Author Topic: Bad Image Errors - d2d1.dll (Read 17567 times)

Keith Harmsworth · « **on:** July 21, 2013, 08:31:32 AM »

Hello, and thanks in advance for your assistance.

My laptop is producing error messages when opening different parts of the Windows Live suite and Movie Maker.

C:\Windows\system32\d2d1.dll is either not designed to run on windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or software vendor for support.

From the little I have read whilst researching, this may be a possible infection.

As the laptop is relatively new, I am unaware that this issue has been caused by a Windows update, as it occurred the first time I tried to use the program. Could you please advise on a solution.

Once again, thanks in advance,

Keith.

ADW cleaner log:

# AdwCleaner v2.306 - Logfile created 07/21/2013 at 15:23:00
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Keith - ZOO
# Boot Mode : Normal
# Running from : C:\Users\Keith\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\kz22htmq.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [829 octets] - [21/07/2013 15:00:46]
AdwCleaner[S2].txt - [722 octets] - [21/07/2013 15:23:00]

########## EOF - C:\AdwCleaner[S2].txt - [781 octets] ##########

Keith Harmsworth · « **Reply #1 on:** July 21, 2013, 08:38:32 AM »

MBAM Log:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.21.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Keith :: ZOO [administrator]

Protection: Disabled

21/07/2013 15:33:37
mbam-log-2013-07-21 (15-33-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215638
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Keith Harmsworth · « **Reply #2 on:** July 21, 2013, 09:05:13 AM »

Security Check:

Results of screen317's Security Check version 0.99.70
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Reader 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (22.0)
Google Chrome 27.0.1453.116
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

Keith Harmsworth · « **Reply #3 on:** July 21, 2013, 10:34:39 AM »

