Jump to content

1rought

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks a million couldnt have done it without you.. problem fixed

  2. Pop ups have stopped. Good job . thank you very very much.. Malwarebytes is a great anti malware too. Uses minimal recourses and doesn’t take control over your system…love it .. thanks again..
  3. I got the windows copy retail but I installed a patch so I wouldn’t have to call India every time the clock changes for more than an hour,, to get a new serial number.. ridiculous.. That is not were I got the virus its been that way for ever. The pop ups just started. I got the windows copy retail but I installed a patch so I wouldn’t have to call India every time the clock changes for more than an hour,, to get a new serial number.. ridiculous.. That is not were I got the virus its been that way for ever. The pop ups just started. I get pop ups about 2 to 3 times a day. I will wait and see if I still get them.. thanks Adwcleaner log: # AdwCleaner v3.016 - Report created 04/01/2014 at 12:38:12 # Updated 23/12/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : -- - AMD # Running from : C:\Documents and Settings\--\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia Folder Deleted : C:\Program Files\driver-soft Folder Deleted : C:\Documents and Settings\--\Application Data\thinstall ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FDBBC21-E399-4542-B4CE-86326E1F0727} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B878FD4-8F19-46DB-94B1-4CABFF80679C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BA495EF-6CD5-413A-8AEF-483631B98C4F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C71E394-2E6F-452A-AB7D-C17E78307083} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BADB1512-759C-4792-A18A-DD6BDC4E1991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E54FBC83-9028-45AC-A5B9-D5DA828E59C2} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{633AA60B-C339-46C3-951F-047F9822C473} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9156C8F9-B397-4DEF-8AC5-5966221A134A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372} Key Deleted : HKLM\Software\Driver-Soft ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 ************************* AdwCleaner[R0].txt - [1917 octets] - [04/01/2014 12:34:47] AdwCleaner[s0].txt - [1878 octets] - [04/01/2014 12:38:12] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1938 octets] ########## Malwarebytes log: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.05.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 -- :: AMD [administrator] Protection: Enabled 1/4/2014 2:21:52 PM mbam-log-2014-01-04 (14-21-52).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 238547 Time elapsed: 5 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Thank you! Adwcleaner log: # AdwCleaner v3.016 - Report created 04/01/2014 at 12:38:12 # Updated 23/12/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : -- - AMD # Running from : C:\Documents and Settings\--\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia Folder Deleted : C:\Program Files\driver-soft Folder Deleted : C:\Documents and Settings\--\Application Data\thinstall ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FDBBC21-E399-4542-B4CE-86326E1F0727} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B878FD4-8F19-46DB-94B1-4CABFF80679C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BA495EF-6CD5-413A-8AEF-483631B98C4F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C71E394-2E6F-452A-AB7D-C17E78307083} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BADB1512-759C-4792-A18A-DD6BDC4E1991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E54FBC83-9028-45AC-A5B9-D5DA828E59C2} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{633AA60B-C339-46C3-951F-047F9822C473} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9156C8F9-B397-4DEF-8AC5-5966221A134A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372} Key Deleted : HKLM\Software\Driver-Soft ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 ************************* AdwCleaner[R0].txt - [1917 octets] - [04/01/2014 12:34:47] AdwCleaner[s0].txt - [1878 octets] - [04/01/2014 12:38:12] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1938 octets] ########## Malwarebytes log: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.05.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 -- :: AMD [administrator] Protection: Enabled 1/4/2014 2:21:52 PM mbam-log-2014-01-04 (14-21-52).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 238547 Time elapsed: 5 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Thank you!
