2011-07-20 09:37 . 2011-07-20 09:37 -------- d-----w- c:\users\Miles\AppData\Local\temp

2011-07-20 09:37 . 2011-07-20 09:37 -------- d-----w- c:\users\Eden\AppData\Local\temp

2011-07-20 09:37 . 2011-07-20 09:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-20 06:13 . 2011-07-20 06:13 -------- d-----w- c:\users\Jules and Tab\AppData\Roaming\.minecraft

2011-07-19 07:26 . 2011-07-19 07:26 -------- d-----w- c:\users\Jules and Tab\AppData\Local\Adobe

2011-07-16 06:32 . 2011-07-16 06:32 -------- d-----w- c:\users\Jules and Tab\AppData\Roaming\VG Solutions

2011-07-16 04:48 . 2011-07-16 04:48 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-07-13 09:00 . 2011-06-03 06:57 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-07-13 09:00 . 2011-06-03 06:53 338944 ----a-w- c:\windows\system32\conhost.exe

2011-07-13 09:00 . 2011-06-03 06:57 214528 ----a-w- c:\windows\system32\winsrv.dll

2011-07-13 09:00 . 2011-06-03 06:57 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-13 09:00 . 2011-06-03 06:57 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2011-07-13 09:00 . 2011-06-03 06:57 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2011-07-13 09:00 . 2011-06-03 06:00 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2011-07-13 09:00 . 2011-06-03 05:57 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2011-07-13 09:00 . 2011-06-03 05:56 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2011-07-13 09:00 . 2011-06-03 03:53 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2011-07-13 09:00 . 2011-06-03 03:53 2048 ----a-w- c:\windows\SysWow64\user.exe

2011-07-13 08:48 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys

2011-07-13 08:42 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2011-07-13 08:42 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS

2011-07-11 01:16 . 2011-07-11 01:16 -------- d-----w- c:\programdata\KingsIsle Entertainment

2011-07-09 12:03 . 2011-07-10 00:59 -------- d-----w- c:\users\Jules and Tab\AppData\Local\eventMobileplugin

2011-07-09 10:14 . 2011-07-09 10:14 -------- d-----w- c:\programdata\SlySoft

2011-07-09 09:50 . 2011-07-09 09:50 -------- d--h--w- c:\programdata\tks

2011-07-09 09:49 . 2011-07-09 09:49 -------- d-----w- c:\programdata\Aiseesoft Studio

2011-07-08 22:12 . 2011-07-08 22:12 -------- d-----w- c:\users\Eden\AppData\Local\Diagnostics

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-06 09:52 . 2010-01-06 08:08 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 09:52 . 2010-01-06 08:08 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-04 11:43 . 2010-07-02 01:46 40112 ----a-w- c:\windows\avastSS.scr

2011-07-04 11:43 . 2009-12-26 07:55 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-07-04 11:43 . 2011-01-29 07:20 253888 ----a-w- c:\windows\system32\aswBoot.exe

2011-07-04 11:36 . 2011-04-22 09:13 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-04 11:36 . 2009-12-30 15:35 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-07-04 11:35 . 2009-12-26 07:55 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-07-04 11:32 . 2009-12-26 07:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-07-04 11:32 . 2009-12-26 07:55 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-07-04 11:32 . 2009-12-30 15:35 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-06-17 09:26 . 2009-12-29 12:38 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2011-06-16 22:37 . 2011-06-16 22:37 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-14 15:39 . 2010-01-25 06:02 15880 ----a-w- c:\windows\system32\lsdelete.exe

2011-06-14 15:37 . 2011-06-14 22:30 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-06-09 21:05 . 2011-06-09 21:05 138872 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys

2011-06-09 21:05 . 2011-06-09 21:05 138872 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

2011-06-03 05:57 . 2011-07-13 09:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-30 09:45 . 2010-01-24 08:22 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2011-05-27 09:07 . 2010-01-24 08:22 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-05-07 06:38 . 2010-05-29 08:44 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-05-03 18:52 . 2010-04-23 08:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-05-03 05:29 . 2011-06-16 21:54 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-05-03 04:30 . 2011-06-16 21:54 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-04-29 03:06 . 2011-06-16 21:54 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-29 03:05 . 2011-06-16 21:54 410112 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 03:05 . 2011-06-16 21:54 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-27 02:40 . 2011-06-16 21:54 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-27 02:39 . 2011-06-16 21:54 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-27 02:39 . 2011-06-16 21:54 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-25 05:33 . 2011-06-16 21:54 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-04-25 02:34 . 2011-06-16 21:54 499200 ----a-w- c:\windows\system32\drivers\afd.sys

2011-04-23 06:32 . 2011-02-24 23:36 419840 ----a-w- c:\windows\system32\systemcpl.dll

2011-04-23 01:29 . 2011-06-16 22:03 2303488 ----a-w- c:\windows\system32\jscript9.dll

2011-04-23 01:19 . 2011-06-16 22:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-04-22 23:35 . 2011-06-16 22:03 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-04-22 23:25 . 2011-06-16 22:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-04-22 22:15 . 2011-05-24 21:53 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[-] 2011-02-25 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll

.

