Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Image : C:\Windows\system32\D3D10Warp.dll is either not designed to run on Windows or it contains an error.


  • This topic is locked This topic is locked
14 replies to this topic

#1 -bob

-bob

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 15 August 2012 - 01:45 PM

I keep getting pop-ups like:

Bad Image : C:\Windows\system32\D3D10Warp.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

The DLL name varies but the D3D10Warp.dll is pretty common lately.  It can be triggered by clicking on "Help" options in some programs, "WD SmartWare" for example.  Also related (maybe) - If I do get a help window it always seems to be blank (which is a pain).

Any help would be most appreciated.

Thanks!

DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Bob at 11:27:38 on 2012-08-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6075.4028 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
C:\Users\Bob\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe
C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
D:\ProgFiles\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
D:\ProgFiles\Intel\IntelAppStore\bin\AppUp.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\ubuntuone\dist\ubuntuone-proxy-tunnel.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ubuntuone\dist\ubuntu-sso-login.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
BHO: AutorunsDisabled - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [googletalk] C:\Users\Bob\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [0EF39F5CD2F93E2D49A90D9D56ACFA1B90BF26B7._service_run] "C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [chromium] C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Ubuntu One] "C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe"
uRun: [Ubuntu One Icon] "C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe" --minimized --with-icon
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [BTLive] C:\Users\Bob\AppData\Roaming\BTLive\BTLive.exe
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Google Update] "C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Intel AppUp(SM) center] "D:\ProgFiles\Intel\IntelAppStore\bin\ismagent.lnk"
mRun: [Intel AppUp(SM) center_Nagware] "D:\ProgFiles\Intel\IntelAppStore\bin\AppUp.lnk"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{380597F5-B2C1-42DA-963E-317609A92B7C} : DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: AutorunsDisabled - No File
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [Intel AppUp(SM) center] "D:\ProgFiles\Intel\IntelAppStore\bin\ismagent.lnk"
mRun-x64: [Intel AppUp(SM) center_Nagware] "D:\ProgFiles\Intel\IntelAppStore\bin\AppUp.lnk"
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\sfb1xgzh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bob\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Bob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Bob\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: D:\ProgFiles\Intel\IntelAppStore\bin\npAppUp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-11-28 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-6-14 1151424]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-6-14 248248]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-6-14 1177536]
R2 WysePocketCloud;Wyse PocketCloud;C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-5-11 177056]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-9 136176]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-9 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-19 114144]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-15 16:21:07 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACA0828C-7E40-4E7F-9C81-15CFD0FE1A12}\mpengine.dll
2012-08-15 15:27:11 -------- d-----w- C:\junk
2012-08-15 14:31:21 -------- d-----w- C:\Users\Bob\AppData\Local\{E88D26EF-CACE-4ED1-81E7-D4F2FFDFD6EA}
2012-08-15 14:31:10 -------- d-----w- C:\Users\Bob\AppData\Local\{F063D83C-AE43-4C13-8395-CA93F2E241C2}
2012-08-15 02:30:57 -------- d-----w- C:\Users\Bob\AppData\Local\{203D4B61-C98A-44EC-BC9A-A4725AC4CD6A}
2012-08-15 02:30:47 -------- d-----w- C:\Users\Bob\AppData\Local\{DFCB514F-FACF-47AF-AFDF-C64880A20384}
2012-08-14 14:30:35 -------- d-----w- C:\Users\Bob\AppData\Local\{2528C85F-63BF-4121-A86F-1BA67D5AED52}
2012-08-14 14:30:25 -------- d-----w- C:\Users\Bob\AppData\Local\{17EB2BF5-4A4B-4D11-BEA8-6CB01C5DF67C}
2012-08-14 02:30:11 -------- d-----w- C:\Users\Bob\AppData\Local\{64A16758-9C1D-4AA9-9B06-4A9164E39910}
2012-08-14 02:30:00 -------- d-----w- C:\Users\Bob\AppData\Local\{1AFF168C-876F-4DFB-BB13-44BEB1E30271}
2012-08-13 22:41:37 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-13 14:29:47 -------- d-----w- C:\Users\Bob\AppData\Local\{47A67121-E37D-4260-ABC6-7713C5C7EAB0}
2012-08-13 14:29:36 -------- d-----w- C:\Users\Bob\AppData\Local\{D1335F82-D593-4E6B-98CC-953C71468875}
2012-08-13 02:29:23 -------- d-----w- C:\Users\Bob\AppData\Local\{80E375F7-DAF4-46B3-A177-03D1C915363D}
2012-08-13 02:29:13 -------- d-----w- C:\Users\Bob\AppData\Local\{B224A400-0E5B-41E4-8F04-96F8EBED3A18}
2012-08-12 21:56:29 -------- d-----w- C:\Program Files\Western Digital
2012-08-12 21:56:29 -------- d-----w- C:\Program Files (x86)\Western Digital
2012-08-12 14:28:47 -------- d-----w- C:\Users\Bob\AppData\Local\{DD0F6DFA-77B5-4CEF-8142-494184D79992}
2012-08-12 14:28:35 -------- d-----w- C:\Users\Bob\AppData\Local\{7254503B-1C31-4B43-AE02-8A3201EDE710}
2012-08-12 02:28:21 -------- d-----w- C:\Users\Bob\AppData\Local\{E8167DCF-0100-4F45-9286-A15DC71A3905}
2012-08-12 02:28:10 -------- d-----w- C:\Users\Bob\AppData\Local\{CD088EA6-D97D-4BB3-9165-A54432C42A29}
2012-08-11 14:27:56 -------- d-----w- C:\Users\Bob\AppData\Local\{0D6BA6DF-DEBF-4CD1-AB84-95ED994D3E43}
2012-08-11 14:27:46 -------- d-----w- C:\Users\Bob\AppData\Local\{D5746AD4-260B-4022-9696-1D816F41C68F}
2012-08-11 02:36:15 -------- d-----w- C:\Users\Bob\AppData\Local\{47895964-941B-4DF9-98AA-4F18DEF068E6}
2012-08-11 02:36:05 -------- d-----w- C:\Users\Bob\AppData\Local\{BCCC4618-0242-4839-B9E1-F96088E15709}
2012-08-10 14:35:52 -------- d-----w- C:\Users\Bob\AppData\Local\{76F77CB9-78C2-49EF-AD95-4CC6F8D209E5}
2012-08-10 14:35:40 -------- d-----w- C:\Users\Bob\AppData\Local\{A7528B68-865C-4925-B3C8-4EAE020C5E21}
2012-08-10 02:35:27 -------- d-----w- C:\Users\Bob\AppData\Local\{668E4CEF-449F-4647-96B7-2F68B7EE7EB9}
2012-08-10 02:35:17 -------- d-----w- C:\Users\Bob\AppData\Local\{69FCC2C5-51AE-411A-B10A-06E0A04C43E7}
2012-08-09 14:35:03 -------- d-----w- C:\Users\Bob\AppData\Local\{36225621-C03E-44F1-90D6-223AE663EDA0}
2012-08-09 14:34:53 -------- d-----w- C:\Users\Bob\AppData\Local\{A17A5244-5F01-47A4-A42E-57C3668F6DD3}
2012-08-09 02:34:39 -------- d-----w- C:\Users\Bob\AppData\Local\{93503453-AB50-4568-A5EF-C18A3CFC4D77}
2012-08-09 02:34:28 -------- d-----w- C:\Users\Bob\AppData\Local\{D2B781C4-51E7-4147-A6C4-E9122DB2EE1E}
2012-08-08 14:34:16 -------- d-----w- C:\Users\Bob\AppData\Local\{3AB9474B-7F67-403F-B2EE-DBF3E578FBE0}
2012-08-08 14:34:05 -------- d-----w- C:\Users\Bob\AppData\Local\{E29599DE-AB25-4704-9EF7-F1A31AEFFEDD}
2012-08-08 02:33:52 -------- d-----w- C:\Users\Bob\AppData\Local\{BDA1A63D-063D-42B6-9667-B2605B449CD6}
2012-08-08 02:33:42 -------- d-----w- C:\Users\Bob\AppData\Local\{E6A21852-EB22-49C1-A064-59765CD4E2F7}
2012-08-07 14:33:28 -------- d-----w- C:\Users\Bob\AppData\Local\{E565187A-64EF-4213-AAFD-76584CF44EC9}
2012-08-07 14:33:18 -------- d-----w- C:\Users\Bob\AppData\Local\{908B78EB-ADC8-4CCE-B4EB-040ED69F298A}
2012-08-07 02:33:04 -------- d-----w- C:\Users\Bob\AppData\Local\{6F26D7C5-9F98-424C-B0EF-5F92D3A040B5}
2012-08-07 02:32:53 -------- d-----w- C:\Users\Bob\AppData\Local\{AEBB8775-8B8F-4697-B845-1404FCCD204D}
2012-08-06 14:32:40 -------- d-----w- C:\Users\Bob\AppData\Local\{E468BBFA-CAC0-403C-829E-07740DA2C5AD}
2012-08-06 14:32:29 -------- d-----w- C:\Users\Bob\AppData\Local\{B456492A-E07E-41FD-869B-2523D766A4C8}
2012-08-06 02:52:18 -------- d-----w- C:\Users\Bob\.explorer.local
2012-08-06 02:52:18 -------- d-----w- C:\Users\Bob\.explorer.cache
2012-08-06 02:32:16 -------- d-----w- C:\Users\Bob\AppData\Local\{5A5A1147-C093-4738-BFE8-4BA245596530}
2012-08-06 02:32:05 -------- d-----w- C:\Users\Bob\AppData\Local\{A897F041-2463-4B47-B35E-1325FB094903}
2012-08-05 14:31:51 -------- d-----w- C:\Users\Bob\AppData\Local\{3788A499-F524-4049-96F5-85806F72FF0A}
2012-08-05 14:31:41 -------- d-----w- C:\Users\Bob\AppData\Local\{07F52A3F-F28E-475E-8E80-2EA6EC871BAC}
2012-08-05 02:31:27 -------- d-----w- C:\Users\Bob\AppData\Local\{28D4A4AF-678C-44DE-982A-5E6140D5097A}
2012-08-05 02:31:16 -------- d-----w- C:\Users\Bob\AppData\Local\{BC3AD987-F29E-4FBF-9952-413477AA13AF}
2012-08-04 17:55:52 12 ----a-w- C:\Users\Bob\tmpifo.bat
2012-08-04 14:31:04 -------- d-----w- C:\Users\Bob\AppData\Local\{DE8137FC-99C0-4B22-ABB3-0413973F3461}
2012-08-04 14:30:53 -------- d-----w- C:\Users\Bob\AppData\Local\{3ECF4ED1-435D-495D-8628-27A60D4FCE8A}
2012-08-04 02:30:41 -------- d-----w- C:\Users\Bob\AppData\Local\{F91791FC-4A5E-4773-8BF2-F393A53F728E}
2012-08-04 02:30:29 -------- d-----w- C:\Users\Bob\AppData\Local\{CDAF6C07-55D7-4BF5-8694-032F7A4A4A89}
2012-08-03 14:30:15 -------- d-----w- C:\Users\Bob\AppData\Local\{DB1D5DBB-56DB-4189-B361-A5D447CB41F2}
2012-08-03 14:30:04 -------- d-----w- C:\Users\Bob\AppData\Local\{BE489385-F0A8-4CC7-A856-331ECAAF3964}
2012-08-03 02:29:51 -------- d-----w- C:\Users\Bob\AppData\Local\{14A1A441-7B7E-4ECA-8E8B-78E669908146}
2012-08-03 02:29:40 -------- d-----w- C:\Users\Bob\AppData\Local\{7C292F0E-11DD-4267-964D-5EA893A5EE75}
2012-08-02 14:29:26 -------- d-----w- C:\Users\Bob\AppData\Local\{1AD13D28-D7F1-4B5F-8EC9-FE1C5CC62B8D}
2012-08-02 14:29:15 -------- d-----w- C:\Users\Bob\AppData\Local\{30814DF6-04DE-4A47-9BCD-038F894F0539}
2012-08-02 02:29:01 -------- d-----w- C:\Users\Bob\AppData\Local\{0DD3AF7A-B3A9-4300-9E2A-55BAD55A5917}
2012-08-02 02:28:49 -------- d-----w- C:\Users\Bob\AppData\Local\{AD86E54F-146A-4A89-9F61-0356B6CBD060}
2012-08-01 14:28:35 -------- d-----w- C:\Users\Bob\AppData\Local\{27853C43-5D87-4550-92E8-F2CDEAC110DA}
2012-08-01 14:28:24 -------- d-----w- C:\Users\Bob\AppData\Local\{789021B7-85B4-4E57-8822-12FD888DA69B}
2012-08-01 02:28:11 -------- d-----w- C:\Users\Bob\AppData\Local\{DD8111ED-1F0F-451C-A62A-FFFBDFA6170D}
2012-08-01 02:28:00 -------- d-----w- C:\Users\Bob\AppData\Local\{8CAFD653-3692-40DE-820F-58EDFA5E1DB1}
2012-07-31 14:27:47 -------- d-----w- C:\Users\Bob\AppData\Local\{131C6CC6-FF5C-4CD3-9E8F-A2010F022D3C}
2012-07-31 14:27:36 -------- d-----w- C:\Users\Bob\AppData\Local\{01D14CBE-1055-4EAB-B3BD-A627BDAB9D6E}
2012-07-31 02:14:53 -------- d-----w- C:\Users\Bob\AppData\Local\{FF15EE4C-F443-4334-87CB-4AB4D31D35CC}
2012-07-31 02:14:41 -------- d-----w- C:\Users\Bob\AppData\Local\{FD56737F-A3F7-4C0B-A3FD-864EC16E768A}
2012-07-30 14:14:28 -------- d-----w- C:\Users\Bob\AppData\Local\{A307A15D-4911-4351-9F64-E40601EF3521}
2012-07-30 14:14:17 -------- d-----w- C:\Users\Bob\AppData\Local\{0560DC3A-E9D1-4B62-98F3-9E6AD43DD01D}
2012-07-30 02:27:22 -------- d-----w- C:\Users\Bob\AppData\Roaming\wargaming.net
2012-07-30 02:26:51 -------- d-----w- C:\Games
2012-07-30 02:14:51 -------- d-----w- C:\Users\Bob\AppData\Local\{BBAFFEB9-E143-4277-8EC5-1B0D90E68408}
2012-07-30 02:14:40 -------- d-----w- C:\Users\Bob\AppData\Local\{A20A26DC-0A24-4662-8565-E7B6F1F443E6}
2012-07-29 23:49:00 25743168 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-07-29 23:49:00 19607872 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-07-29 23:49:00 18044224 ----a-w- C:\Windows\System32\nvd3dumx.dll
2012-07-29 23:49:00 14298944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-07-29 23:49:00 10194752 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2012-07-29 23:48:59 8139072 ----a-w- C:\Windows\System32\nvcuda.dll
2012-07-29 23:48:59 5982528 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2012-07-29 23:48:59 2881856 ----a-w- C:\Windows\System32\nvcuvenc.dll
2012-07-29 23:48:59 2681664 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-07-29 23:48:59 2524992 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2012-07-29 23:48:59 2445120 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2012-07-29 23:48:58 25248064 ----a-w- C:\Windows\System32\nvcompiler.dll
2012-07-29 23:48:58 2368832 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-07-29 23:48:58 17551680 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-07-29 14:14:28 -------- d-----w- C:\Users\Bob\AppData\Local\{4E87C0DB-6773-4789-82CF-19FA19E2B4FD}
2012-07-29 14:14:17 -------- d-----w- C:\Users\Bob\AppData\Local\{5204BD5F-BAAF-4287-85D9-9D0515A1922A}
2012-07-29 02:13:53 -------- d-----w- C:\Users\Bob\AppData\Local\{E46F76E6-6328-406C-BB5D-EE5468E404C0}
2012-07-29 02:13:42 -------- d-----w- C:\Users\Bob\AppData\Local\{512B7861-CF5F-463E-BA39-F870DC558215}
2012-07-28 14:13:29 -------- d-----w- C:\Users\Bob\AppData\Local\{E103D05F-6ED1-4900-9407-F23A38D43D4D}
2012-07-28 14:13:18 -------- d-----w- C:\Users\Bob\AppData\Local\{684337A6-9636-4115-869D-96CE31620C8D}
2012-07-28 02:13:04 -------- d-----w- C:\Users\Bob\AppData\Local\{BAF0FCB9-4048-4BB5-89E4-2E0FB01EBDA2}
2012-07-28 02:12:53 -------- d-----w- C:\Users\Bob\AppData\Local\{154D8E50-F204-4472-9E0D-ACFCB8340DAA}
2012-07-27 23:57:58 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8
2012-07-27 14:12:41 -------- d-----w- C:\Users\Bob\AppData\Local\{839DE80F-7C0C-4968-9B33-A54FE6613B9C}
2012-07-27 14:12:31 -------- d-----w- C:\Users\Bob\AppData\Local\{EDD493FE-EFA5-486A-B52D-1FACD8CCD8E6}
2012-07-27 02:12:18 -------- d-----w- C:\Users\Bob\AppData\Local\{AEF469ED-5D13-484C-8FB2-40CB62394B13}
2012-07-27 02:12:08 -------- d-----w- C:\Users\Bob\AppData\Local\{BF5F351F-05FD-4955-B68E-F3311F7CE604}
2012-07-26 14:11:55 -------- d-----w- C:\Users\Bob\AppData\Local\{9E04438A-5354-4490-8087-F093D32F238A}
2012-07-26 14:11:45 -------- d-----w- C:\Users\Bob\AppData\Local\{04426084-E75E-4E45-9D64-483F4109E05F}
2012-07-26 13:42:49 -------- d-----w- C:\Program Files (x86)\Safer Networking
2012-07-26 02:11:33 -------- d-----w- C:\Users\Bob\AppData\Local\{AA24C4A4-1975-4CBC-AC06-5AE61650E180}
2012-07-26 02:11:23 -------- d-----w- C:\Users\Bob\AppData\Local\{FF055BD4-DDB5-4CB4-A244-3D4DB86DC173}
2012-07-25 14:11:10 -------- d-----w- C:\Users\Bob\AppData\Local\{EDD9A06D-F250-44EA-8545-6BB302A4A38C}
2012-07-25 14:10:59 -------- d-----w- C:\Users\Bob\AppData\Local\{31CB8B0E-7BE8-404B-8FB6-A0041263CCD0}
2012-07-25 02:10:31 -------- d-----w- C:\Users\Bob\AppData\Local\{5CEB1C3F-FB14-4A06-AF2F-9845F8DFE4E9}
2012-07-25 02:10:19 -------- d-----w- C:\Users\Bob\AppData\Local\{ADA671C5-42A8-47AA-B283-565C0D87C09B}
2012-07-24 14:10:07 -------- d-----w- C:\Users\Bob\AppData\Local\{65615D95-F0B1-487A-BB72-728EEEEA1AC1}
2012-07-24 14:09:56 -------- d-----w- C:\Users\Bob\AppData\Local\{9A3DDD9D-E3C1-4FE2-A50E-9D188880D670}
2012-07-24 02:09:43 -------- d-----w- C:\Users\Bob\AppData\Local\{09E69FD4-F006-446C-91AA-8CBDBA0FE139}
2012-07-24 02:09:32 -------- d-----w- C:\Users\Bob\AppData\Local\{5921070C-81CE-48F1-83EB-072FB258C130}
2012-07-23 14:09:19 -------- d-----w- C:\Users\Bob\AppData\Local\{C5E86654-32D8-45D6-9177-AE84152F265A}
2012-07-23 14:09:09 -------- d-----w- C:\Users\Bob\AppData\Local\{669133F1-A35A-43F7-87A8-FFC82A53CF55}
2012-07-23 03:25:11 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-23 03:24:42 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-23 02:08:56 -------- d-----w- C:\Users\Bob\AppData\Local\{FF9964BF-3D14-4738-AC36-52FEF738390C}
2012-07-23 02:08:46 -------- d-----w- C:\Users\Bob\AppData\Local\{A16C8A9C-477D-4F99-A93A-6D87193B59B3}
2012-07-22 14:08:34 -------- d-----w- C:\Users\Bob\AppData\Local\{F0BF28B9-1F68-4819-A96B-6986DE83A0C8}
2012-07-22 14:08:23 -------- d-----w- C:\Users\Bob\AppData\Local\{61793D9E-EB43-4529-8AFB-C76BF767939C}
2012-07-22 02:08:10 -------- d-----w- C:\Users\Bob\AppData\Local\{D92B5264-4440-4865-A742-57524411FE6E}
2012-07-22 02:07:59 -------- d-----w- C:\Users\Bob\AppData\Local\{3BC6D232-82FB-47B1-81BC-C183377B076E}
2012-07-21 14:07:47 -------- d-----w- C:\Users\Bob\AppData\Local\{1AB37D14-4C8B-40E5-835E-05323208BC96}
2012-07-21 14:07:35 -------- d-----w- C:\Users\Bob\AppData\Local\{70CF769B-9EAF-4FF4-BEAA-6F55E302BD37}
2012-07-21 02:07:22 -------- d-----w- C:\Users\Bob\AppData\Local\{4A08536C-8711-4F50-8DD0-85CBE55A67D1}
2012-07-21 02:07:11 -------- d-----w- C:\Users\Bob\AppData\Local\{119A27FF-A0B6-4116-B411-B3B57F71B352}
2012-07-20 17:57:34 -------- d-----w- C:\Program Files (x86)\Wyse
2012-07-20 14:06:58 -------- d-----w- C:\Users\Bob\AppData\Local\{9814730B-3C4F-4014-A98C-40CC2F5A4137}
2012-07-20 14:06:47 -------- d-----w- C:\Users\Bob\AppData\Local\{11F2EF7F-D4B0-4C3E-A2FC-7DBC6D515E87}
2012-07-20 02:06:34 -------- d-----w- C:\Users\Bob\AppData\Local\{058DEC9E-9AB2-4E8E-9F1C-6046063C0EF5}
2012-07-20 02:06:23 -------- d-----w- C:\Users\Bob\AppData\Local\{940DA458-94F4-4F75-BF98-6C2793F05624}
2012-07-19 14:06:10 -------- d-----w- C:\Users\Bob\AppData\Local\{52047F6A-8D92-48CF-A0AD-82C74629D2FE}
2012-07-19 14:05:59 -------- d-----w- C:\Users\Bob\AppData\Local\{DF1C23D3-22A7-4B78-975A-647CE18ECAC2}
2012-07-19 02:05:45 -------- d-----w- C:\Users\Bob\AppData\Local\{E4EE655F-F05A-4E99-9464-10A765CFE861}
2012-07-19 02:05:34 -------- d-----w- C:\Users\Bob\AppData\Local\{30BCFA13-F504-46FD-A595-53A6DCB08F7E}
2012-07-18 14:05:22 -------- d-----w- C:\Users\Bob\AppData\Local\{8F4EF40B-8CC4-476B-A232-148A5C92EF40}
2012-07-18 14:05:09 -------- d-----w- C:\Users\Bob\AppData\Local\{0A0CB6DD-E8FF-4421-9DA5-7790C79A25DF}
2012-07-18 02:04:57 -------- d-----w- C:\Users\Bob\AppData\Local\{2B2FC2B6-4A80-47BD-809F-C1EABDAB6F72}
2012-07-18 02:04:46 -------- d-----w- C:\Users\Bob\AppData\Local\{35D53FED-ACA0-42EB-9659-ED3BCD2D2188}
2012-07-17 14:04:33 -------- d-----w- C:\Users\Bob\AppData\Local\{3C46376B-AEC4-41F9-A7E7-00A4111E1C20}
2012-07-17 14:04:23 -------- d-----w- C:\Users\Bob\AppData\Local\{903974D2-6B08-490C-90FC-24E0DC1DED93}
2012-07-17 02:04:10 -------- d-----w- C:\Users\Bob\AppData\Local\{5664066B-B6C4-4B9B-B09B-294E63018BE5}
2012-07-17 02:04:00 -------- d-----w- C:\Users\Bob\AppData\Local\{1806B2E1-002A-4FB6-B8DC-6F6D1B29A65B}
.
==================== Find3M ====================
.
2012-07-27 20:17:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 20:17:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-06 03:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-26 21:03:06 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-05 21:03:52 224088 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-06-05 21:03:52 166232 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2012-06-05 21:03:52 147288 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-06-05 21:03:52 130904 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-06-05 21:02:22 320856 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2012-06-04 07:59:20 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-06-04 07:59:20 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-22 19:26:10 117080 ----a-w- C:\Windows\System32\drivers\VBoxUSB.sys
.
============= FINISH: 11:28:50.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:12 PM