  4. still getting the popup box. here is combo fix log.. thx ComboFix 14-01-04.03 - -- 01/04/2014 8:17.1.8 - x86 Running from: c:\documents and settings\--\Desktop\ComboFix.exe * Created a new restore point . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\--\Application Data\QUAD Backups c:\documents and settings\--\Application Data\QUAD Backups\10.11.2013,18-05-19\Automatic.reg c:\documents and settings\--\WINDOWS c:\windows\system\VB40032.DLL c:\windows\system32\ctfmon.exe.exe D:\install.exe . c:\windows\system32\drivers\i8042prt.sys . . . is missing!! . . ((((((((((((((((((((((((( Files Created from 2013-12-04 to 2014-01-04 ))))))))))))))))))))))))))))))) . . 2013-12-22 00:30 . 2014-01-04 05:14 -------- d-----r- C:\Program Files 2013-12-22 00:29 . 2013-10-11 09:54 -------- d-----w- C:\Documents and Settings . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-04 00:47 . 2014-01-03 16:38 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 82944 ----a-w- c:\windows\system32\drivers\WudfRd.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 81664 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 77568 ----a-w- c:\windows\system32\drivers\WudfPf.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 66048 ----a-w- c:\windows\system32\drivers\udfs.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 5376 ----a-w- c:\windows\system32\drivers\usbd.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 49408 ----a-w- c:\windows\system32\drivers\stream.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 4352 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 4352 ----a-w- c:\windows\system32\drivers\swenum.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 40840 ----a-w- c:\windows\system32\drivers\termdd.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 388000 ----a-w- c:\windows\system32\drivers\timntr.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 384768 ----a-w- c:\windows\system32\drivers\update.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 32288 ----a-w- c:\windows\system32\drivers\tifsfilt.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 31288 ----a-w- c:\windows\system32\drivers\usbfilter.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 30464 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 29184 ----a-w- c:\windows\system32\drivers\usbccid.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 26368 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak 2014-01-04 00:47 . 2014-01-03 16:38 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 22024 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 20992 ----a-w- c:\windows\system32\drivers\vga.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 19072 ----a-w- c:\windows\system32\drivers\tdi.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 14976 ----a-w- c:\windows\system32\drivers\tape.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 144128 ----a-w- c:\windows\system32\drivers\usbport.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 99776 ----a-w- c:\windows\system32\drivers\snapman.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 73472 ----a-w- c:\windows\system32\drivers\sr.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 6272 ----a-w- c:\windows\system32\drivers\splitter.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 357888 ----a-w- c:\windows\system32\drivers\srv.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 14592 ----a-w- c:\windows\system32\drivers\smclib.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 96384 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 80128 ----a-w- c:\windows\system32\drivers\parport.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 70272 ----a-w- c:\windows\system32\drivers\psched.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 68224 ----a-w- c:\windows\system32\drivers\pci.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 6784 ----a-w- c:\windows\system32\drivers\parvdm.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 64512 ----a-w- c:\windows\system32\drivers\serial.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 6345832 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 62848 ----a-w- c:\windows\system32\drivers\rspndr.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 61824 ----a-w- c:\windows\system32\drivers\ohci1394.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 5888 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 57600 ----a-w- c:\windows\system32\drivers\redbook.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 500096 ----a-w- c:\windows\system32\drivers\rt61.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 42752 ----a-w- c:\windows\system32\drivers\p3.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 35840 ----a-w- c:\windows\system32\drivers\processr.