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Keith at 17:30:55 on 2013-07-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8086.6595 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\ChiconyCam\CECAPLF.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\viakaraokesrv.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\AUDIODG.EXE
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://localoem.msn.com
uDefault_Page_URL = hxxp://localoem.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to Bluetooth Device - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie_ctx.htm
IE: Send page to Bluetooth Device - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{6CF02D32-DC3B-4976-AE9D-5E5A79AA7C14} : DHCPNameServer = 212.104.130.9 212.104.130.65
TCP: Interfaces\{97D29A31-8B1D-460D-8F42-7E6218BDE321} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{CAEA62B0-4460-49F5-8FD8-2999D2DDCFB7} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [CECAPLF] C:\Program Files (x86)\ChiconyCam\CECAPLF.exe
x64-Run: [BtServer] "C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\kz22htmq.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-11-14 19264]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2011-4-18 189440]
R2 BTDevManager;BTDevManager;C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe [2012-11-14 23552]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-14 13592]
R2 inpoutx64;inpoutx64;C:\windows\System32\drivers\inpoutx64.sys [2013-3-12 15008]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-7 629984]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-11-15 165144]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2013-7-2 233344]
R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2011-2-18 35328]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-11-15 363800]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\windows\System32\ViakaraokeSrv.exe [2012-11-14 27760]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-11-14 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-11-14 357184]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-11-14 789824]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\windows\System32\drivers\RtsBaStor.sys [2012-11-7 293992]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-11-7 685160]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtwlane.sys [2012-11-14 1077864]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\windows\System32\drivers\viahduaa.sys [2012-11-14 2196592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RtkBleServ;RtkBleServ;C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe [2012-11-14 33792]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-11-6 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 RtkAvrcp;Realtek Bluetooth AVRCP;C:\windows\System32\drivers\RtkAvrcp.sys [2012-11-14 60648]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\windows\System32\drivers\RtkBtfilter.sys [2012-11-14 621672]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-6-27 1255736]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2013-07-21 15:02:35   9460976   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{23257404-AABA-4521-B2B0-CC900B8B507D}\mpengine.dll
2013-07-21 14:32:40   25928   ----a-w-   C:\windows\System32\drivers\mbam.sys
2013-07-13 03:11:09   --------   d-----w-   C:\Program Files\CCleaner
2013-07-13 02:35:39   --------   d-----w-   C:\windows\SysWow64\C2MP
2013-07-13 00:34:31   936448   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-13 00:34:31   1732608   ----a-w-   C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-13 00:34:31   1402880   ----a-w-   C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-13 00:34:31   1393152   ----a-w-   C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-13 00:34:31   1367040   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 04:48:31   3153920   ----a-w-   C:\windows\System32\win32k.sys
2013-07-12 04:48:04   1643520   ----a-w-   C:\windows\System32\DWrite.dll
2013-07-12 04:48:04   1247744   ----a-w-   C:\windows\SysWow64\DWrite.dll
2013-07-12 03:44:24   --------   d-----w-   C:\Users\Keith\AppData\Roaming\Malwarebytes
2013-07-12 03:44:08   --------   d-----w-   C:\ProgramData\Malwarebytes
2013-07-12 03:44:06   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-12 03:43:41   --------   d-----w-   C:\Users\Keith\AppData\Local\Programs
2013-07-12 03:37:36   --------   d-----w-   C:\Users\Keith\AppData\Roaming\Windows Live Writer
2013-07-12 03:37:36   --------   d-----w-   C:\Users\Keith\AppData\Local\Windows Live Writer