[-] 2011-02-25 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll

[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTo1.dll" [2011-02-06 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-02-06 00:49 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngin0.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

2011-02-06 00:49 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTo1.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTo1.dll" [2011-02-06 3911776]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngin0.dll" [2011-02-06 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"TomTomHOME.exe"="d:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Acrobat Speed Launcher"="d:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-07 40376]

"Acrobat Assistant 8.0"="d:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"OpwareSE2"="d:\program files (x86)\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-17 421160]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

c:\users\Jules and Tab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-19 136176]

R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-19 136176]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]

R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]

R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]

R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]

R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]

R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]

R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 Ext2Fsd;Linux ext2 file system driver; [x]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-06-14 1355968]

S2 TomTomHOMEService;TomTomHOMEService;d:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys [x]

S2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys [x]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-24 15:37]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EvtMgr6"="d:\program files (x86)\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: Interfaces\{9FE5E0C7-21F8-443F-BA99-9D8C2EAED168}: NameServer = 192.168.1.1

TCP: Interfaces\{CDDFE472-86E3-44F9-93FF-8EBA83A89CE0}: NameServer = 192.168.1.1

FF - ProfilePath - c:\users\Jules and Tab\AppData\Roaming\Mozilla\Firefox\Profiles\mw9cm6nw.default\

FF - prefs.js: browser.startup.homepage - hxxp://forum.avast.com/index.php?topic=81334.0

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

AddRemove-EasyBCD - d:\program files (x86)\NeoSmart Technologies\EasyBCD\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3300194073-333461294-3519441796-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1CFC8C9A-8FC9-3F30-0D92-2941537A7420}*]

"naphajlejmdfpkcdniedaggimdme"=hex:6b,61,6a,63,64,61,6c,65,65,64,65,6d,69,6b,

69,6c,61,66,6a,61,6d,63,00,00

"oafhgifpamcdgnebkdflbeagpfogne"=hex:6b,61,6a,63,64,61,6c,65,65,64,65,6d,69,6b,

69,6c,61,66,6a,61,6d,63,00,00

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-07-20 19:41:26

ComboFix-quarantined-files.txt 2011-07-20 09:41

.

Pre-Run: 20,705,951,744 bytes free

Post-Run: 20,242,665,472 bytes free

.

- - End Of File - - 6366A076C964109FFD23F3CA2D06B5AD

NOTES: Computer is still behaving normally, however a lot of family pictures are still not viewable. A suspect mismatch extension .jpg file has been found amongst the damaged files by Mbam.

Thanks again for your assistance.

Link to post
Share on other sites

Have applied the fix and there are some changes.

Rather than be associated with Windows Picture viewer the damaged files seem to now be "unassociated"

Computer is still behaving normally, however a lot of family pictures (.jpg) are still not viewable.

Thanks for keeping at it!

Your help is much appreciated.

Jules

post-88041-0-85242200-1311285726.jpg

Link to post
Share on other sites

Lets give this a try

STEP 01

Visit this link to see how to set a Full Disk Check: How to Run Check Disk at Startup in Vista or Windows 7

Set the check and restart the computer and allow it to check the drive for errors. It should be in like a blue DOS box for probably at least about 10 minutes or more. If not then something prevented CHKDSK from running on reboot.

STEP 02

Download the following registry association fix from winhelponline - jpeg_fix_w7.zip

Open or extract the zip file and double-click the jpeg_fix_w7.reg registry file inside to merge it into the Registry. Click Yes to allow the change.

STEP 03

Start NOTEPAD (not wordpad or any other editor) and then select all of the text from the codebox below using your mouse then right click and choose copy. Then go back to NOTEPAD and select Edit/Paste

Then click on File Save, then in the Save as type: click the down arrow and choose All Files (*.*) and in the File name: type in "FixThumbnailView.bat" and make sure you also type in the start and end quote marks. Then save to your Desktop.

Now close NOTEPAD and find that the file FixThumbnailView.bat on your Desktop. Right click over it and choose Run as administrator it will run quickly. When done please restart your computer.

@echo off
taskkill /F /IM explorer.exe
CD /D %LOCALAPPDATA%
DEL /AH IconCache.db
CD /D %LOCALAPPDATA%\Microsoft\Windows\Explorer
DEL thumbcache*.db
explorer.exe
echo .
echo Please restart your computer now...
PAUSE

STEP 04

If the image views are now working great - you're done. If not then do the following.

Click on START start_flag.png then click on COMPUTER, then on the menu Tools, Folder Options

Then click on the Restore Defaults button.

folder_options_01.png

Then click on the View tab and click on the Reset Folders button, then on the Restore Defaults button.

folder_options_02.png

Now go to your Pictures folder and see if the images are now working as expected.

STEP 05

Please download and run the following tool unhide.exe to help with hidden programs on your system.

Right click over unhide.exe and choose Run as administrator and let it run until it completes.

STEP 06

Please use TFC to clear temporary files:

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here or here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Right click TFC.exe and choose Run as administrator to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Now let us know if the Thumbnail View issue has been resolved.

Link to post
Share on other sites

OK. I get as far as step 3 and then when running "FixThumbnailView.bat" as administrator I get the following error (below).

SUCCESS: The process "explorer.exe" with PID 2848 has been terminated.

Could Not Find C:\Users\Jules and Tab\AppData\Local\IconCache.db

C:\Users\Jules and Tab\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.

db

Access is denied.

C:\Users\Jules and Tab\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.d

b

Access is denied.

C:\Users\Jules and Tab\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db

Access is denied.

C:\Users\Jules and Tab\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

Access is denied.

C:\Users\Jules and Tab\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.d

b

Access is denied.

C:\Users\Jules and Tab\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db

Access is denied.

Thanks

Jules

Link to post
Share on other sites

Hi Larry,

Unfortunately the pictures are still displaying the same error message when I try to open them.

nosirrah mentioned that he thought they were not a corrupted jpeg's, and that they may have been replaced by executable code it is likely that the pictures are still there but hidden.

Is this what you are thinking?

Thanks again.

Jules

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.