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 3456 ----a-w- c:\windows\system32\drivers\oprghdlr.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 34432 ----a-w- c:\windows\system32\drivers\rawwan.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 3328 ----a-w- c:\windows\system32\drivers\pciide.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 30592 ----a-w- c:\windows\system32\drivers\rndismp.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 203776 ----a-w- c:\windows\system32\drivers\RMCast.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 19712 ----a-w- c:\windows\system32\drivers\partmgr.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 195712 ----a-w- c:\windows\system32\drivers\rdpdr.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 17792 ----a-w- c:\windows\system32\drivers\ptilink.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 174848 ----a-w- c:\windows\system32\drivers\rdbss.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 16512 ----a-w- c:\windows\system32\drivers\raspti.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 15744 ----a-w- c:\windows\system32\drivers\serenum.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 146048 ----a-w- c:\windows\system32\drivers\portcls.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 120192 ----a-w- c:\windows\system32\drivers\pcmcia.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 11392 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 10240 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 88320 ----a-w- c:\windows\system32\drivers\nwlnkipx.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 63232 ----a-w- c:\windows\system32\drivers\nwlnknb.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 55936 ----a-w- c:\windows\system32\drivers\nwlnkspx.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 32512 ----a-w- c:\windows\system32\drivers\nwlnkfwd.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 163584 ----a-w- c:\windows\system32\drivers\nwrdr.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 128672 ----a-w- c:\windows\system32\drivers\nvhda32.sys.bak 2014-01-04 00:47 . 2014-01-03 16:38 12416 ----a-w- c:\windows\system32\drivers\nwlnkflt.sys.bak . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys . [-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys [-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys . [-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys [-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys . [-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys . [-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys [-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys . [-] 2008-11-18 . 4C51D5275AE8A16999EDFE7E647D00DE . 576384 . . [5.1.2600.5712] . . c:\windows\system32\dllcache\ntfs.sys [-] 2008-11-18 . 4C51D5275AE8A16999EDFE7E647D00DE . 576384 . . [5.1.2600.5712] . . c:\windows\system32\drivers\ntfs.sys . [-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys [-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys . [-] 2010-07-08 . 51E41F16ACD80B8B39C0AE703A213F09 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\dllcache\tcpip.sys [-] 2010-07-08 . 51E41F16ACD80B8B39C0AE703A213F09 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys . [-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll [-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll . [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe . [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll . [-] 2008-04-14 12:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll [-] 2008-04-14 12:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll . [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll . [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll . [-] 2009-12-23 . C519E15665CD89A91AD383FCE3CB556A . 110592 . . [5.1.2600.5922] . . c:\windows\system32\services.exe [-] 2009-12-23 . C519E15665CD89A91AD383FCE3CB556A . 110592 . . [5.1.2600.5922] . . c:\windows\system32\dllcache\services.exe . [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe . [-] 2009-04-02 . 53A8857723277B1D6D5EE60A9F85B117 . 509440 . . [5.1.2600.5788] . . c:\windows\system32\winlogon.exe [-] 2009-04-02 . 53A8857723277B1D6D5EE60A9F85B117 . 509440 . . [5.1.2600.5788] . . c:\windows\system32\dllcache\winlogon.exe . [-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys [-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys . [-] 2013-06-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\22376\comctl32.dll [-] 2013-06-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll . [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll . [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll . [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll . [-] 2012-10-03 . 