Posted 20 August 2012 - 01:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465338 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 -bob

-bob
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 20 August 2012 - 05:12 PM

Per Bleepin' Binary Bot's instructions, here is a new DDS.txt (see below), and a new Attach.txt (attached).

This was run after a reboot, disabling real-time protection in MS Security Essentials, and shutting down anything in the tray or taskbar that was easily shutdown.

Still seeing the same problems as before.

Note: I have run sfc /scannow several times since the last report. It looks like maybe it fixed one or two things the first time but now just finds 16 or so things it "cannot repair". These files seem to be:
"C:/Program Files/DVD Maker/OmdBase.dll"
"C:/Program Files/Reference Assemblies/Microsoft/Framework/v3.0/System.ServiceModel.dll"
"C:/Program Files (x86)/Reference Assemblies/Microsoft/Framework/v3.0/System.ServiceModel.dll"
"C:/Windows/ehome/CreateDisc/SBEServer.exe"
"C:/Windows/ehome/ehshell.dll"
"C:/Windows/Microsoft.NET/Framework/v3.0/Windows Communication Foundation/System.ServiceModel.dll"
"C:/Windows/Microsoft.NET/Framework64/v3.0/Windows Communication Foundation/System.ServiceModel.dll"
"C:/Windows/Resources/Themes/Aero/aero.msstyles"
"C:/Windows/System32/d3d10warp.dll"
"C:/Windows/System32/dfshim.dll"
"C:/Windows/System32/migwiz/migcore.dll"
"C:/Windows/System32/mstscax.dll"
"C:/Windows/System32/netfxperf.dll"
"C:/Windows/SysWOW64/dfshim.dll"
"C:/Windows/SysWOW64/dxtrans.dll"
"C:/Windows/SysWOW64/mstscax.dll"
If I do a sfc /verifyfile=... on these files I get results like:
D:\cygwin\home\Bob\sfcScans>sfc /verifyfile="C:\Windows\SysWOW64\mstscax.dll"

Windows Resource Protection found integrity violations. Details are included in
the CBS.Log windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log
With CBS.log containing:
2012-08-20 16:58:39, Info                  CSI    000000c9 [SR] Verifying 1 components
2012-08-20 16:58:39, Info                  CSI    000000ca [SR] Beginning Verify and Repair transaction
2012-08-20 16:58:39, Info                  CSI    000000cb Hashes for file member \SystemRoot\WinSxS\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad
  Found: {l:32 b:S+4NvLDl6JG43hd/lNRc5+BQ2NKgNdQJVlXtDiGsbVY=} Expected: {l:32 b:2GaNkghIF8WWAEhVJtkiucQtgVNd5cBo7bawXhEt1SM=}
2012-08-20 16:58:39, Info                  CSI    000000cc [SR] Cannot repair member file [l:22{11}]"mstscax.dll" of Microsoft-Windows-TerminalServices-Clie
2012-08-20 16:58:39, Info                  CSI    000000cd Hashes for file member \SystemRoot\WinSxS\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad
  Found: {l:32 b:S+4NvLDl6JG43hd/lNRc5+BQ2NKgNdQJVlXtDiGsbVY=} Expected: {l:32 b:2GaNkghIF8WWAEhVJtkiucQtgVNd5cBo7bawXhEt1SM=}
2012-08-20 16:58:39, Info                  CSI    000000ce [SR] Cannot repair member file [l:22{11}]"mstscax.dll" of Microsoft-Windows-TerminalServices-Clie
2012-08-20 16:58:39, Info                  CSI    000000cf [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856a
2012-08-20 16:58:39, Info                  CSI    000000d0 Hashes for file member \??\C:\Windows\SysWOW64\mstscax.dll do not match actual file [l:22{11}]"ms
  Found: {l:32 b:S+4NvLDl6JG43hd/lNRc5+BQ2NKgNdQJVlXtDiGsbVY=} Expected: {l:32 b:2GaNkghIF8WWAEhVJtkiucQtgVNd5cBo7bawXhEt1SM=}
2012-08-20 16:58:39, Info                  CSI    000000d1 Hashes for file member \SystemRoot\WinSxS\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad
  Found: {l:32 b:S+4NvLDl6JG43hd/lNRc5+BQ2NKgNdQJVlXtDiGsbVY=} Expected: {l:32 b:2GaNkghIF8WWAEhVJtkiucQtgVNd5cBo7bawXhEt1SM=}
2012-08-20 16:58:39, Info                  CSI    000000d2 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:22{11}]"
2012-08-20 16:58:39, Info                  CSI    000000d3 Repair results created:
POQ 16 starts:

POQ 16 ends.
2012-08-20 16:58:39, Info                  CSI    000000d4 [SR] Verify complete
The above is true for ALL of the listed files.

I have not tried to manually replace any of these yet. When I looked at d3d10warp.dll it appeared to match versions on other (working) machines and the md5sum matched what at least one site indicated it should be so I was doing some more investigating. When comparing some of the other files it looks like MOST of those do NOT match the versions on the other machine. Note that using sfc /verifyfile= for the d3d10warp.dll file on the other machine does not report any errors.