2013-07-11 18:46:24   --------   d-----w-   C:\Users\Keith\AppData\Local\Adobe
2013-07-06 05:25:35   --------   d-----w-   C:\Program Files (x86)\Rockstar Games
2013-07-06 05:25:07   749568   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-07-06 05:25:07   69715   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-07-06 05:25:07   5632   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-07-06 05:25:07   32768   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-07-06 05:25:07   274432   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-07-06 05:25:07   180224   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-07-06 05:25:04   192644   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-07-06 05:25:03   323716   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-07-04 21:49:25   --------   d-----w-   C:\Users\Keith\AppData\Local\Opera Software
2013-07-04 21:49:24   --------   d-----w-   C:\Users\Keith\AppData\Roaming\Opera Software
2013-07-02 16:59:34   --------   d-----w-   C:\ProgramData\MobileBrServ
2013-07-02 15:29:30   1424384   ----a-w-   C:\windows\System32\WindowsCodecs.dll
2013-07-02 15:29:30   1230336   ----a-w-   C:\windows\SysWow64\WindowsCodecs.dll
2013-07-02 15:15:32   99840   ----a-w-   C:\windows\System32\Spool\prtprocs\x64\LXKPTPRC.DLL
2013-06-27 17:06:52   --------   d-----w-   C:\Users\Keith\AppData\Local\Microsoft Games
2013-06-27 13:47:41   --------   d-----w-   C:\windows\SysWow64\Wat
2013-06-27 13:47:41   --------   d-----w-   C:\windows\System32\Wat
2013-06-27 13:28:39   9728   ----a-w-   C:\windows\System32\Wdfres.dll
2013-06-27 13:28:39   785512   ----a-w-   C:\windows\System32\drivers\Wdf01000.sys
2013-06-27 13:28:39   54376   ----a-w-   C:\windows\System32\drivers\WdfLdr.sys
2013-06-27 13:28:39   2560   ----a-w-   C:\windows\System32\drivers\en-US\wdf01000.sys.mui
2013-06-27 13:25:49   294912   ----a-w-   C:\windows\System32\browserchoice.exe
2013-06-27 13:11:09   34304   ----a-w-   C:\windows\SysWow64\atmlib.dll
2013-06-27 13:11:08   46080   ----a-w-   C:\windows\System32\atmlib.dll
2013-06-27 13:11:08   367616   ----a-w-   C:\windows\System32\atmfd.dll
2013-06-27 13:11:08   295424   ----a-w-   C:\windows\SysWow64\atmfd.dll
2013-06-27 13:10:39   87040   ----a-w-   C:\windows\System32\drivers\WUDFPf.sys
2013-06-27 13:10:39   84992   ----a-w-   C:\windows\System32\WUDFSvc.dll
2013-06-27 13:10:39   198656   ----a-w-   C:\windows\System32\drivers\WUDFRd.sys
2013-06-27 13:10:38   45056   ----a-w-   C:\windows\System32\WUDFCoinstaller.dll
2013-06-27 13:10:38   194048   ----a-w-   C:\windows\System32\WUDFPlatform.dll
2013-06-27 13:10:37   744448   ----a-w-   C:\windows\System32\WUDFx.dll
2013-06-27 13:10:37   229888   ----a-w-   C:\windows\System32\WUDFHost.exe
2013-06-27 12:11:26   1887232   ----a-w-   C:\windows\System32\d3d11.dll
2013-06-27 12:10:53   2002432   ----a-w-   C:\windows\System32\msxml6.dll
2013-06-27 12:09:40   2048   ----a-w-   C:\windows\SysWow64\tzres.dll
2013-06-27 12:09:40   2048   ----a-w-   C:\windows\System32\tzres.dll
2013-06-27 12:09:04   245760   ----a-w-   C:\windows\System32\OxpsConverter.exe
2013-06-27 12:09:02   5550424   ----a-w-   C:\windows\System32\ntoskrnl.exe
2013-06-27 12:09:01   3968856   ----a-w-   C:\windows\SysWow64\ntkrnlpa.exe
2013-06-27 12:09:01   3913560   ----a-w-   C:\windows\SysWow64\ntoskrnl.exe
2013-06-27 12:09:00   6656   ----a-w-   C:\windows\SysWow64\apisetschema.dll
2013-06-27 12:09:00   43520   ----a-w-   C:\windows\System32\csrsrv.dll
2013-06-27 12:09:00   112640   ----a-w-   C:\windows\System32\smss.exe
2013-06-27 12:07:47   --------   d-----w-   C:\Users\Keith\AppData\Local\Google
2013-06-27 12:07:15   --------   d-----w-   C:\Users\Keith\AppData\Local\Apps
2013-06-27 12:07:14   --------   d-----w-   C:\Users\Keith\AppData\Local\Deployment
2013-06-27 11:45:18   300032   ----a-w-   C:\windows\System32\Spool\prtprocs\x64\hpcpp093.DLL
2013-06-27 11:44:23   --------   d-----w-   C:\ProgramData\Samsung
2013-06-27 11:44:18   37376   ----a-w-   C:\windows\System32\Spool\prtprocs\x64\ssa3mpc.dll
2013-06-27 11:43:45   101376   ----a-w-   C:\windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2013-06-27 11:43:21   --------   d-----w-   C:\ProgramData\Seagull
2013-06-27 11:41:39   2622464   ----a-w-   C:\windows\System32\wucltux.dll
2013-06-27 11:41:33   99840   ----a-w-   C:\windows\System32\wudriver.dll
2013-06-27 11:41:24   36864   ----a-w-   C:\windows\System32\wuapp.exe
2013-06-27 11:41:24   186752   ----a-w-   C:\windows\System32\wuwebv.dll
2013-06-27 11:37:46   9460976   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-27 11:37:35   972264   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{28F40C63-46D4-4F39-A6DA-BC095C101E22}\gapaengine.dll