6CBFEEB384F04681AF75F495AA48DD32 . 991744 . . [5.1.2600.6293] . . c:\windows\system32\kernel32.dll [-] 2012-10-03 . 6CBFEEB384F04681AF75F495AA48DD32 . 991744 . . [5.1.2600.6293] . . c:\windows\system32\dllcache\kernel32.dll . [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll . [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll . [-] 2013-10-29 . 680BD97BA5C817BCE79162496D51528D . 6020608 . . [8.00.6001.23543] . . c:\windows\SoftwareDistribution\Download\552be217d6abd48aa524ea7d9e7609e2\SP3QFE\mshtml.dll [-] 2013-10-29 . 680BD97BA5C817BCE79162496D51528D . 6020608 . . [8.00.6001.23543] . . c:\windows\system32\mshtml.dll [-] 2013-10-29 . 680BD97BA5C817BCE79162496D51528D . 6020608 . . [8.00.6001.23543] . . c:\windows\system32\dllcache\mshtml.dll [-] 2013-05-17 . 05CF1926E4E7B6D91D66BD5CD54FC1F0 . 6014976 . . [8.00.6001.23501] . . c:\windows\ie8updates\KB2898785-IE8\mshtml.dll . [-] 2013-06-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll [-] 2008-10-29 . 06B8485FB1DA9A552B10AB978CD1AC85 . 343040 . . [7.0.2600.5701] . . c:\windows\system32\msvcrt.dll [-] 2008-10-29 . 06B8485FB1DA9A552B10AB978CD1AC85 . 343040 . . [7.0.2600.5701] . . c:\windows\system32\dllcache\msvcrt.dll [-] 2008-10-29 . A4C4A54FD7E31179CB5BDF7896DF3DF7 . 343040 . . [7.0.2600.5701] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5701_x-ww_40d12c25\msvcrt.dll . [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll . [-] 2008-04-17 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\netlogon.dll [-] 2008-04-17 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\dllcache\netlogon.dll . [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll . [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll . [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll . [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe . [-] 2008-08-06 . E2B32B10ACC5D97623275AAFB67E5F03 . 249856 . . [5.1.2600.5654] . . c:\windows\system32\tapisrv.dll [-] 2008-08-06 . E2B32B10ACC5D97623275AAFB67E5F03 . 249856 . . [5.1.2600.5654] . . c:\windows\system32\dllcache\tapisrv.dll . [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll . [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe . [-] 2013-10-29 . FBF173582874C30EC5FAF8F8A67D873E . 920064 . . [8.00.6001.23543] . . c:\windows\SoftwareDistribution\Download\552be217d6abd48aa524ea7d9e7609e2\SP3QFE\wininet.dll [-] 2013-10-29 . FBF173582874C30EC5FAF8F8A67D873E . 920064 . . [8.00.6001.23543] . . c:\windows\system32\wininet.dll [-] 2013-10-29 . FBF173582874C30EC5FAF8F8A67D873E . 920064 . . [8.00.6001.23543] . . c:\windows\system32\dllcache\wininet.dll [-] 2013-05-07 . CE5BA470204A3176E60721C4B63B8DF3 . 920064 . . [8.00.6001.23499] . . c:\windows\ie8updates\KB2898785-IE8\wininet.dll . [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll . [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll . [-] 2008-07-03 . 2BB75B7F548D82A099125D0C5971DE7D . 1033728 . . [6.00.2900.5634] . . c:\windows\explorer.exe [-] 2008-07-03 . 2BB75B7F548D82A099125D0C5971DE7D . 1033728 . . [6.00.2900.5634] . . c:\windows\system32\dllcache\explorer.exe . [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe . [-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\SoftwareDistribution\Download\87a056c425c12d77e4b0efe9fe3acd91\SP3QFE\ole32.dll [-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\ole32.dll [-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\dllcache\ole32.dll . [-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\SoftwareDistribution\Download\efc6606d13b2657017eb0460e00e68ef\SP3QFE\usp10.dll [-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\usp10.dll [-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\dllcache\usp10.dll . [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\ksuser.dll [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\ksuser.dll [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\ksuser.dll [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\ksuser.dll [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\ksuser.dll . [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe . [-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll [-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll . [-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll [-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msimg32.dll . [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll . [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe . [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll . [-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll [-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll . [-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\MSCTFIME.IME [-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime . [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll . [-] 2013-06-14 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . [-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys [-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys . [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll . [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll . [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll . [-] 2009-05-18 . 