Finally, doing "Help, View Help" in ANY program results in a "blank help window" see attachment - Capture.PNG. This is more annoying than the dll popups actually. Not sure if they are related. Both of these problems have been going on for many months.

Waiting for next steps.

Thanks!
-bob


DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.5.1
Run by Bob at 16:26:26 on 2012-08-20
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6075.4419 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
D:\ProgFiles\Intel\IntelAppStore\bin\ismagent.exe
C:\Windows\system32\SearchIndexer.exe
D:\ProgFiles\Intel\IntelAppStore\bin\AppUp.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\ubuntuone\dist\ubuntu-sso-login.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
BHO: AutorunsDisabled - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [googletalk] C:\Users\Bob\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [0EF39F5CD2F93E2D49A90D9D56ACFA1B90BF26B7._service_run] "C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [chromium] C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Ubuntu One] "C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe"
uRun: [Ubuntu One Icon] "C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe" --minimized --with-icon
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [BTLive] C:\Users\Bob\AppData\Roaming\BTLive\BTLive.exe
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Google Update] "C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Intel AppUp(SM) center] "D:\ProgFiles\Intel\IntelAppStore\bin\ismagent.lnk"
mRun: [Intel AppUp(SM) center_Nagware] "D:\ProgFiles\Intel\IntelAppStore\bin\AppUp.lnk"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{380597F5-B2C1-42DA-963E-317609A92B7C} : DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: AutorunsDisabled - No File
BHO-X64: 	Ask Toolbar BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: 	URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [Intel AppUp(SM) center] "D:\ProgFiles\Intel\IntelAppStore\bin\ismagent.lnk"
mRun-x64: [Intel AppUp(SM) center_Nagware] "D:\ProgFiles\Intel\IntelAppStore\bin\AppUp.lnk"
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun-x64: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\sfb1xgzh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bob\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Bob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Bob\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: D:\ProgFiles\Intel\IntelAppStore\bin\npAppUp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-11-28 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-6-14 1151424]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-6-14 248248]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-6-14 1177536]
R2 WysePocketCloud;Wyse PocketCloud;C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-5-11 177056]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-9 136176]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-9 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-19 114144]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-20 13:42:04	9133488	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1888A368-298C-43FA-A154-66ED744CADD3}\mpengine.dll
2012-08-20 13:40:59	9133488	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-20 13:39:20	--------	d-----w-	C:\Users\Bob\AppData\Local\{BB2269A0-9A12-4DF3-9C9D-9B1EA0CF4DED}
2012-08-19 21:32:58	--------	d-----w-	C:\Users\Bob\AppData\Local\{962A69D7-3618-4594-A41F-46A4B3FDD405}
2012-08-19 09:32:46	--------	d-----w-	C:\Users\Bob\AppData\Local\{B5D39981-F911-4FB6-8484-FB8EED4EA5FC}
2012-08-18 21:31:49	--------	d-----w-	C:\Users\Bob\AppData\Local\{7D77C2F7-7408-4C86-8360-617AE4E94F6E}
2012-08-18 21:31:39	--------	d-----w-	C:\Users\Bob\AppData\Local\{4CD3331A-58AE-4208-B90F-4542D3371C67}
2012-08-15 15:27:11	--------	d-----w-	C:\junk
2012-08-15 14:31:21	--------	d-----w-	C:\Users\Bob\AppData\Local\{E88D26EF-CACE-4ED1-81E7-D4F2FFDFD6EA}
2012-08-15 14:31:10	--------	d-----w-	C:\Users\Bob\AppData\Local\{F063D83C-AE43-4C13-8395-CA93F2E241C2}
2012-08-15 09:55:34	503808	----a-w-	C:\Windows\System32\srcore.dll
2012-08-15 09:55:34	43008	----a-w-	C:\Windows\SysWow64\srclient.dll
2012-08-15 09:55:26	751104	----a-w-	C:\Windows\System32\win32spl.dll
2012-08-15 09:55:26	67072	----a-w-	C:\Windows\splwow64.exe
2012-08-15 09:55:26	559104	----a-w-	C:\Windows\System32\spoolsv.exe
2012-08-15 09:55:26	492032	----a-w-	C:\Windows\SysWow64\win32spl.dll
2012-08-15 09:54:46	136704	----a-w-	C:\Windows\System32\browser.dll
2012-08-15 09:54:45	59392	----a-w-	C:\Windows\System32\browcli.dll
2012-08-15 09:54:45	41984	----a-w-	C:\Windows\SysWow64\browcli.dll
2012-08-15 09:54:43	3148800	----a-w-	C:\Windows\System32\win32k.sys
2012-08-15 09:54:41	956928	----a-w-	C:\Windows\System32\localspl.dll
2012-08-15 02:30:57	--------	d-----w-	C:\Users\Bob\AppData\Local\{203D4B61-C98A-44EC-BC9A-A4725AC4CD6A}
2012-08-15 02:30:47	--------	d-----w-	C:\Users\Bob\AppData\Local\{DFCB514F-FACF-47AF-AFDF-C64880A20384}
2012-08-14 14:30:35	--------	d-----w-	C:\Users\Bob\AppData\Local\{2528C85F-63BF-4121-A86F-1BA67D5AED52}
2012-08-14 14:30:25	--------	d-----w-	C:\Users\Bob\AppData\Local\{17EB2BF5-4A4B-4D11-BEA8-6CB01C5DF67C}
2012-08-14 02:30:11	--------	d-----w-	C:\Users\Bob\AppData\Local\{64A16758-9C1D-4AA9-9B06-4A9164E39910}
2012-08-14 02:30:00	--------	d-----w-	C:\Users\Bob\AppData\Local\{1AFF168C-876F-4DFB-BB13-44BEB1E30271}
2012-08-13 14:29:47	--------	d-----w-	C:\Users\Bob\AppData\Local\{47A67121-E37D-4260-ABC6-7713C5C7EAB0}
2012-08-13 14:29:36	--------	d-----w-	C:\Users\Bob\AppData\Local\{D1335F82-D593-4E6B-98CC-953C71468875}
2012-08-13 02:29:23	--------	d-----w-	C:\Users\Bob\AppData\Local\{80E375F7-DAF4-46B3-A177-03D1C915363D}
2012-08-13 02:29:13	--------	d-----w-	C:\Users\Bob\AppData\Local\{B224A400-0E5B-41E4-8F04-96F8EBED3A18}
2012-08-12 21:56:29	--------	d-----w-	C:\Program Files\Western Digital
2012-08-12 21:56:29	--------	d-----w-	C:\Program Files (x86)\Western Digital
2012-08-12 14:28:47	--------	d-----w-	C:\Users\Bob\AppData\Local\{DD0F6DFA-77B5-4CEF-8142-494184D79992}
2012-08-12 14:28:35	--------	d-----w-	C:\Users\Bob\AppData\Local\{7254503B-1C31-4B43-AE02-8A3201EDE710}
2012-08-12 02:28:21	--------	d-----w-	C:\Users\Bob\AppData\Local\{E8167DCF-0100-4F45-9286-A15DC71A3905}
2012-08-12 02:28:10	--------	d-----w-	C:\Users\Bob\AppData\Local\{CD088EA6-D97D-4BB3-9165-A54432C42A29}
2012-08-11 18:57:25	--------	d-----w-	C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8
2012-08-11 14:27:56	--------	d-----w-	C:\Users\Bob\AppData\Local\{0D6BA6DF-DEBF-4CD1-AB84-95ED994D3E43}
2012-08-11 14:27:46	--------	d-----w-	C:\Users\Bob\AppData\Local\{D5746AD4-260B-4022-9696-1D816F41C68F}
2012-08-11 02:36:15	--------	d-----w-	C:\Users\Bob\AppData\Local\{47895964-941B-4DF9-98AA-4F18DEF068E6}
2012-08-11 02:36:05	--------	d-----w-	C:\Users\Bob\AppData\Local\{BCCC4618-0242-4839-B9E1-F96088E15709}
2012-08-10 14:35:52	--------	d-----w-	C:\Users\Bob\AppData\Local\{76F77CB9-78C2-49EF-AD95-4CC6F8D209E5}
2012-08-10 14:35:40	--------	d-----w-	C:\Users\Bob\AppData\Local\{A7528B68-865C-4925-B3C8-4EAE020C5E21}
2012-08-10 02:35:27	--------	d-----w-	C:\Users\Bob\AppData\Local\{668E4CEF-449F-4647-96B7-2F68B7EE7EB9}
2012-08-10 02:35:17	--------	d-----w-	C:\Users\Bob\AppData\Local\{69FCC2C5-51AE-411A-B10A-06E0A04C43E7}
2012-08-09 14:35:03	--------	d-----w-	C:\Users\Bob\AppData\Local\{36225621-C03E-44F1-90D6-223AE663EDA0}
2012-08-09 14:34:53	--------	d-----w-	C:\Users\Bob\AppData\Local\{A17A5244-5F01-47A4-A42E-57C3668F6DD3}
2012-08-09 02:34:39	--------	d-----w-	C:\Users\Bob\AppData\Local\{93503453-AB50-4568-A5EF-C18A3CFC4D77}
2012-08-09 02:34:28	--------	d-----w-	C:\Users\Bob\AppData\Local\{D2B781C4-51E7-4147-A6C4-E9122DB2EE1E}
2012-08-08 14:34:16	--------	d-----w-	C:\Users\Bob\AppData\Local\{3AB9474B-7F67-403F-B2EE-DBF3E578FBE0}
2012-08-08 14:34:05	--------	d-----w-	C:\Users\Bob\AppData\Local\{E29599DE-AB25-4704-9EF7-F1A31AEFFEDD}
2012-08-08 02:33:52	--------	d-----w-	C:\Users\Bob\AppData\Local\{BDA1A63D-063D-42B6-9667-B2605B449CD6}
2012-08-08 02:33:42	--------	d-----w-	C:\Users\Bob\AppData\Local\{E6A21852-EB22-49C1-A064-59765CD4E2F7}
2012-08-07 14:33:28	--------	d-----w-	C:\Users\Bob\AppData\Local\{E565187A-64EF-4213-AAFD-76584CF44EC9}
2012-08-07 14:33:18	--------	d-----w-	C:\Users\Bob\AppData\Local\{908B78EB-ADC8-4CCE-B4EB-040ED69F298A}
2012-08-07 02:33:04	--------	d-----w-	C:\Users\Bob\AppData\Local\{6F26D7C5-9F98-424C-B0EF-5F92D3A040B5}
2012-08-07 02:32:53	--------	d-----w-	C:\Users\Bob\AppData\Local\{AEBB8775-8B8F-4697-B845-1404FCCD204D}
2012-08-06 14:32:40	--------	d-----w-	C:\Users\Bob\AppData\Local\{E468BBFA-CAC0-403C-829E-07740DA2C5AD}
2012-08-06 14:32:29	--------	d-----w-	C:\Users\Bob\AppData\Local\{B456492A-E07E-41FD-869B-2523D766A4C8}
2012-08-06 02:52:18	--------	d-----w-	C:\Users\Bob\.explorer.local
2012-08-06 02:52:18	--------	d-----w-	C:\Users\Bob\.explorer.cache
2012-08-06 02:32:16	--------	d-----w-	C:\Users\Bob\AppData\Local\{5A5A1147-C093-4738-BFE8-4BA245596530}
2012-08-06 02:32:05	--------	d-----w-	C:\Users\Bob\AppData\Local\{A897F041-2463-4B47-B35E-1325FB094903}
2012-08-05 14:31:51	--------	d-----w-	C:\Users\Bob\AppData\Local\{3788A499-F524-4049-96F5-85806F72FF0A}
2012-08-05 14:31:41	--------	d-----w-	C:\Users\Bob\AppData\Local\{07F52A3F-F28E-475E-8E80-2EA6EC871BAC}
2012-08-05 02:31:27	--------	d-----w-	C:\Users\Bob\AppData\Local\{28D4A4AF-678C-44DE-982A-5E6140D5097A}
2012-08-05 02:31:16	--------	d-----w-	C:\Users\Bob\AppData\Local\{BC3AD987-F29E-4FBF-9952-413477AA13AF}
2012-08-04 17:55:52	12	----a-w-	C:\Users\Bob\tmpifo.bat
2012-08-04 14:31:04	--------	d-----w-	C:\Users\Bob\AppData\Local\{DE8137FC-99C0-4B22-ABB3-0413973F3461}
2012-08-04 14:30:53	--------	d-----w-	C:\Users\Bob\AppData\Local\{3ECF4ED1-435D-495D-8628-27A60D4FCE8A}
2012-08-04 02:30:41	--------	d-----w-	C:\Users\Bob\AppData\Local\{F91791FC-4A5E-4773-8BF2-F393A53F728E}
2012-08-04 02:30:29	--------	d-----w-	C:\Users\Bob\AppData\Local\{CDAF6C07-55D7-4BF5-8694-032F7A4A4A89}
2012-08-03 14:30:15	--------	d-----w-	C:\Users\Bob\AppData\Local\{DB1D5DBB-56DB-4189-B361-A5D447CB41F2}
2012-08-03 14:30:04	--------	d-----w-	C:\Users\Bob\AppData\Local\{BE489385-F0A8-4CC7-A856-331ECAAF3964}
2012-08-03 02:29:51	--------	d-----w-	C:\Users\Bob\AppData\Local\{14A1A441-7B7E-4ECA-8E8B-78E669908146}
2012-08-03 02:29:40	--------	d-----w-	C:\Users\Bob\AppData\Local\{7C292F0E-11DD-4267-964D-5EA893A5EE75}
2012-08-02 14:29:26	--------	d-----w-	C:\Users\Bob\AppData\Local\{1AD13D28-D7F1-4B5F-8EC9-FE1C5CC62B8D}
2012-08-02 14:29:15	--------	d-----w-	C:\Users\Bob\AppData\Local\{30814DF6-04DE-4A47-9BCD-038F894F0539}
2012-08-02 02:29:01	--------	d-----w-	C:\Users\Bob\AppData\Local\{0DD3AF7A-B3A9-4300-9E2A-55BAD55A5917}
2012-08-02 02:28:49	--------	d-----w-	C:\Users\Bob\AppData\Local\{AD86E54F-146A-4A89-9F61-0356B6CBD060}
2012-08-01 14:28:35	--------	d-----w-	C:\Users\Bob\AppData\Local\{27853C43-5D87-4550-92E8-F2CDEAC110DA}
2012-08-01 14:28:24	--------	d-----w-	C:\Users\Bob\AppData\Local\{789021B7-85B4-4E57-8822-12FD888DA69B}
2012-08-01 02:28:11	--------	d-----w-	C:\Users\Bob\AppData\Local\{DD8111ED-1F0F-451C-A62A-FFFBDFA6170D}
2012-08-01 02:28:00	--------	d-----w-	C:\Users\Bob\AppData\Local\{8CAFD653-3692-40DE-820F-58EDFA5E1DB1}
2012-07-31 14:27:47	--------	d-----w-	C:\Users\Bob\AppData\Local\{131C6CC6-FF5C-4CD3-9E8F-A2010F022D3C}
2012-07-31 14:27:36	--------	d-----w-	C:\Users\Bob\AppData\Local\{01D14CBE-1055-4EAB-B3BD-A627BDAB9D6E}
2012-07-31 02:14:53	--------	d-----w-	C:\Users\Bob\AppData\Local\{FF15EE4C-F443-4334-87CB-4AB4D31D35CC}
2012-07-31 02:14:41	--------	d-----w-	C:\Users\Bob\AppData\Local\{FD56737F-A3F7-4C0B-A3FD-864EC16E768A}
2012-07-30 14:14:28	--------	d-----w-	C:\Users\Bob\AppData\Local\{A307A15D-4911-4351-9F64-E40601EF3521}
2012-07-30 14:14:17	--------	d-----w-	C:\Users\Bob\AppData\Local\{0560DC3A-E9D1-4B62-98F3-9E6AD43DD01D}
2012-07-30 02:27:22	--------	d-----w-	C:\Users\Bob\AppData\Roaming\wargaming.net
2012-07-30 02:26:51	--------	d-----w-	C:\Games
2012-07-30 02:14:51	--------	d-----w-	C:\Users\Bob\AppData\Local\{BBAFFEB9-E143-4277-8EC5-1B0D90E68408}
2012-07-30 02:14:40	--------	d-----w-	C:\Users\Bob\AppData\Local\{A20A26DC-0A24-4662-8565-E7B6F1F443E6}
2012-07-29 23:49:00	25743168	----a-w-	C:\Windows\System32\nvoglv64.dll
2012-07-29 23:49:00	19607872	----a-w-	C:\Windows\SysWow64\nvoglv32.dll
2012-07-29 23:49:00	18044224	----a-w-	C:\Windows\System32\nvd3dumx.dll
2012-07-29 23:49:00	14298944	----a-w-	C:\Windows\System32\drivers\nvlddmkm.sys
2012-07-29 23:49:00	10194752	----a-w-	C:\Windows\System32\nvwgf2umx.dll
2012-07-29 23:48:59	8139072	----a-w-	C:\Windows\System32\nvcuda.dll
2012-07-29 23:48:59	5982528	----a-w-	C:\Windows\SysWow64\nvcuda.dll
2012-07-29 23:48:59	2881856	----a-w-	C:\Windows\System32\nvcuvenc.dll
2012-07-29 23:48:59	2681664	----a-w-	C:\Windows\System32\nvcuvid.dll
2012-07-29 23:48:59	2524992	----a-w-	C:\Windows\SysWow64\nvcuvid.dll
2012-07-29 23:48:59	2445120	----a-w-	C:\Windows\SysWow64\nvcuvenc.dll
2012-07-29 23:48:58	25248064	----a-w-	C:\Windows\System32\nvcompiler.dll
2012-07-29 23:48:58	2368832	----a-w-	C:\Windows\SysWow64\nvapi.dll
2012-07-29 23:48:58	17551680	----a-w-	C:\Windows\SysWow64\nvcompiler.dll
2012-07-29 14:14:28	--------	d-----w-	C:\Users\Bob\AppData\Local\{4E87C0DB-6773-4789-82CF-19FA19E2B4FD}
2012-07-29 14:14:17	--------	d-----w-	C:\Users\Bob\AppData\Local\{5204BD5F-BAAF-4287-85D9-9D0515A1922A}
2012-07-29 02:13:53	--------	d-----w-	C:\Users\Bob\AppData\Local\{E46F76E6-6328-406C-BB5D-EE5468E404C0}
2012-07-29 02:13:42	--------	d-----w-	C:\Users\Bob\AppData\Local\{512B7861-CF5F-463E-BA39-F870DC558215}
2012-07-28 14:13:29	--------	d-----w-	C:\Users\Bob\AppData\Local\{E103D05F-6ED1-4900-9407-F23A38D43D4D}
2012-07-28 14:13:18	--------	d-----w-	C:\Users\Bob\AppData\Local\{684337A6-9636-4115-869D-96CE31620C8D}
2012-07-28 02:13:04	--------	d-----w-	C:\Users\Bob\AppData\Local\{BAF0FCB9-4048-4BB5-89E4-2E0FB01EBDA2}
2012-07-28 02:12:53	--------	d-----w-	C:\Users\Bob\AppData\Local\{154D8E50-F204-4472-9E0D-ACFCB8340DAA}
2012-07-27 14:12:41	--------	d-----w-	C:\Users\Bob\AppData\Local\{839DE80F-7C0C-4968-9B33-A54FE6613B9C}
2012-07-27 14:12:31	--------	d-----w-	C:\Users\Bob\AppData\Local\{EDD493FE-EFA5-486A-B52D-1FACD8CCD8E6}
2012-07-27 02:12:18	--------	d-----w-	C:\Users\Bob\AppData\Local\{AEF469ED-5D13-484C-8FB2-40CB62394B13}
2012-07-27 02:12:08	--------	d-----w-	C:\Users\Bob\AppData\Local\{BF5F351F-05FD-4955-B68E-F3311F7CE604}
2012-07-26 14:11:55	--------	d-----w-	C:\Users\Bob\AppData\Local\{9E04438A-5354-4490-8087-F093D32F238A}
2012-07-26 14:11:45	--------	d-----w-	C:\Users\Bob\AppData\Local\{04426084-E75E-4E45-9D64-483F4109E05F}
2012-07-26 13:42:49	--------	d-----w-	C:\Program Files (x86)\Safer Networking
2012-07-26 02:11:33	--------	d-----w-	C:\Users\Bob\AppData\Local\{AA24C4A4-1975-4CBC-AC06-5AE61650E180}
2012-07-26 02:11:23	--------	d-----w-	C:\Users\Bob\AppData\Local\{FF055BD4-DDB5-4CB4-A244-3D4DB86DC173}
2012-07-25 14:11:10	--------	d-----w-	C:\Users\Bob\AppData\Local\{EDD9A06D-F250-44EA-8545-6BB302A4A38C}
2012-07-25 14:10:59	--------	d-----w-	C:\Users\Bob\AppData\Local\{31CB8B0E-7BE8-404B-8FB6-A0041263CCD0}
2012-07-25 02:10:31	--------	d-----w-	C:\Users\Bob\AppData\Local\{5CEB1C3F-FB14-4A06-AF2F-9845F8DFE4E9}
2012-07-25 02:10:19	--------	d-----w-	C:\Users\Bob\AppData\Local\{ADA671C5-42A8-47AA-B283-565C0D87C09B}
2012-07-24 14:10:07	--------	d-----w-	C:\Users\Bob\AppData\Local\{65615D95-F0B1-487A-BB72-728EEEEA1AC1}
2012-07-24 14:09:56	--------	d-----w-	C:\Users\Bob\AppData\Local\{9A3DDD9D-E3C1-4FE2-A50E-9D188880D670}
2012-07-24 02:09:43	--------	d-----w-	C:\Users\Bob\AppData\Local\{09E69FD4-F006-446C-91AA-8CBDBA0FE139}
2012-07-24 02:09:32	--------	d-----w-	C:\Users\Bob\AppData\Local\{5921070C-81CE-48F1-83EB-072FB258C130}
2012-07-23 14:09:19	--------	d-----w-	C:\Users\Bob\AppData\Local\{C5E86654-32D8-45D6-9177-AE84152F265A}
2012-07-23 14:09:09	--------	d-----w-	C:\Users\Bob\AppData\Local\{669133F1-A35A-43F7-87A8-FFC82A53CF55}
2012-07-23 03:25:11	--------	d-----w-	C:\Program Files (x86)\Oracle
2012-07-23 03:24:42	772544	----a-w-	C:\Windows\SysWow64\npDeployJava1.dll
2012-07-23 02:08:56	--------	d-----w-	C:\Users\Bob\AppData\Local\{FF9964BF-3D14-4738-AC36-52FEF738390C}
2012-07-23 02:08:46	--------	d-----w-	C:\Users\Bob\AppData\Local\{A16C8A9C-477D-4F99-A93A-6D87193B59B3}
2012-07-22 14:08:34	--------	d-----w-	C:\Users\Bob\AppData\Local\{F0BF28B9-1F68-4819-A96B-6986DE83A0C8}
2012-07-22 14:08:23	--------	d-----w-	C:\Users\Bob\AppData\Local\{61793D9E-EB43-4529-8AFB-C76BF767939C}
2012-07-22 02:08:10	--------	d-----w-	C:\Users\Bob\AppData\Local\{D92B5264-4440-4865-A742-57524411FE6E}
2012-07-22 02:07:59	--------	d-----w-	C:\Users\Bob\AppData\Local\{3BC6D232-82FB-47B1-81BC-C183377B076E}
.
==================== Find3M  ====================
.
2012-07-27 20:17:44	70344	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 20:17:44	426184	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-06 03:06:20	687544	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2012-06-29 03:56:34	2312704	----a-w-	C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-06-29 03:48:07	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58	1800704	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-06-26 21:03:06	4659712	----a-w-	C:\Windows\SysWow64\Redemption.dll
2012-06-06 06:06:16	2004480	----a-w-	C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16	1881600	----a-w-	C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54	1133568	----a-w-	C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52	1390080	----a-w-	C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52	1236992	----a-w-	C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06	805376	----a-w-	C:\Windows\SysWow64\cdosys.dll
2012-06-05 21:03:52	224088	----a-w-	C:\Windows\System32\drivers\VBoxDrv.sys
2012-06-05 21:03:52	166232	----a-w-	C:\Windows\System32\drivers\VBoxNetFlt.sys
2012-06-05 21:03:52	147288	----a-w-	C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-06-05 21:03:52	130904	----a-w-	C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-06-05 21:02:22	320856	----a-w-	C:\Windows\System32\VBoxNetFltNobj.dll
2012-06-04 07:59:20	99384	----a-w-	C:\Windows\System32\drivers\ssudbus.sys
2012-06-04 07:59:20	203320	----a-w-	C:\Windows\System32\drivers\ssudmdm.sys
2012-06-02 22:15:31	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08	99840	----a-w-	C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12	36864	----a-w-	C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10	458704	----a-w-	C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16	95600	----a-w-	C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16	151920	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31	340992	----a-w-	C:\Windows\System32\schannel.dll
2012-06-02 05:44:21	307200	----a-w-	C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42	22016	----a-w-	C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39	225280	----a-w-	C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10	219136	----a-w-	C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09	96768	----a-w-	C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 16:28:02.52 ===============