2013-06-27 11:35:58   --------   d-----w-   C:\Program Files (x86)\Microsoft Visual Studio 8
2013-06-27 11:35:32   --------   d-----w-   C:\Users\Keith\AppData\Local\Microsoft Help
2013-06-26 17:02:28   --------   d-----w-   C:\Users\Keith\AppData\Local\Diagnostics
.
==================== Find3M ====================
.
2013-06-27 16:29:38   9728   ---ha-w-   C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-11 23:43:37   1767936   ----a-w-   C:\windows\SysWow64\wininet.dll
2013-06-11 23:43:00   2877440   ----a-w-   C:\windows\SysWow64\jscript9.dll
2013-06-11 23:42:58   61440   ----a-w-   C:\windows\SysWow64\iesetup.dll
2013-06-11 23:42:58   109056   ----a-w-   C:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20   2241024   ----a-w-   C:\windows\System32\wininet.dll
2013-06-11 23:25:16   3958784   ----a-w-   C:\windows\System32\jscript9.dll
2013-06-11 23:25:13   67072   ----a-w-   C:\windows\System32\iesetup.dll
2013-06-11 23:25:13   136704   ----a-w-   C:\windows\System32\iesysprep.dll
2013-06-11 22:51:45   71680   ----a-w-   C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58   89600   ----a-w-   C:\windows\System32\RegisterIEPKEYs.exe
2013-06-08 12:11:48   39896   ----a-w-   C:\windows\SysWow64\DiscHandler.exe
2013-06-08 11:57:54   4012544   ----a-w-   C:\windows\System32\ffmpeg.dll
2013-06-08 11:57:10   474624   ----a-w-   C:\windows\System32\ff_kernelDeint.dll
2013-06-08 11:56:58   127488   ----a-w-   C:\windows\System32\ff_vfw.dll
2013-06-08 11:56:54   4372992   ----a-w-   C:\windows\System32\ffdshow.ax
2013-06-08 11:56:50   156672   ----a-w-   C:\windows\System32\ff_libmad.dll
2013-06-08 11:56:18   631296   ----a-w-   C:\windows\System32\TomsMoComp_ff.dll
2013-06-08 11:55:52   114688   ----a-w-   C:\windows\System32\ff_wmv9.dll
2013-06-08 11:55:50   1532928   ----a-w-   C:\windows\System32\ff_samplerate.dll
2013-06-08 11:55:50   116224   ----a-w-   C:\windows\System32\ff_liba52.dll
2013-06-08 11:55:48   222720   ----a-w-   C:\windows\System32\ff_libdts.dll
2013-06-08 11:55:48   183296   ----a-w-   C:\windows\System32\ff_unrar.dll
2013-06-08 11:55:46   190464   ----a-w-   C:\windows\System32\libmpeg2_ff.dll
2013-06-08 11:54:10   3915776   ----a-w-   C:\windows\SysWow64\ffmpeg.dll
2013-06-08 11:53:06   112640   ----a-w-   C:\windows\SysWow64\ff_vfw.dll
2013-06-08 11:53:02   3501568   ----a-w-   C:\windows\SysWow64\ffdshow.ax
2013-06-08 11:52:30   271360   ----a-w-   C:\windows\SysWow64\TomsMoComp_ff.dll
2013-06-08 11:52:12   157184   ----a-w-   C:\windows\SysWow64\ff_unrar.dll
2013-06-08 11:52:10   99840   ----a-w-   C:\windows\SysWow64\ff_wmv9.dll
2013-06-08 11:52:10   147456   ----a-w-   C:\windows\SysWow64\ff_libmad.dll
2013-06-08 11:52:08   211968   ----a-w-   C:\windows\SysWow64\ff_libdts.dll
2013-06-08 11:52:08   1525760   ----a-w-   C:\windows\SysWow64\ff_samplerate.dll
2013-06-08 11:52:08   114688   ----a-w-   C:\windows\SysWow64\ff_liba52.dll
2013-06-08 11:52:06   136704   ----a-w-   C:\windows\SysWow64\libmpeg2_ff.dll
2013-06-07 03:22:18   2706432   ----a-w-   C:\windows\System32\mshtml.tlb
2013-06-07 02:37:52   2706432   ----a-w-   C:\windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01   184320   ----a-w-   C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00   1464320   ----a-w-   C:\windows\System32\crypt32.dll
2013-05-13 05:51:00   139776   ----a-w-   C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40   52224   ----a-w-   C:\windows\System32\certenc.dll
2013-05-13 04:45:55   140288   ----a-w-   C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55   1160192   ----a-w-   C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55   103936   ----a-w-   C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55   1192448   ----a-w-   C:\windows\System32\certutil.exe
2013-05-13 03:08:10   903168   ----a-w-   C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06   43008   ----a-w-   C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27   30720   ----a-w-   C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54   24576   ----a-w-   C:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01   1910632   ----a-w-   C:\windows\System32\drivers\tcpip.sys
2013-05-02 15:29:56   278800   ------w-   C:\windows\System32\MpSigStub.exe
2013-04-26 05:51:36   751104   ----a-w-   C:\windows\System32\win32spl.dll
2013-04-26 04:55:21   492544   ----a-w-   C:\windows\SysWow64\win32spl.dll
2013-04-25 23:30:32   1505280   ----a-w-   C:\windows\SysWow64\d3d11.dll
.
============= FINISH: 17:31:12.57 ===============