5128852A18AE46C387F87BF27DA4C9DD . 296960 . . [5.1.2600.5815] . . c:\windows\system32\termsrv.dll [-] 2009-05-18 . 5128852A18AE46C387F87BF27DA4C9DD . 296960 . . [5.1.2600.5815] . . c:\windows\system32\dllcache\termsrv.dll . [-] 2008-04-28 . 0A878AA66E4DD3E2608192A1ECCD9F8F . 344064 . . [5.1.2600.5589] . . c:\windows\system32\hnetcfg.dll [-] 2008-04-28 . 0A878AA66E4DD3E2608192A1ECCD9F8F . 344064 . . [5.1.2600.5589] . . c:\windows\system32\dllcache\hnetcfg.dll . [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll . [-] 2008-04-14 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys . [-] 2008-04-14 06:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys . [-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys [-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys . [-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll [-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll . [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll . [-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll . [-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\SoftwareDistribution\Download\c08b665da8c22012f43cbfaa106605b3\SP3QFE\ntkrnlpa.exe [-] 2013-07-04 . 05F3DB567EAE368AE3BBD7E973490646 . 2028544 . . [5.1.2600.6419] . . c:\windows\system32\ntkrnlpa.exe [-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntkrnlpa.exe . [-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll [-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll . [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll . [-] 2008-05-13 . D2CF91B2C710E9F666E60AFBF87643EE . 1689088 . . [5.03.2600.5601] . . c:\windows\system32\d3d9.dll [-] 2008-05-13 . D2CF91B2C710E9F666E60AFBF87643EE . 1689088 . . [5.03.2600.5601] . . c:\windows\system32\dllcache\d3d9.dll . [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll . [-] 2008-04-14 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll [-] 2008-04-14 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll . [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll . [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll . [-] 2013-07-04 . AFEE19399CF992A098309F7FDF87880A . 2149888 . . [5.1.2600.6419] . . c:\windows\system32\ntoskrnl.exe [-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\SoftwareDistribution\Download\c08b665da8c22012f43cbfaa106605b3\SP3QFE\ntoskrnl.exe [-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntoskrnl.exe . [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll . [-] 2008-07-04 . 9F8A0D0CBB2FA265A754516128C00E22 . 175616 . . [5.1.2600.5635] . . c:\windows\system32\w32time.dll [-] 2008-07-04 . 9F8A0D0CBB2FA265A754516128C00E22 . 175616 . . [5.1.2600.5635] . . c:\windows\system32\dllcache\w32time.dll . [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll . [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll . [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll . [-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll [-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wshtcpip.dll . c:\windows\System32\ctfmon.exe ... is missing !! c:\windows\System32\regsvc.dll ... is missing !! c:\windows\System32\schedsvc.dll ... is missing !! c:\windows\System32\ssdpsrv.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Core Temp"="c:\documents and settings\--\My Documents\Core Temp\x86\Core Temp.exe" [2009-08-05 378384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-20 1202560] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-11-23 15711008] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2013-11-23 17:49 15711008 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2013-11-23 17:49 209184 ----a-w- c:\windows\system32\nvmctray.dll . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\tlntsvr.exe"= . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-17 1691480] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-01-02 51416] R3 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S3 ALSysIO;ALSysIO;c:\docume~1\--\LOCALS~1\Temp\ALSysIO.sys [x] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 32384] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-09-11 71552] S3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\DRIVERS\k57xp32.sys [2011-01-18 229928] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 31288] . . . ------- Supplementary Scan ------- . mStart Page = about:blank TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-ASRockXTU - (no file) HKLM-Run-Driver Genius - (no file) MSConfigStartUp-ctfmon - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-01-04 08:19 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr] "ImagePath"="" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight] "ImagePath"="\??\" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2014-01-04 08:19:45 ComboFix-quarantined-files.txt 2014-01-04 16:19 . Pre-Run: 90,244,235,264 bytes free Post-Run: 90,313,961,472 bytes free . - - End Of File - - DABAA76D332D34800B85FCBE9F3DDBC5 8F558EB6672622401DA993E1E865C861