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:12 PM

Posted 23 August 2012 - 05:52 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 -bob

-bob
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 30 August 2012 - 02:55 AM

Thank you very much for responding. Here are the requested files:

Search.txt (as it is small):
Farbar Recovery Scan Tool Version: 29-08-2012 03
Ran by SYSTEM at 2012-08-30 01:54:30
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\ERDNT\cache64\services.exe
[2012-03-20 16:29] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======
and the biggie - FRST.txt:
Scan result of Farbar Recovery Scan Tool Version: 29-08-2012 03
Ran by SYSTEM at 30-08-2012 01:52:33
Running from F:\
Windows 7 Professional   (X64) OS Language: English(US) 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [PocketCloud Location] "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [883104 2012-05-11] (Wyse Technology Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] "D:\ProgFiles\Intel\IntelAppStore\bin\ismagent.lnk" [x]
HKLM-x32\...\Run: [Intel AppUp(SM) center_Nagware] "D:\ProgFiles\Intel\IntelAppStore\bin\AppUp.lnk" [x]
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-02] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
HKU\Administrator\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Bob\...\Run: [googletalk] C:\Users\Bob\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKU\Bob\...\Run: [0EF39F5CD2F93E2D49A90D9D56ACFA1B90BF26B7._service_run] "C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service [1238040 2012-08-28] (Google Inc.)
HKU\Bob\...\Run: [chromium] C:\Users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window [1238040 2012-08-28] (Google Inc.)
HKU\Bob\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Bob\...\Run: [Ubuntu One] "C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe" [48808 2012-04-13] ()
HKU\Bob\...\Run: [Ubuntu One Icon] "C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe" --minimized --with-icon [41632 2012-04-13] ()
HKU\Bob\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [12218904 2012-07-20] (Google)
HKU\Bob\...\Run: [BTLive] C:\Users\Bob\AppData\Roaming\BTLive\BTLive.exe [x]
HKU\Bob\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [975288 2012-07-02] (Samsung)
HKU\Bob\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKU\Bob\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-02] ()
HKU\Bob\...\Run: [Google Update] "C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-01-11] (Google Inc.)
HKU\Bob\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe -update plugin [686792 2012-07-27] (Adobe Systems Incorporated)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

==================== Services (Whitelisted) ======

2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 WDBackup; "C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe" [1151424 2012-06-14] (Western Digital )
2 WDDriveService; "C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe" [248248 2012-06-14] (Western Digital)
2 WDRulesService; "C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe" [1177536 2012-06-14] (Western Digital )
2 WysePocketCloud; "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe" [177056 2012-05-11] ()
3 FileZilla Server; "C:\xampp\filezillaftp\filezillaserver.exe" [x]

==================== Drivers (Whitelisted) ===================

3 e1express; C:\Windows\System32\DRIVERS\e1e6232e.sys [287448 2010-03-25] (Intel Corporation)
0 iteatapi; C:\Windows\System32\Drivers\iteatapi.sys [38680 2008-05-14] (ITE Tech. Inc.)
3 TsUsbFlt; C:\Windows\System32\Drivers\TsUsbFlt.sys [59392 2010-11-20] ()
3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117080 2012-05-22] (Oracle Corporation)