Keith Harmsworth · « **Reply #4 on:** July 21, 2013, 10:41:30 AM »

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 16:54:25, on 21/07/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)

Running processes:
C:\Program Files (x86)\ChiconyCam\CECAPLF.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Keith\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://localoem.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localoem.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: CodecPackUpdateChecker.lnk = C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to Bluetooth Device - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to Bluetooth Device - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\REALTEK\Realtek Bluetooth\LANG\BtServer_LANG.dll,-134 - {D870B030-8D66-423b-9B97-894D4A0DEC23} - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie.htm (HKCU)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\REALTEK\Realtek Bluetooth\LANG\BtServer_LANG.dll,-134 - {D870B030-8D66-423b-9B97-894D4A0DEC23} - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe" -service (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: RtkBleServ - Realtek Semiconductor Corporation - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

SuperDave · « **Reply #5 on:** July 21, 2013, 04:42:32 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please run this even if you don't have the disk and let me know if you receive any messages.

To Run the SFC /SCANNOW Command in Windows 7
1. Open an elevated command prompt.

2. To Scan and Repair System Files
NOTE: Scans the integrity of all protected system files and repairs the system files if needed.
A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take some time to finish.

B) Go to step 4.

3. To Only Verify if the System Files are Corrupted
NOTE: Scans and only verifies the integrity of all proteced system files only.
A) In the elevated command prompt, type sfc /verifyonly and press Enter.

4. When the scan is complete, hopefully you will see all is ok like the screenshot below.
NOTE: If not, then you can attempt to run a System Restore using a restore point dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work.

5. When done, close the elevated command prompt.

Keith Harmsworth · « **Reply #6 on:** July 21, 2013, 05:30:19 PM »

Hello Dave, thanks for taking the time to help me out.

sfc /scannow ran in command prompt.

'Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log....'

Pleas find the CBS.log linked (too big to copy and paste)

http://www.filedropper.com/cbspersist20130713024148

Keith

SuperDave · « **Reply #7 on:** July 21, 2013, 07:04:59 PM »

Did that fix your problems?

Keith Harmsworth · « **Reply #8 on:** July 21, 2013, 07:08:34 PM »

Unfortunately not.

SuperDave · « **Reply #9 on:** July 21, 2013, 07:50:13 PM »

Quote from: Keith Harmsworth on July 21, 2013, 07:08:34 PM

Unfortunately not.

This sounds like a software or hardware problem. I'm going to move this topic to another forum that deals with that sort of thing.

Computer Hope Forum

News:

Author Topic: Bad Image Errors - d2d1.dll (Read 17567 times)

Keith Harmsworth

Bad Image Errors - d2d1.dll

Keith Harmsworth

Re: Bad Image Errors - d2d1.dll

Keith Harmsworth

Re: Bad Image Errors - d2d1.dll

Keith Harmsworth

Re: Bad Image Errors - d2d1.dll

Keith Harmsworth

Re: Bad Image Errors - d2d1.dll

SuperDave

Re: Bad Image Errors - d2d1.dll

Keith Harmsworth

Re: Bad Image Errors - d2d1.dll

SuperDave

Re: Bad Image Errors - d2d1.dll

Keith Harmsworth

Re: Bad Image Errors - d2d1.dll

SuperDave

Re: Bad Image Errors - d2d1.dll