  5. this one is not so long... Rkill 2.6.4 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 01/03/2014 07:23:35 PM in x86 mode. Windows Version: Microsoft Windows XP Service Pack 3 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Documents and Settings\--\My Documents\Core Temp\x86\Core Temp.exe (PID: 1528) [uP-HEUR] 1 proccess terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * System Restore Disabled [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = dword:00000001 * Reparse Point/Junctions Found (Most likely legitimate)! * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir] * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir] Checking Windows Service Integrity: * DNS Client (Dnscache) is not Running. Startup Type set to: Disabled * COM+ Event System (EventSystem) is not Running. Startup Type set to: Disabled * System Restore Service (srservice) is not Running. Startup Type set to: Disabled * Automatic Updates (wuauserv) is not Running. Startup Type set to: Disabled * System Restore Filter Driver (sr) is not Running. Startup Type set to: Disabled * helpsvc [Missing Service] * ImapiService [Missing Service] * LanmanServer [Missing Service] * mnmsrvc [Missing Service] * SCardSvr [Missing Service] * Schedule [Missing Service] * SSDPSRV [Missing Service] * upnphost [Missing Service] * UPS [Missing Service] * wscsvc [Missing Service] * Srv [Missing Service] * HidServ [Missing ServiceDLL Value] Searching for Missing Digital Signatures: * C:\WINDOWS\System32\sfcfiles.dll : 1,614,848 : 06/14/2013 03:51 AM : 362bc5af8eaf712832c58cc13ae05750 [NoSig] Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 01/03/2014 07:23:47 PM Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)
  6. Thanks again, Sorry I was late for work this morning and didnt have a chance to read the instructions completely. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2 Run by -- at 16:53:18 on 2014-01-03 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3299.2880 [GMT -8:00] . . ============== Running Processes ================ . C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe C:\Documents and Settings\--\My Documents\Core Temp\x86\Core Temp.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\dmadmin.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\--\Local Settings\Temporary Internet Files\Content.IE5\WN3WXY7M\dds[1].com C:\DOCUME~1\--\LOCALS~1\Temp\nsb9.tmp\nsA.tmp C:\WINDOWS\system32\wbem\wmiprvse.exe C:\DOCUME~1\--\LOCALS~1\Temp\nsb9.tmp\PEV.DAT C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . mStart Page = about:blank uRun: [Core Temp] "c:\documents and settings\--\my documents\core temp\x86\Core Temp.exe" uRun: [ASRockXTU] <no file> mRun: [XFast LAN] c:\program files\asrock\xfast lan\cFosSpeed.exe mRun: [Driver Genius] <no file> uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoComputersNearMe = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 TCP: NameServer = 192.168.1.1 TCP: Interfaces\{CCF24DEF-6650-4EE8-8452-1586100DC424} : DHCPNameServer = 192.168.1.1 SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-12-22 418376] R3 ALSysIO;ALSysIO;\??\c:\docume~1\--\locals~1\temp\alsysio.sys --> c:\docume~1\--\locals~1\temp\ALSysIO.sys [?] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [2011-2-7 32384] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [2011-2-7 71552] R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2013-12-22 229928] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-12-22 22856] R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2013-12-22 31288] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-12-22 701512] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-12-22 1691480] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-1-1 51416] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856] . =============== File Associations =============== . ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1" . =============== Created Last 30 ================ . 