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-08-29 22:24 - 2012-08-29 22:24 - 01450005 ____A (Farbar) C:\Users\Bob\Downloads\FRST64.exe
2012-08-29 17:37 - 2012-08-29 17:38 - 00000000 ____D C:\Users\Bob\AppData\Local\{564282B7-CB2C-4393-BC6E-BDF570D095D1}
2012-08-29 05:37 - 2012-08-29 05:37 - 00000000 ____D C:\Users\Bob\AppData\Local\{7A3D9EEC-DCED-4AF6-9253-6A43BE8DC509}
2012-08-28 17:37 - 2012-08-28 17:37 - 00000000 ____D C:\Users\Bob\AppData\Local\{F69BF808-3276-4434-B4F4-6AEC661C3637}
2012-08-28 05:01 - 2012-08-28 05:01 - 00000000 ____D C:\Users\Bob\AppData\Local\{7BB52E18-CB32-444E-8195-E2E3CE4EF74B}
2012-08-27 13:34 - 2012-08-27 13:34 - 02099208 ____A C:\Users\Bob\Downloads\TMR 014 - asphalt shingle roof.dxf
2012-08-27 13:34 - 2012-08-27 13:34 - 00560127 ____A C:\Users\Bob\Downloads\TMR 014 - asphalt shingle roof.dwg
2012-08-27 12:47 - 2012-08-27 12:47 - 00000000 ____D C:\Users\Bob\AppData\Local\{75EF0BF6-034C-4362-88A3-B524827A1D8C}
2012-08-22 21:12 - 2012-08-22 21:12 - 00001046 ____A C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2012-08-22 21:12 - 2012-08-20 14:23 - 00224088 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2012-08-22 21:12 - 2012-08-20 14:23 - 00130904 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2012-08-22 18:33 - 2012-08-22 18:45 - 95187288 ____A (Oracle Corporation) C:\Users\Bob\Downloads\VirtualBox-4.1.20-80170-Win.exe
2012-08-22 08:56 - 2012-08-22 08:56 - 00000526 ____A C:\Users\Bob\Downloads\Configuration_08-22-2012_1155.nas
2012-08-21 18:47 - 2012-08-21 18:47 - 00000000 ____D C:\Users\Bob\Desktop\BleepingComputerStuff
2012-08-20 14:23 - 2012-08-20 14:23 - 00320856 ____A (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll
2012-08-20 14:23 - 2012-08-20 14:23 - 00166232 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys
2012-08-20 14:23 - 2012-08-20 14:23 - 00147288 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2012-08-20 13:01 - 2012-08-20 13:00 - 00607260 ____R (Swearware) C:\Users\Bob\Desktop\dds.com
2012-08-20 05:39 - 2012-08-20 05:39 - 00000000 ____D C:\Users\Bob\AppData\Local\{BB2269A0-9A12-4DF3-9C9D-9B1EA0CF4DED}
2012-08-19 13:32 - 2012-08-19 13:33 - 00000000 ____D C:\Users\Bob\AppData\Local\{962A69D7-3618-4594-A41F-46A4B3FDD405}
2012-08-19 01:32 - 2012-08-19 01:32 - 00000000 ____D C:\Users\Bob\AppData\Local\{B5D39981-F911-4FB6-8484-FB8EED4EA5FC}
2012-08-18 13:31 - 2012-08-18 13:31 - 00000000 ____D C:\Users\Bob\AppData\Local\{7D77C2F7-7408-4C86-8360-617AE4E94F6E}
2012-08-18 13:31 - 2012-08-18 13:31 - 00000000 ____D C:\Users\Bob\AppData\Local\{4CD3331A-58AE-4208-B90F-4542D3371C67}
2012-08-18 09:09 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-18 09:09 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-18 09:09 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-18 09:09 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-18 09:09 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-18 09:09 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-18 09:09 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-18 09:09 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-18 09:09 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-18 09:09 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-18 09:09 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-18 09:09 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-18 09:09 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-18 09:09 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-18 09:09 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-18 09:09 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-18 09:09 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-18 09:09 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-18 09:09 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-18 09:09 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-18 09:09 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-18 09:09 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-18 09:09 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-18 09:09 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-18 09:09 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-18 09:09 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-18 09:09 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-18 09:09 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-18 07:24 - 2012-08-18 07:25 - 07921627 ____A C:\Users\Bob\Downloads\CardReader_Alcor_2.01.02.02_Vistax64Vistax86_A.zip
2012-08-18 07:22 - 2012-08-18 07:23 - 00012650 ____A C:\Users\Bob\AppData\Local\HWVendorDetection.log
2012-08-18 07:21 - 2012-08-18 07:21 - 02074728 ____A (Acer Inc.) C:\Users\Bob\Downloads\HWVendorDetection.exe
2012-08-17 13:37 - 2012-08-22 21:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8
2012-08-16 11:15 - 2012-08-16 11:15 - 00237056 ____A C:\Users\Bob\Downloads\sec-ssh.ppt
2012-08-16 10:36 - 2012-08-16 10:39 - 13876834 ____A C:\Users\Bob\Downloads\totalbeginnerlesson16.zip
2012-08-16 09:43 - 2012-08-16 09:52 - 16798061 ____A C:\Users\Bob\Downloads\totalbeginnerlesson14.zip
2012-08-16 09:43 - 2012-08-16 09:52 - 16641796 ____A C:\Users\Bob\Downloads\totalbeginnerlesson15.zip
2012-08-16 09:43 - 2012-08-16 09:52 - 15682906 ____A C:\Users\Bob\Downloads\totalbeginnerlesson13.zip
2012-08-16 09:42 - 2012-08-16 09:52 - 20599700 ____A C:\Users\Bob\Downloads\totalbeginnerlesson11.zip
2012-08-16 09:42 - 2012-08-16 09:51 - 14729430 ____A C:\Users\Bob\Downloads\totalbeginnerlesson12.zip
2012-08-15 18:14 - 2012-08-15 18:19 - 12550354 ____A C:\Users\Bob\Downloads\totalbeginnerlesson09.zip
2012-08-15 18:12 - 2012-08-15 18:20 - 19734368 ____A C:\Users\Bob\Downloads\totalbeginnerlesson08.zip
2012-08-15 18:12 - 2012-08-15 18:20 - 19062344 ____A C:\Users\Bob\Downloads\totalbeginnerlesson07.zip
2012-08-15 18:12 - 2012-08-15 18:19 - 13688018 ____A C:\Users\Bob\Downloads\totalbeginnerlesson10.zip
2012-08-15 14:37 - 2012-08-15 14:42 - 16746535 ____A C:\Users\Bob\Downloads\totalbeginnerlesson06.zip
2012-08-15 14:36 - 2012-08-15 14:41 - 14479712 ____A C:\Users\Bob\Downloads\totalbeginnerlesson05.zip
2012-08-15 14:35 - 2012-08-15 14:42 - 18242102 ____A C:\Users\Bob\Downloads\totalbeginnerlesson04.zip
2012-08-15 14:35 - 2012-08-15 14:40 - 12975274 ____A C:\Users\Bob\Downloads\totalbeginnerlesson03.zip
2012-08-15 14:34 - 2012-08-15 14:39 - 14408020 ____A C:\Users\Bob\Downloads\totalbeginnerlesson02.zip
2012-08-15 14:33 - 2012-08-15 14:34 - 10336918 ____A C:\Users\Bob\Downloads\totalbeginnerlesson01.zip
2012-08-15 07:27 - 2012-08-15 07:27 - 00000000 ____D C:\junk
2012-08-15 06:31 - 2012-08-15 06:31 - 00000000 ____D C:\Users\Bob\AppData\Local\{F063D83C-AE43-4C13-8395-CA93F2E241C2}
2012-08-15 06:31 - 2012-08-15 06:31 - 00000000 ____D C:\Users\Bob\AppData\Local\{E88D26EF-CACE-4ED1-81E7-D4F2FFDFD6EA}
2012-08-15 01:55 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-15 01:55 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-15 01:55 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-15 01:55 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-15 01:55 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-15 01:55 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-15 01:54 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 01:54 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 01:54 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 01:54 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-15 01:54 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-15 01:54 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-15 01:54 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-14 19:53 - 2012-08-14 19:53 - 00000850 ____A C:\Users\Bob\.recently-used.xbel
2012-08-14 18:30 - 2012-08-14 18:31 - 00000000 ____D C:\Users\Bob\AppData\Local\{203D4B61-C98A-44EC-BC9A-A4725AC4CD6A}
2012-08-14 18:30 - 2012-08-14 18:30 - 00000000 ____D C:\Users\Bob\AppData\Local\{DFCB514F-FACF-47AF-AFDF-C64880A20384}
2012-08-14 06:30 - 2012-08-14 06:30 - 00000000 ____D C:\Users\Bob\AppData\Local\{2528C85F-63BF-4121-A86F-1BA67D5AED52}
2012-08-14 06:30 - 2012-08-14 06:30 - 00000000 ____D C:\Users\Bob\AppData\Local\{17EB2BF5-4A4B-4D11-BEA8-6CB01C5DF67C}
2012-08-13 18:30 - 2012-08-13 18:30 - 00000000 ____D C:\Users\Bob\AppData\Local\{64A16758-9C1D-4AA9-9B06-4A9164E39910}
2012-08-13 18:30 - 2012-08-13 18:30 - 00000000 ____D C:\Users\Bob\AppData\Local\{1AFF168C-876F-4DFB-BB13-44BEB1E30271}
2012-08-13 06:42 - 2012-08-13 06:42 - 00448512 ____A (OldTimer Tools) C:\Users\Bob\Downloads\TFC.exe
2012-08-13 06:29 - 2012-08-13 06:29 - 00000000 ____D C:\Users\Bob\AppData\Local\{D1335F82-D593-4E6B-98CC-953C71468875}
2012-08-13 06:29 - 2012-08-13 06:29 - 00000000 ____D C:\Users\Bob\AppData\Local\{47A67121-E37D-4260-ABC6-7713C5C7EAB0}
2012-08-12 18:29 - 2012-08-12 18:29 - 00000000 ____D C:\Users\Bob\AppData\Local\{B224A400-0E5B-41E4-8F04-96F8EBED3A18}
2012-08-12 18:29 - 2012-08-12 18:29 - 00000000 ____D C:\Users\Bob\AppData\Local\{80E375F7-DAF4-46B3-A177-03D1C915363D}
2012-08-12 13:56 - 2012-08-12 13:56 - 00000000 ____D C:\Program Files\Western Digital
2012-08-12 13:56 - 2012-08-12 13:56 - 00000000 ____D C:\Program Files (x86)\Western Digital
2012-08-12 13:44 - 2012-08-12 13:49 - 35180670 ____A C:\Users\Bob\Downloads\SmartWare_Windows_Upgrader_1.6.2.5.zip
2012-08-12 10:51 - 2012-08-12 10:51 - 00002047 ____A C:\Users\Bob\Documents\GeoGebra2.ggb
2012-08-12 06:28 - 2012-08-12 06:28 - 00000000 ____D C:\Users\Bob\AppData\Local\{DD0F6DFA-77B5-4CEF-8142-494184D79992}
2012-08-12 06:28 - 2012-08-12 06:28 - 00000000 ____D C:\Users\Bob\AppData\Local\{7254503B-1C31-4B43-AE02-8A3201EDE710}
2012-08-11 18:28 - 2012-08-11 18:28 - 00000000 ____D C:\Users\Bob\AppData\Local\{E8167DCF-0100-4F45-9286-A15DC71A3905}
2012-08-11 18:28 - 2012-08-11 18:28 - 00000000 ____D C:\Users\Bob\AppData\Local\{CD088EA6-D97D-4BB3-9165-A54432C42A29}
2012-08-11 06:27 - 2012-08-11 06:28 - 00000000 ____D C:\Users\Bob\AppData\Local\{0D6BA6DF-DEBF-4CD1-AB84-95ED994D3E43}
2012-08-11 06:27 - 2012-08-11 06:27 - 00000000 ____D C:\Users\Bob\AppData\Local\{D5746AD4-260B-4022-9696-1D816F41C68F}
2012-08-10 18:36 - 2012-08-10 18:36 - 00000000 ____D C:\Users\Bob\AppData\Local\{BCCC4618-0242-4839-B9E1-F96088E15709}
2012-08-10 18:36 - 2012-08-10 18:36 - 00000000 ____D C:\Users\Bob\AppData\Local\{47895964-941B-4DF9-98AA-4F18DEF068E6}
2012-08-10 06:35 - 2012-08-10 06:36 - 00000000 ____D C:\Users\Bob\AppData\Local\{76F77CB9-78C2-49EF-AD95-4CC6F8D209E5}
2012-08-10 06:35 - 2012-08-10 06:35 - 00000000 ____D C:\Users\Bob\AppData\Local\{A7528B68-865C-4925-B3C8-4EAE020C5E21}
2012-08-09 18:35 - 2012-08-09 18:35 - 00000000 ____D C:\Users\Bob\AppData\Local\{69FCC2C5-51AE-411A-B10A-06E0A04C43E7}
2012-08-09 18:35 - 2012-08-09 18:35 - 00000000 ____D C:\Users\Bob\AppData\Local\{668E4CEF-449F-4647-96B7-2F68B7EE7EB9}
2012-08-09 06:35 - 2012-08-09 06:35 - 00000000 ____D C:\Users\Bob\AppData\Local\{36225621-C03E-44F1-90D6-223AE663EDA0}
2012-08-09 06:34 - 2012-08-09 06:35 - 00000000 ____D C:\Users\Bob\AppData\Local\{A17A5244-5F01-47A4-A42E-57C3668F6DD3}
2012-08-08 18:34 - 2012-08-08 18:34 - 00000000 ____D C:\Users\Bob\AppData\Local\{D2B781C4-51E7-4147-A6C4-E9122DB2EE1E}
2012-08-08 18:34 - 2012-08-08 18:34 - 00000000 ____D C:\Users\Bob\AppData\Local\{93503453-AB50-4568-A5EF-C18A3CFC4D77}
2012-08-08 06:34 - 2012-08-08 06:34 - 00000000 ____D C:\Users\Bob\AppData\Local\{E29599DE-AB25-4704-9EF7-F1A31AEFFEDD}
2012-08-08 06:34 - 2012-08-08 06:34 - 00000000 ____D C:\Users\Bob\AppData\Local\{3AB9474B-7F67-403F-B2EE-DBF3E578FBE0}
2012-08-07 18:33 - 2012-08-07 18:34 - 00000000 ____D C:\Users\Bob\AppData\Local\{BDA1A63D-063D-42B6-9667-B2605B449CD6}
2012-08-07 18:33 - 2012-08-07 18:33 - 00000000 ____D C:\Users\Bob\AppData\Local\{E6A21852-EB22-49C1-A064-59765CD4E2F7}
2012-08-07 06:33 - 2012-08-07 06:33 - 00000000 ____D C:\Users\Bob\AppData\Local\{E565187A-64EF-4213-AAFD-76584CF44EC9}
2012-08-07 06:33 - 2012-08-07 06:33 - 00000000 ____D C:\Users\Bob\AppData\Local\{908B78EB-ADC8-4CCE-B4EB-040ED69F298A}
2012-08-06 18:33 - 2012-08-06 18:33 - 00000000 ____D C:\Users\Bob\AppData\Local\{6F26D7C5-9F98-424C-B0EF-5F92D3A040B5}
2012-08-06 18:32 - 2012-08-06 18:33 - 00000000 ____D C:\Users\Bob\AppData\Local\{AEBB8775-8B8F-4697-B845-1404FCCD204D}
2012-08-06 06:32 - 2012-08-06 06:32 - 00000000 ____D C:\Users\Bob\AppData\Local\{E468BBFA-CAC0-403C-829E-07740DA2C5AD}
2012-08-06 06:32 - 2012-08-06 06:32 - 00000000 ____D C:\Users\Bob\AppData\Local\{B456492A-E07E-41FD-869B-2523D766A4C8}
2012-08-05 18:52 - 2012-08-05 23:21 - 00000000 ____D C:\Users\Bob\.explorer.cache
2012-08-05 18:32 - 2012-08-05 18:32 - 00000000 ____D C:\Users\Bob\AppData\Local\{A897F041-2463-4B47-B35E-1325FB094903}
2012-08-05 18:32 - 2012-08-05 18:32 - 00000000 ____D C:\Users\Bob\AppData\Local\{5A5A1147-C093-4738-BFE8-4BA245596530}
2012-08-05 06:31 - 2012-08-05 06:32 - 00000000 ____D C:\Users\Bob\AppData\Local\{3788A499-F524-4049-96F5-85806F72FF0A}
2012-08-05 06:31 - 2012-08-05 06:31 - 00000000 ____D C:\Users\Bob\AppData\Local\{07F52A3F-F28E-475E-8E80-2EA6EC871BAC}
2012-08-04 18:31 - 2012-08-04 18:31 - 00000000 ____D C:\Users\Bob\AppData\Local\{BC3AD987-F29E-4FBF-9952-413477AA13AF}
2012-08-04 18:31 - 2012-08-04 18:31 - 00000000 ____D C:\Users\Bob\AppData\Local\{28D4A4AF-678C-44DE-982A-5E6140D5097A}
2012-08-04 10:36 - 2012-08-04 10:36 - 00023258 ____A C:\Users\Bob\Documents\try1.osg
2012-08-04 09:55 - 2012-08-04 09:55 - 00000705 ____A C:\Users\Bob\Desktop\Archimedes Geo3D.lnk
2012-08-04 09:55 - 2012-08-04 09:55 - 00000012 ____A C:\Users\Bob\tmpifo.bat
2012-08-04 09:51 - 2012-08-04 09:53 - 16254863 ____A (Andreas Goebel                                              ) C:\Users\Bob\Downloads\ArchimedesGeo3DSetup1_3_6.exe
2012-08-04 09:08 - 2012-08-04 09:10 - 11775544 ____A (International GeoGebra Institute) C:\Users\Bob\Downloads\GeoGebra-Windows-Installer-4-0-38-0.exe
2012-08-04 06:31 - 2012-08-04 06:31 - 00000000 ____D C:\Users\Bob\AppData\Local\{DE8137FC-99C0-4B22-ABB3-0413973F3461}
2012-08-04 06:30 - 2012-08-04 06:31 - 00000000 ____D C:\Users\Bob\AppData\Local\{3ECF4ED1-435D-495D-8628-27A60D4FCE8A}
2012-08-03 18:30 - 2012-08-03 18:30 - 00000000 ____D C:\Users\Bob\AppData\Local\{F91791FC-4A5E-4773-8BF2-F393A53F728E}
2012-08-03 18:30 - 2012-08-03 18:30 - 00000000 ____D C:\Users\Bob\AppData\Local\{CDAF6C07-55D7-4BF5-8694-032F7A4A4A89}
2012-08-03 06:30 - 2012-08-03 06:30 - 00000000 ____D C:\Users\Bob\AppData\Local\{DB1D5DBB-56DB-4189-B361-A5D447CB41F2}
2012-08-03 06:30 - 2012-08-03 06:30 - 00000000 ____D C:\Users\Bob\AppData\Local\{BE489385-F0A8-4CC7-A856-331ECAAF3964}
2012-08-02 18:29 - 2012-08-02 18:30 - 00000000 ____D C:\Users\Bob\AppData\Local\{14A1A441-7B7E-4ECA-8E8B-78E669908146}
2012-08-02 18:29 - 2012-08-02 18:29 - 00000000 ____D C:\Users\Bob\AppData\Local\{7C292F0E-11DD-4267-964D-5EA893A5EE75}
2012-08-02 06:29 - 2012-08-02 06:29 - 00000000 ____D C:\Users\Bob\AppData\Local\{30814DF6-04DE-4A47-9BCD-038F894F0539}
2012-08-02 06:29 - 2012-08-02 06:29 - 00000000 ____D C:\Users\Bob\AppData\Local\{1AD13D28-D7F1-4B5F-8EC9-FE1C5CC62B8D}
2012-08-01 18:29 - 2012-08-01 18:29 - 00000000 ____D C:\Users\Bob\AppData\Local\{0DD3AF7A-B3A9-4300-9E2A-55BAD55A5917}
2012-08-01 18:28 - 2012-08-01 18:29 - 00000000 ____D C:\Users\Bob\AppData\Local\{AD86E54F-146A-4A89-9F61-0356B6CBD060}
2012-08-01 06:28 - 2012-08-01 06:28 - 00000000 ____D C:\Users\Bob\AppData\Local\{789021B7-85B4-4E57-8822-12FD888DA69B}
2012-08-01 06:28 - 2012-08-01 06:28 - 00000000 ____D C:\Users\Bob\AppData\Local\{27853C43-5D87-4550-92E8-F2CDEAC110DA}
2012-07-31 18:28 - 2012-07-31 18:28 - 00000000 ____D C:\Users\Bob\AppData\Local\{DD8111ED-1F0F-451C-A62A-FFFBDFA6170D}
2012-07-31 18:28 - 2012-07-31 18:28 - 00000000 ____D C:\Users\Bob\AppData\Local\{8CAFD653-3692-40DE-820F-58EDFA5E1DB1}
2012-07-31 06:27 - 2012-07-31 06:27 - 00000000 ____D C:\Users\Bob\AppData\Local\{131C6CC6-FF5C-4CD3-9E8F-A2010F022D3C}
2012-07-31 06:27 - 2012-07-31 06:27 - 00000000 ____D C:\Users\Bob\AppData\Local\{01D14CBE-1055-4EAB-B3BD-A627BDAB9D6E}


==================== 3 Months Modified Files ================================

2012-08-29 22:40 - 2010-12-31 21:59 - 01172093 ____A C:\Windows\WindowsUpdate.log
2012-08-29 22:32 - 2009-07-13 21:13 - 00783510 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-29 22:31 - 2011-01-11 18:41 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915202464-1380726330-1800604502-1000UA.job
2012-08-29 22:24 - 2012-08-29 22:24 - 01450005 ____A (Farbar) C:\Users\Bob\Downloads\FRST64.exe
2012-08-29 22:02 - 2011-01-06 12:00 - 00000600 ____A C:\Users\Bob\AppData\Local\PUTTY.RND
2012-08-29 22:02 - 2011-01-03 20:27 - 00017512 ____A C:\Users\Bob\_viminfo
2012-08-29 21:57 - 2012-03-09 16:36 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-29 20:35 - 2011-01-11 18:44 - 00002449 ____A C:\Users\Bob\Desktop\Google Chrome.lnk
2012-08-29 17:57 - 2012-03-09 16:36 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-28 23:31 - 2011-01-11 18:41 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915202464-1380726330-1800604502-1000Core.job
2012-08-27 13:34 - 2012-08-27 13:34 - 02099208 ____A C:\Users\Bob\Downloads\TMR 014 - asphalt shingle roof.dxf
2012-08-27 13:34 - 2012-08-27 13:34 - 00560127 ____A C:\Users\Bob\Downloads\TMR 014 - asphalt shingle roof.dwg
2012-08-22 21:12 - 2012-08-22 21:12 - 00001046 ____A C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2012-08-22 18:45 - 2012-08-22 18:33 - 95187288 ____A (Oracle Corporation) C:\Users\Bob\Downloads\VirtualBox-4.1.20-80170-Win.exe
2012-08-22 08:56 - 2012-08-22 08:56 - 00000526 ____A C:\Users\Bob\Downloads\Configuration_08-22-2012_1155.nas
2012-08-21 18:51 - 2011-02-08 20:30 - 00002658 ____A C:\Users\Bob\Desktop\AllHours.xlsx - Shortcut.lnk
2012-08-21 02:51 - 2009-07-13 20:45 - 00013792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-21 02:51 - 2009-07-13 20:45 - 00013792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-20 14:23 - 2012-08-22 21:12 - 00224088 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2012-08-20 14:23 - 2012-08-22 21:12 - 00130904 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2012-08-20 14:23 - 2012-08-20 14:23 - 00320856 ____A (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll
2012-08-20 14:23 - 2012-08-20 14:23 - 00166232 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys
2012-08-20 14:23 - 2012-08-20 14:23 - 00147288 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2012-08-20 13:22 - 2012-07-12 06:19 - 00006800 ____A C:\Windows\setupact.log
2012-08-20 13:22 - 2011-01-01 23:43 - 00043924 ____A C:\Windows\PFRO.log
2012-08-20 13:22 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-20 13:00 - 2012-08-20 13:01 - 00607260 ____R (Swearware) C:\Users\Bob\Desktop\dds.com
2012-08-20 06:02 - 2009-07-13 21:08 - 00032540 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-18 10:30 - 2009-07-13 20:45 - 00447544 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-18 09:05 - 2011-01-01 22:32 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-18 09:03 - 2011-01-07 10:52 - 00000600 ____A C:\Users\Bob\AppData\Roaming\winscp.rnd
2012-08-18 07:25 - 2012-08-18 07:24 - 07921627 ____A C:\Users\Bob\Downloads\CardReader_Alcor_2.01.02.02_Vistax64Vistax86_A.zip
2012-08-18 07:23 - 2012-08-18 07:22 - 00012650 ____A C:\Users\Bob\AppData\Local\HWVendorDetection.log
2012-08-18 07:21 - 2012-08-18 07:21 - 02074728 ____A (Acer Inc.) C:\Users\Bob\Downloads\HWVendorDetection.exe
2012-08-16 11:15 - 2012-08-16 11:15 - 00237056 ____A C:\Users\Bob\Downloads\sec-ssh.ppt
2012-08-16 10:39 - 2012-08-16 10:36 - 13876834 ____A C:\Users\Bob\Downloads\totalbeginnerlesson16.zip
2012-08-16 09:52 - 2012-08-16 09:43 - 16798061 ____A C:\Users\Bob\Downloads\totalbeginnerlesson14.zip
2012-08-16 09:52 - 2012-08-16 09:43 - 16641796 ____A C:\Users\Bob\Downloads\totalbeginnerlesson15.zip
2012-08-16 09:52 - 2012-08-16 09:43 - 15682906 ____A C:\Users\Bob\Downloads\totalbeginnerlesson13.zip
2012-08-16 09:52 - 2012-08-16 09:42 - 20599700 ____A C:\Users\Bob\Downloads\totalbeginnerlesson11.zip
2012-08-16 09:51 - 2012-08-16 09:42 - 14729430 ____A C:\Users\Bob\Downloads\totalbeginnerlesson12.zip
2012-08-15 18:20 - 2012-08-15 18:12 - 19734368 ____A C:\Users\Bob\Downloads\totalbeginnerlesson08.zip
2012-08-15 18:20 - 2012-08-15 18:12 - 19062344 ____A C:\Users\Bob\Downloads\totalbeginnerlesson07.zip
2012-08-15 18:19 - 2012-08-15 18:14 - 12550354 ____A C:\Users\Bob\Downloads\totalbeginnerlesson09.zip
2012-08-15 18:19 - 2012-08-15 18:12 - 13688018 ____A C:\Users\Bob\Downloads\totalbeginnerlesson10.zip
2012-08-15 14:42 - 2012-08-15 14:37 - 16746535 ____A C:\Users\Bob\Downloads\totalbeginnerlesson06.zip
2012-08-15 14:42 - 2012-08-15 14:35 - 18242102 ____A C:\Users\Bob\Downloads\totalbeginnerlesson04.zip
2012-08-15 14:41 - 2012-08-15 14:36 - 14479712 ____A C:\Users\Bob\Downloads\totalbeginnerlesson05.zip
2012-08-15 14:40 - 2012-08-15 14:35 - 12975274 ____A C:\Users\Bob\Downloads\totalbeginnerlesson03.zip
2012-08-15 14:39 - 2012-08-15 14:34 - 14408020 ____A C:\Users\Bob\Downloads\totalbeginnerlesson02.zip
2012-08-15 14:34 - 2012-08-15 14:33 - 10336918 ____A C:\Users\Bob\Downloads\totalbeginnerlesson01.zip
2012-08-14 19:53 - 2012-08-14 19:53 - 00000850 ____A C:\Users\Bob\.recently-used.xbel
2012-08-13 06:42 - 2012-08-13 06:42 - 00448512 ____A (OldTimer Tools) C:\Users\Bob\Downloads\TFC.exe
2012-08-12 13:57 - 2012-06-03 08:55 - 00009132 ____A C:\Windows\DPINST.LOG
2012-08-12 13:49 - 2012-08-12 13:44 - 35180670 ____A C:\Users\Bob\Downloads\SmartWare_Windows_Upgrader_1.6.2.5.zip
2012-08-12 10:51 - 2012-08-12 10:51 - 00002047 ____A C:\Users\Bob\Documents\GeoGebra2.ggb
2012-08-04 10:36 - 2012-08-04 10:36 - 00023258 ____A C:\Users\Bob\Documents\try1.osg
2012-08-04 09:55 - 2012-08-04 09:55 - 00000705 ____A C:\Users\Bob\Desktop\Archimedes Geo3D.lnk
2012-08-04 09:55 - 2012-08-04 09:55 - 00000012 ____A C:\Users\Bob\tmpifo.bat
2012-08-04 09:53 - 2012-08-04 09:51 - 16254863 ____A (Andreas Goebel                                              ) C:\Users\Bob\Downloads\ArchimedesGeo3DSetup1_3_6.exe
2012-08-04 09:10 - 2012-08-04 09:08 - 11775544 ____A (International GeoGebra Institute) C:\Users\Bob\Downloads\GeoGebra-Windows-Installer-4-0-38-0.exe
2012-07-29 18:26 - 2012-07-29 18:25 - 07457336 ____A (Wargaming.net                                           	) C:\Users\Bob\Downloads\WoT_internet_install_us.exe
2012-07-29 05:53 - 2012-07-29 05:34 - 168454136 ____A (NVIDIA Corporation) C:\Users\Bob\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
2012-07-29 04:22 - 2012-07-29 04:22 - 00291640 ____A C:\Windows\Minidump\072912-62462-01.dmp
2012-07-27 12:17 - 2012-04-01 20:16 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-27 12:17 - 2011-05-20 06:57 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-26 05:38 - 2012-07-26 05:37 - 04333832 ____A (Safer Networking Limited                                    ) C:\Users\Bob\Downloads\filealyz-2.0.5.57.exe
2012-07-26 05:33 - 2012-07-26 05:33 - 00163743 ____A C:\Users\Bob\Downloads\fa.rar
2012-07-25 20:42 - 2011-01-07 10:52 - 00000993 ____A C:\Users\Public\Desktop\WinSCP.lnk
2012-07-25 20:40 - 2012-07-25 20:40 - 03401768 ____A (Martin Prikryl                                              ) C:\Users\Bob\Downloads\winscp507setup.exe
2012-07-25 16:07 - 2012-07-25 16:07 - 01577751 ____A C:\Users\Bob\Downloads\systemLog_WMAWZ0087622_1343261147.zip
2012-07-25 04:44 - 2012-07-25 04:44 - 00291640 ____A C:\Windows\Minidump\072512-82976-01.dmp
2012-07-23 10:29 - 2012-07-23 10:29 - 01119856 ____A C:\Users\Bob\Desktop\bookmarks-2012-07-23.json
2012-07-22 19:24 - 2012-07-22 19:24 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-22 19:24 - 2012-07-22 19:24 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-22 19:16 - 2012-07-22 19:16 - 00893936 ____A (Oracle Corporation) C:\Users\Bob\Downloads\chromeinstall-7u5.exe
2012-07-21 09:53 - 2012-06-15 07:48 - 00001811 ____A C:\Users\Public\Desktop\Process Hacker 2.lnk
2012-07-20 09:56 - 2012-07-20 09:53 - 21178512 ____A (Wyse Technology) C:\Users\Bob\Downloads\PocketCloud Windows Companion_v2.4.19.exe
2012-07-18 10:15 - 2012-08-15 01:54 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-13 19:42 - 2011-09-24 19:46 - 00751885 ____A C:\Users\Bob\foo.2
2012-07-13 19:38 - 2011-02-06 10:40 - 00751885 ____A C:\Users\Bob\foo.1
2012-07-13 16:21 - 2012-07-13 16:21 - 00001967 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2012-07-13 16:21 - 2010-12-31 20:22 - 00117864 ____A C:\Users\Bob\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-13 13:16 - 2011-01-27 11:37 - 00777234 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-13 11:11 - 2012-07-13 11:11 - 00001080 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-07-13 10:50 - 2012-07-13 10:46 - 22657136 ____A C:\Users\Bob\Documents\vlc-2.0.2-win32.exe
2012-07-12 20:47 - 2012-07-12 19:40 - 93912112 ___RA (Samsung Electronics Co., Ltd.                                ) C:\Users\Bob\Downloads\Kies_2.3.2.12064_9_7.exe
2012-07-12 06:19 - 2012-07-12 06:19 - 00000000 ____A C:\Windows\setuperr.log
2012-07-05 19:06 - 2012-07-22 19:24 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-05 19:06 - 2012-07-22 19:24 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-05 19:06 - 2011-01-28 20:51 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-07-04 14:16 - 2012-08-15 01:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 01:54 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 01:54 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 01:54 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 01:54 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 20:55 - 2012-08-18 09:09 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-18 09:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-18 09:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-18 09:09 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-18 09:09 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-18 09:09 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-18 09:09 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-18 09:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-18 09:09 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-18 09:09 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-18 09:09 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-18 09:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-18 09:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-18 09:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-18 09:09 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-18 09:09 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-18 09:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-18 09:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-18 09:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-18 09:09 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-18 09:09 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-18 09:09 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-18 09:09 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-18 09:09 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-18 09:09 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-18 09:09 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-18 09:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-18 09:09 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-26 13:03 - 2011-02-24 11:56 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00974848 ____A C:\Windows\SysWOW64\cis-2.4.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00569344 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzdecode.ax
2012-06-26 13:02 - 2012-06-26 13:02 - 00491520 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00352256 ____A (Sample Corporation) C:\Windows\SysWOW64\MSLUR71.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00258048 ____A ((c) PeeringPortal) C:\Windows\SysWOW64\muzoggsp.ax
2012-06-26 13:02 - 2012-06-26 13:02 - 00245760 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSCLib.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00200704 ____A ( (c) MusicCity) C:\Windows\SysWOW64\muzwmts.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe
2012-06-26 13:02 - 2012-06-26 13:02 - 00155648 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSFLib.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00143360 ____A C:\Windows\SysWOW64\3DAudio.ax
2012-06-26 13:02 - 2012-06-26 13:02 - 00135168 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzaf1.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00131072 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzmpgsp.ax
2012-06-26 13:02 - 2012-06-26 13:02 - 00122880 ____A ((c) MUSICCITY) C:\Windows\SysWOW64\muzeffect.ax
2012-06-26 13:02 - 2012-06-26 13:02 - 00118784 ____A ((?)????) C:\Windows\SysWOW64\MaDRM.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00110592 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzmp4sp.ax
2012-06-26 13:02 - 2012-06-26 13:02 - 00090112 ____A ((?)????) C:\Windows\MAMCityDownload.ocx
2012-06-26 13:02 - 2012-06-26 13:02 - 00081920 ____A C:\Windows\SysWOW64\issacapi_bs-2.3.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00065536 ____A C:\Windows\SysWOW64\issacapi_pe-2.3.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00057344 ____A C:\Windows\SysWOW64\issacapi_se-2.3.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00057344 ____A (Marktek) C:\Windows\SysWOW64\MK_Lyric.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00057344 ____A (Marktek Inc.) C:\Windows\SysWOW64\MTXSYNCICON.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00049152 ____A ((?) ????) C:\Windows\SysWOW64\MaJGUILib.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00045320 ____A (MARKANY) C:\Windows\SysWOW64\MAMACExtract.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MaXMLProto.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MACXMLProto.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00040960 ____A (Telechips Inc.,) C:\Windows\SysWOW64\MTTELECHIP.dll
2012-06-26 13:02 - 2012-06-26 13:02 - 00030568 ____A () C:\Windows\MusiccityDownload.exe
2012-06-26 13:02 - 2012-06-26 13:02 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe
2012-06-26 13:02 - 2011-08-22 22:10 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-06-21 06:41 - 2012-05-08 05:41 - 00001140 ____A C:\Users\Public\Desktop\Foxit Reader.lnk
2012-06-17 16:08 - 2012-04-27 09:40 - 00002118 ____A C:\Users\Public\Desktop\Blender.lnk
2012-06-10 17:17 - 2012-06-10 17:17 - 00000145 ____A C:\Users\Bob\.octave_hist
2012-06-08 21:43 - 2012-07-10 23:29 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 23:29 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 16:39 - 2012-06-08 16:39 - 00018283 ____A C:\Users\Bob\Documents\Hours-Summary-RnD-2012-05.xlsx
2012-06-07 17:39 - 2012-06-07 17:39 - 00000881 ____A C:\Users\Public\Desktop\Achilles.lnk
2012-06-07 17:35 - 2012-06-07 17:35 - 00000901 ____A C:\Users\Public\Desktop\Super Tank.lnk
2012-06-05 22:06 - 2012-07-10 23:29 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 23:29 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 23:24 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 23:29 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 23:29 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 23:24 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-03 23:59 - 2012-07-13 19:08 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-06-03 23:59 - 2012-07-13 19:08 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-06-03 09:54 - 2012-05-28 07:05 - 00010164 ____A C:\Users\Bob\Documents\DataShareInfo.xlsx
2012-06-02 16:19 - 2012-06-02 16:19 - 00002254 ____A C:\Users\Public\Desktop\Public (MyBookLive).lnk
2012-06-02 14:19 - 2012-06-21 17:39 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 17:39 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 17:39 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 17:39 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 17:39 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 17:39 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 17:39 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-21 17:38 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-21 17:38 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 11%
Total physical RAM: 6074.82 MB
Available physical RAM: 5365.69 MB
Total Pagefile: 6072.96 MB
Available Pagefile: 5374.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: (New Volume) (Fixed) (Total:55.9 GB) (Free:5.7 GB) NTFS
2 Drive e: (RECOVERY) (Fixed) (Total:10.2 GB) (Free:3.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: () (Removable) (Total:57.58 GB) (Free:57.58 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: () (Fixed) (Total:455.56 GB) (Free:3.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status     	Size 	Free 	Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B     	
  Disk 1    Online          465 GB  1024 KB     	
  Disk 2    Online       	55 GB      0 B     	
  Disk 3    Online       	57 GB      0 B     	
  Disk 4    No Media       	0 B      0 B     	
  Disk 5    No Media       	0 B      0 B     	
  Disk 6    No Media       	0 B      0 B     	
  Disk 7    No Media       	0 B      0 B     	
  Disk 8    Online         	0 B      0 B     	

Partitions of Disk 0:
===============

  Partition ###  Type              Size 	Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            101 MB    31 KB
  Partition 2    Primary            200 GB   101 MB
  Partition 3    Primary            101 MB   200 GB
  Partition 0    Extended       	264 GB   200 GB
  Partition 4    Logical            264 GB   200 GB

==================================================================================

Disk: 0
Partition 1
Type  : 83
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type  : 8E
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 3
Type  : 83
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 4
Type  : 8E
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

  Partition ###  Type              Size 	Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary         	10 GB    31 KB
  Partition 2    Primary            455 GB    10 GB

==================================================================================

Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs 	Type        Size 	Status 	Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 0 	E   RECOVERY 	NTFS   Partition 	10 GB  Healthy            

==================================================================================

Disk: 1
Partition 2
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs 	Type        Size 	Status 	Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1 	Y                NTFS   Partition    455 GB  Healthy            

==================================================================================

Partitions of Disk 2:
===============

  Partition ###  Type              Size 	Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary         	55 GB  1024 KB

==================================================================================

Disk: 2
Partition 1
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs 	Type        Size 	Status 	Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2 	C   New Volume   NTFS   Partition 	55 GB  Healthy            

==================================================================================

Partitions of Disk 3:
===============

  Partition ###  Type              Size 	Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary         	57 GB  4032 KB

==================================================================================

Disk: 3
Partition 1
Type  : 0C
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs 	Type        Size 	Status 	Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3 	F                FAT32  Removable 	57 GB  Healthy            

==================================================================================

Partitions of Disk 8:
===============

There are no partitions on this disk to show.

==================================================================================

Last Boot: 2012-08-16 22:43

==================== End Of Log =============================

Thanks again,
-bob

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:12 PM

Posted 30 August 2012 - 08:51 PM

nothing is jumping out at the moment,

please run the following:

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 -bob

-bob
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 01 September 2012 - 11:25 AM

Thanks again CatByte. ComboFix.txt is at the end. Notes:
  • I did get that "Illegal operation attempted on registry key marked for deletion" thingy but rebooting took care of it.
  • Recently getting the original problem on "dxtrans.dll" mostly.
  • Help windows still blank.
  • Western Digital "SmartWare" still give D3D10Warp.dll is either not designed to run on Windows or it contains an error..." message. This is the only consistent method I have found the reproduce this error. However, I was seeing the D3D10Warp.dll message even before installing the SmartWare stuff.
  • Machine crashed/rebooted overnight with the following, not sure if that is related. It happens once or twice a month maybe.
Problem signature:
  Problem Event Name:	BlueScreen
  OS Version:	6.1.7601.2.1.0.256.48
  Locale ID:	1033

Additional information about the problem:
  BCCode:	7f
  BCP1:	0000000000000008
  BCP2:	0000000080050033
  BCP3:	00000000000006F8
  BCP4:	FFFFF80002CDA144
  OS Version:	6_1_7601
  Service Pack:	1_0
  Product:	256_1

Files that help describe the problem:
  C:\Windows\Minidump\090112-61667-01.dmp
  C:\Users\Bob\AppData\Local\temp\WER-22897499-0.sysdata.xml

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt
Combofix.txt:
ComboFix 12-08-31.08 - Bob 09/01/2012   9:39.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6075.3787 [GMT -5:00]
Running from: c:\users\Bob\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\a
c:\a\22070801.QqM
c:\a\22070801.QSM
c:\a\22070801.QTC
c:\a\22070801.QTM
c:\a\22070801.QXC
c:\a\22070801.QXM
c:\a\22070801.QZC
c:\a\22070801.QZM
c:\a\22070802.QqM
c:\a\22070802.QSM
c:\a\22070802.QTC
c:\a\22070802.QTM
c:\a\22070802.QXC
c:\a\22070802.QXM
c:\a\22070802.QZC
c:\a\22070802.QZM
c:\a\22070803.QqM
c:\a\22070803.QSM
c:\a\22070803.QTC
c:\a\22070803.QTM
c:\a\22070803.QXC
c:\a\22070803.QXM
c:\a\22070803.QZC
c:\a\22070803.QZM
c:\a\H1700ASS.DAT
c:\a\H1800ASS.DAT
c:\a\L1700ASS.DAT
c:\a\L1800ASS.DAT
c:\a\N1700ASS.DAT
c:\a\N1800ASS.DAT
c:\users\Bob\AppData\Local\Temp\_MEI27682\_ctypes.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\_elementtree.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\_hashlib.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\_socket.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\_ssl.pyd
c:\users\Bob\AppData\Local\temp\_MEI27682\pyexpat.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\pysqlite2._sqlite.pyd
c:\users\Bob\AppData\Local\temp\_MEI27682\python26.dll
c:\users\Bob\AppData\Local\temp\_MEI27682\pythoncom26.dll
c:\users\Bob\AppData\Local\temp\_MEI27682\PyWinTypes26.dll
c:\users\Bob\AppData\Local\temp\_MEI27682\select.pyd
c:\users\Bob\AppData\Local\temp\_MEI27682\unicodedata.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\win32api.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\win32com.shell.shell.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\win32crypt.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\win32event.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\win32file.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\win32inet.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\win32pdh.pyd
c:\users\Bob\AppData\Local\temp\_MEI27682\win32process.pyd
c:\users\Bob\AppData\Local\temp\_MEI27682\windows._cacheinvalidation.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\wx._controls_.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\wx._core_.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\wx._gdi_.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\wx._html2.pyd
c:\users\Bob\AppData\Local\temp\_MEI27682\wx._misc_.pyd
c:\users\Bob\AppData\Local\temp\_MEI27682\wx._windows_.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\wx._wizard.pyd
c:\users\Bob\AppData\Local\Temp\_MEI27682\wxbase293u_net_vc.dll
c:\users\Bob\AppData\Local\Temp\_MEI27682\wxbase293u_vc.dll
c:\users\Bob\AppData\Local\temp\_MEI27682\wxmsw293u_adv_vc.dll
c:\users\Bob\AppData\Local\Temp\_MEI27682\wxmsw293u_core_vc.dll
c:\users\Bob\AppData\Local\Temp\_MEI27682\wxmsw293u_html_vc.dll
c:\users\Bob\AppData\Local\Temp\_MEI27682\wxmsw293u_webview_vc.dll
c:\users\Bob\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\users\Bob\AppData\Roaming\0ad
c:\users\Bob\AppData\Roaming\0ad\config\user.cfg
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-08-01 to 2012-09-01  )))))))))))))))))))))))))))))))
.
.
2012-09-01 15:39 . 2012-08-23 08:26	9310152	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F6733AD-6CAF-4AC8-9997-099B3F5B880F}\mpengine.dll
2012-09-01 15:23 . 2012-09-01 15:23	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-09-01 15:23 . 2012-09-01 15:23	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-09-01 15:23 . 2012-09-01 15:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-01 15:23 . 2012-09-01 15:23	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2012-08-31 07:50 . 2012-08-23 08:26	9310152	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-30 09:51 . 2012-08-30 09:52	--------	d-----w-	C:\FRST
2012-08-23 05:52 . 2012-08-31 09:23	--------	d-----w-	c:\program files (x86)\Mozilla Firefox 4.0 Beta 8
2012-08-23 05:12 . 2012-08-20 22:23	224088	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2012-08-23 05:12 . 2012-08-20 22:23	130904	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2012-08-20 22:23 . 2012-08-20 22:23	166232	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys
2012-08-20 22:23 . 2012-08-20 22:23	147288	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2012-08-20 22:23 . 2012-08-20 22:23	320856	----a-w-	c:\windows\system32\VBoxNetFltNobj.dll
2012-08-15 15:27 . 2012-08-15 15:27	--------	d-----w-	C:\junk
2012-08-15 09:55 . 2012-05-05 08:36	503808	----a-w-	c:\windows\system32\srcore.dll
2012-08-15 09:55 . 2012-05-05 07:46	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2012-08-15 09:55 . 2012-02-11 06:43	751104	----a-w-	c:\windows\system32\win32spl.dll
2012-08-15 09:55 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2012-08-15 09:55 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2012-08-15 09:55 . 2012-02-11 05:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2012-08-15 09:54 . 2012-07-04 22:13	136704	----a-w-	c:\windows\system32\browser.dll
2012-08-15 09:54 . 2012-07-04 22:16	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-08-15 09:54 . 2012-07-04 22:13	59392	----a-w-	c:\windows\system32\browcli.dll
2012-08-15 09:54 . 2012-07-04 21:14	41984	----a-w-	c:\windows\SysWow64\browcli.dll
2012-08-15 09:54 . 2012-07-18 18:15	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-08-15 09:54 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
2012-08-12 21:56 . 2012-08-12 21:56	--------	d-----w-	c:\program files (x86)\Western Digital
2012-08-12 21:56 . 2012-08-12 21:56	--------	d-----w-	c:\program files\Western Digital
2012-08-06 02:52 . 2012-08-06 07:21	--------	d-----w-	c:\users\Bob\.explorer.cache
2012-08-06 02:52 . 2012-08-06 02:53	--------	d-----w-	c:\users\Bob\.explorer.local
2012-08-04 17:55 . 2012-08-04 17:55	12	----a-w-	c:\users\Bob\tmpifo.bat
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Bob\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"0EF39F5CD2F93E2D49A90D9D56ACFA1B90BF26B7._service_run"="c:\users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-08-29 1238040]
"chromium"="c:\users\Bob\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-08-29 1238040]
"Ubuntu One"="c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe" [2012-04-13 48808]
"Ubuntu One Icon"="c:\program files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe" [2012-04-13 41632]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-02 975288]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-02 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Intel AppUp(SM) center"="d:\progfiles\Intel\IntelAppStore\bin\ismagent.lnk" [2012-02-25 1107]
"Intel AppUp(SM) center_Nagware"="d:\progfiles\Intel\IntelAppStore\bin\AppUp.lnk" [2012-02-25 1196]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-02 3524536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-06-14 5235128]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10 136176]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-23 114144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-05-22 117080]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-02 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-08-20 224088]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-08-20 130904]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-04-11 171176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-06-14 1151424]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-06-14 248248]
S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-06-14 1177536]
S2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-05-11 177056]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-08-20 147288]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-08-20 166232]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10 00:36]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10 00:36]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915202464-1380726330-1800604502-1000Core.job
- c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-12 02:41]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915202464-1380726330-1800604502-1000UA.job
- c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-12 02:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 20:17	755544	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 20:17	755544	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 20:17	755544	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 20:17	755544	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"PocketCloud Location"="c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2012-05-11 883104]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\sfb1xgzh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKCU-Run-BTLive - c:\users\Bob\AppData\Roaming\BTLive\BTLive.exe
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-01  10:53:50 - machine was rebooted
ComboFix-quarantined-files.txt  2012-09-01 15:53
.
Pre-Run: 5,600,219,136 bytes free
Post-Run: 970,104,832 bytes free
.
- - End Of File - - 172BF04C925A2A47BCDB69D8F66A45B6
-bob

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:12 PM

Posted 01 September 2012 - 01:12 PM

Please do the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 -bob

-bob
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 02 September 2012 - 04:31 PM

OK. Looks like nothing from Malwarebytes and 5 things from ESET. ESET took like 20 hours. Let me know what's next.

Thanks! -bob

Malwarebytes:
Malwarebytes Anti-Malware 1.62.0.1300
[url="http://www.malwarebytes.org"]www.malwarebytes.org[/url]

Database version: v2012.09.01.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bob :: BOB-PC [administrator]

9/1/2012 4:30:13 PM
mbam-log-2012-09-01 (16-30-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239518
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
ESETSCAN.txt:
D:\downloads\CrystalDiskInfo4_0_2-en.exe Win32/OpenCandy application
D:\downloads\Nv GPU Pro.exe a variant of Win32/Packed.MoleboxSVS.A application
D:\downloads\alawaren_azgard_defence\AzgardDefence_13233.exe Win32/Toolbar.Zugo application
D:\Program Files\Cain\Abel.exe a variant of Win32/CainAbel.AA application
D:\Program Files\Cain\Cain.exe a variant of Win32/CainAbel application


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:12 PM

Posted 02 September 2012 - 05:22 PM

those detections aren't anything to be concerned about, it is just alerting to the type of programs they are

D:\downloads\alawaren_azgard_defence\AzgardDefence_13233.exe Win32/Toolbar.Zugo application

this program came with an unwanted toolbar, make sure you don't have the Zugo toolbar installed, check in programs and features for it, if it's there, remove it

Did you install the Cain and Abel password sniffer? if not, uninstall that too.


NEXT

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.



NEXT


Please advise if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 -bob

-bob
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 02 September 2012 - 07:32 PM

ok...

I do not see any zugo toolbar stuff installed.

I did install the cain and able stuff to recover a password a while back.

Still getting empty help windows and WDSmartWare still giving D3D10Warp.dll is either not designed to run on Windows or it contains an error.

Result.txt and FSS.txt are below.

Thanks again,
-bob

Result.txt:
MiniToolBox by Farbar  Version: 23-07-2012
Ran by Bob (administrator) on 02-09-2012 at 19:22:57
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ============================== 

========================= Hosts content: =================================

127.0.0.1       localhost


=========================== Installed Programs ============================

 Overlook Fing (Version: 1.4)
7-Zip 9.22 (x64 edition) (Version: 9.22.00.0)
Achilles (Version: 1)
Achilles (Version: v1)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.233)
Adobe Flash Player 11 Plugin (Version: 11.3.300.268)
Archimedes Geo3D 1.3.6
Ask Toolbar (Version: 1.12.2.0)
Backgammon Deluxe Free (Version: 1.0.0)
Bank2CSV Pro (Version: 2.0.0.6)
Bing Desktop (Version: 1.0.45.0)
Blender (Version: 2.63-release)
Celestia 1.6.1
Cisco WebEx Meetings
CrystalDiskInfo 4.0.2 (Version: 4.0.2)
Cygwin Bash Prompt Here
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DiskCheckup v3.1 (Version: 3.1.1001)
Empire XP 5 (Version: 5.7)
FileAlyzer 2 (Version: 2.0.5.57)
Flash Domination
Formula Buddy (Version: 1.0)
Foxit PDF Editor (Version: 2.2.0.0205)
Foxit Reader (Version: 5.3.1.606)
GeoGebra (Version: 4.0.38.0)
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 22.0.1229.26)
Google Drive (Version: 1.3.3209.2688)
Google Earth Plug-in (Version: 6.2.2.6613)
Google Talk (remove only)
Google Talk Plugin (Version: 3.5.1.8982)
Google Update Helper (Version: 1.3.21.115)
Inkscape 0.48.1  (Version: 0.48.1)
Intel AppUp(SM) center (Version: 35228)
Intel(R) Network Connections 16.3.48.0 (Version: 16.3.48.0)
Iozone
Java Auto Updater (Version: 2.1.6.0)
Java(TM) 7 Update 3 (64-bit) (Version: 7.0.30)
Java(TM) 7 Update 5 (Version: 7.0.50)
Java(TM) SE Development Kit 7 Update 1 (64-bit) (Version: 1.7.0.10)
JavaFX 2.1.1 (Version: 2.1.1)
LibreOffice 3.4 (Version: 3.4.502)
LibreOffice 3.4 Help Pack (English) (Version: 3.4.502)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 Refresh (Version: 4.0.30901.0)
Miniclip Canyon Defense (Version: 0.3)
Mozilla Firefox 15.0 (x86 en-US) (Version: 15.0)
Mozilla Maintenance Service (Version: 15.0)
Mozilla Thunderbird 15.0 (x86 en-US) (Version: 15.0)
MSVCRT (Version: 15.4.2862.0708)
MyFreeCodec
Nmap 5.61TEST2
NOOK for PC (Version: 2.5.5.9347)
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA 3D Vision Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
OpenOffice.org 3.3 (Version: 3.3.9567)
OpenProj (Version: 1.4.0)
Oracle VM VirtualBox 4.1.20 (Version: 4.1.20)
Pidgin (Version: 2.10.3)
PocketCloud Windows Companion (Version: 2.4.19)
Process Hacker 2.28 (r5073) (Version: 2.28.0.5073)
PuTTY development snapshot 2011-01-01:r9067 (Version: 2011-01-01:r9067)
PVSonyDll (Version: 1.00.0001)
Python 3.1.3 (Version: 3.1.3150)
RADAR_Free (Version: 1.0.0)
Risky Wars Lite (Version: 1.2.0)
Samsung Kies (Version: 2.3.2.12064_9)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0)
Sea Tiger FREE (Version: 1.0.0)
Star Monkey Demo (Version: 1.0.0)
Super Tank (Version: 1.0)
System Requirements Lab
System Requirements Lab for Intel (Version: 4.4.24.0)
Ubuntu One (Version: 3.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598289) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Viking Defense (Version: 1.0.1)
Vim 7.3 (self-installing)
VLC media player 2.0.2 (Version: 2.0.2)
WD SmartWare (Version: 1.6.2.6)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinSCP 5.0.7 beta (Version: 5.0.7 beta)
Wireshark 1.7.0 (Version: 1.7.0)
World of Tanks
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)

**** End of log ****
FSS.txt:
Farbar Service Scanner Version: 06-08-2012
Ran by Bob (administrator) on 02-09-2012 at 19:25:48
Running from "C:\Users\Bob\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:12 PM

Posted 02 September 2012 - 07:47 PM

check here for updates for that program

http://www.wdc.com/wdproducts/wdsmartwareupdate/

I would try uninstalling then reinstalling the program, it may have become corrupted along the way,


Please run the following:

Please download Windows Repair (all in one) from here

Install the program then run it

Go to step 2 and allow it to run Disk check

Posted Image

Once that is done then go to step 3 and allow it to run SFC

Posted Image

On the the Start Repairs tab => Click the Start

Posted Image

Click on the select all check box and then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.


Please let me know how the computer is running now

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 -bob

-bob
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 03 September 2012 - 01:12 PM

Thanks for the fast responses!

I ran the suggested items:
  • DiskCheck
  • SFC
  • Repairs
The WD SmartWare and the firmware are all up to date. I could try reinstalling but that's not the main problem right now.

Overall, nothing seems to have changed. Help windows are still empty. SmartWare still gives the dll error. I have not seen any other dll errors but the system has only been runing for a little while.

SFC said it found some things it could not repair. I don't know if the "Repair" step took care of those(?) I CBS.log is 4.3MB. There are a bunch of things like the following. Also, see message #3 above, I think the same set of "dll" issues still exists.

2012-09-03 08:35:53, Info                  CSI    0000025c [SR] Beginning Verify and Repair transaction
2012-09-03 08:35:54, Info                  CSI    0000025d Hashes for file member \SystemRoot\WinSxS\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_9.4.8112.16421_none_16b937a388a8970d\dxtrans.dll do not match actual file [l:22{11}]"dxtrans.dll" :
Found: {l:32 b:nxANsqo59ce0VpHL17mJ8fpvRZHXZmm+KY5LOJPmTaM=} Expected: {l:32 b:836KPEJKwVyFGYaSBG7ZhUDwHPXpbZGohwKOqq5bkqI=}
2012-09-03 08:35:54, Info                  CSI    0000025e [SR] Cannot repair member file [l:22{11}]"dxtrans.dll" of Microsoft-Windows-IE-DirectXTransforms, Version = 9.4.8112.16421, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-03 08:35:56, Info                  CSI    0000025f Hashes for file member \SystemRoot\WinSxS\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_9.4.8112.16421_none_16b937a388a8970d\dxtrans.dll do not match actual file [l:22{11}]"dxtrans.dll" :
Found: {l:32 b:nxANsqo59ce0VpHL17mJ8fpvRZHXZmm+KY5LOJPmTaM=} Expected: {l:32 b:836KPEJKwVyFGYaSBG7ZhUDwHPXpbZGohwKOqq5bkqI=}
2012-09-03 08:35:56, Info                  CSI    00000260 [SR] Cannot repair member file [l:22{11}]"dxtrans.dll" of Microsoft-Windows-IE-DirectXTransforms, Version = 9.4.8112.16421, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-03 08:35:56, Info                  CSI    00000261 [SR] This component was referenced by [l:228{114}]"Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~amd64~~9.4.8112.16421.Internet-Explorer-amd64"
2012-09-03 08:35:56, Info                  CSI    00000262 Hashes for file member \??\C:\Windows\SysWOW64\dxtrans.dll do not match actual file [l:22{11}]"dxtrans.dll" :
Found: {l:32 b:nxANsqo59ce0VpHL17mJ8fpvRZHXZmm+KY5LOJPmTaM=} Expected: {l:32 b:836KPEJKwVyFGYaSBG7ZhUDwHPXpbZGohwKOqq5bkqI=}
2012-09-03 08:35:56, Info                  CSI    00000263 Hashes for file member \SystemRoot\WinSxS\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_9.4.8112.16421_none_16b937a388a8970d\dxtrans.dll do not match actual file [l:22{11}]"dxtrans.dll" :
Found: {l:32 b:nxANsqo59ce0VpHL17mJ8fpvRZHXZmm+KY5LOJPmTaM=} Expected: {l:32 b:836KPEJKwVyFGYaSBG7ZhUDwHPXpbZGohwKOqq5bkqI=}
2012-09-03 08:35:56, Info                  CSI    00000264 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:22{11}]"dxtrans.dll"; source file in store is also corrupted
2012-09-03 08:35:57, Info                  CSI    00000265 Ignoring duplicate ownership for directory [l:46{23}]"\??\C:\Windows\SysWOW64" in component Microsoft-Windows-LSA, Version = 6.1.7601.17856, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
2012-09-03 08:35:58, Info                  CSI    00000266 Repair results created:
Any ideas on what is causing the above things? Maybe I should run SFC again and see if they are still there?

Thanks, again,

-bob

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:12 PM

Posted 03 September 2012 - 01:55 PM

do the .hlp files exist?

Try the repair feature of Win 7

http://www.sevenforums.com/tutorials/3413-repair-install.html

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:12 PM

Posted 10 September 2012 - 06:29 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users