2014-01-03 06:03:07 -------- d-----w- c:\program files\Enigma Software Group 2014-01-03 06:03:00 -------- d-----w- c:\windows\220FB0354744483A9A0B41DF77061583.TMP 2014-01-03 06:02:59 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2014-01-02 14:27:17 -------- d--h--w- c:\windows\PIF 2014-01-02 11:49:17 -------- d-----w- c:\program files\Paragon Software 2014-01-02 07:19:23 -------- d-----w- c:\documents and settings\all users\application data\Innovative Solutions 2014-01-02 07:19:22 -------- d-----w- c:\program files\common files\Innovative Solutions 2014-01-02 04:00:40 467984 ----a-w- c:\windows\system32\d3dx10_39.dll 2014-01-02 04:00:40 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2014-01-02 04:00:40 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2014-01-02 04:00:39 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2014-01-02 03:27:48 -------- d-----w- c:\documents and settings\--\local settings\application data\PassMark 2014-01-02 03:26:19 -------- d-----w- c:\documents and settings\all users\application data\PassMark 2014-01-02 03:26:18 -------- d-----w- c:\program files\PerformanceTest 2014-01-02 02:58:52 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable) 2014-01-02 02:58:41 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-01-01 20:23:43 5632 ----a-w- c:\windows\system32\ptpusb.dll 2014-01-01 20:23:43 159232 ----a-w- c:\windows\system32\ptpusd.dll 2014-01-01 02:10:25 500096 ----a-w- c:\windows\system32\drivers\rt61.sys 2014-01-01 02:10:25 -------- d-----w- c:\documents and settings\all users\application data\Ralink Driver 2013-12-30 11:35:27 -------- d-----w- c:\documents and settings\all users\application data\DriverGenius 2013-12-30 11:35:12 -------- d-----w- c:\program files\Driver-Soft 2013-12-30 05:34:25 -------- d-----w- c:\documents and settings\--\application data\NVIDIA 2013-12-30 05:34:23 -------- d-----w- c:\program files\GPU-Z 2013-12-30 03:31:57 172 ----a-w- c:\windows\uninstall.bat 2013-12-30 03:22:37 -------- d-----w- c:\documents and settings\--\local settings\application data\NVIDIA 2013-12-30 03:21:13 892704 ----a-w- c:\windows\system32\nvhdagenco32.dll 2013-12-30 03:21:12 9605120 ----a-w- c:\windows\system32\nvopencl.dll 2013-12-30 03:21:12 893728 ----a-w- c:\windows\system32\nvdispgenco3233193.dll 2013-12-30 03:21:12 1049888 ----a-w- c:\windows\system32\nvdispco3233193.dll 2013-12-30 02:56:10 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation 2013-12-30 02:56:09 -------- d-----w- c:\windows\6EB751B745F24DCF9C91DB996A05A626.TMP 2013-12-30 02:55:57 1127972 ----a-w- c:\windows\system32\nvdrsdb1.bin 2013-12-30 02:55:57 1127972 ----a-w- c:\windows\system32\nvdrsdb0.bin 2013-12-30 02:55:57 1 ----a-w- c:\windows\system32\nvdrssel.bin 2013-12-30 02:51:53 9646080 ----a-w- c:\windows\system32\nvcuda.dll 2013-12-30 02:51:53 881984 ----a-w- c:\windows\system32\nvgenco32.dll 2013-12-30 02:51:53 65536 ----a-w- c:\windows\system32\OpenCL.dll 2013-12-30 02:51:53 2952992 ----a-w- c:\windows\system32\nvcuvid.dll 2013-12-30 02:51:53 2747680 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-12-30 02:51:53 22183936 ----a-w- c:\windows\system32\nvoglnt.dll 2013-12-30 02:51:53 1000256 ----a-w- c:\windows\system32\nvdispco32.dll 2013-12-30 02:51:52 2633728 ----a-w- c:\windows\system32\nvapi.dll 2013-12-30 02:51:52 17551360 ----a-w- c:\windows\system32\nvcompiler.dll 2013-12-30 02:51:52 12684992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2013-12-29 08:21:37 -------- d-----w- c:\program files\Cisco Systems 2013-12-29 08:21:14 327168 ----a-w- c:\windows\IsUninst.exe 2013-12-27 20:38:25 10240 ------w- c:\windows\system32\imdsksvc.exe 2013-12-27 20:26:36 331776 ----a-r- c:\windows\system32\ctfmon.exe.exe 2013-12-27 15:01:33 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2013-12-27 15:01:30 111928 ----a-w- c:\windows\system32\PnkBstrB.exe 2013-12-27 15:01:15 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2013-12-27 14:48:17 -------- d-----w- c:\windows\pss 2013-12-27 12:11:16 -------- d-----w- c:\documents and settings\--\local settings\application data\Opera Software 2013-12-27 12:11:15 -------- d-----w- c:\documents and settings\--\application data\Opera Software 2013-12-24 05:41:31 -------- d-sh--w- C:\$RECYCLE.BIN 2013-12-23 02:32:34 -------- d-----w- c:\documents and settings\--\application data\Thinstall 2013-12-23 02:27:02 -------- d-----w- c:\windows\system32\oobe 2013-12-22 16:30:04 -------- d-----w- c:\windows\system32\appmgmt 2013-12-22 16:25:56 -------- d-----w- c:\windows\system32\Lang 2013-12-22 15:41:57 -------- d-----w- c:\documents and settings\all users\application data\Paragon 2013-12-22 15:41:20 -------- d-----w- c:\documents and settings\all users\application data\pat 2013-12-22 15:28:26 -------- d-----w- c:\program files\Microsoft ActiveSync 2013-12-22 15:28:25 -------- d-----w- c:\windows\SHELLNEW 2013-12-22 15:25:47 221184 ----a-w- c:\windows\system32\wmpns.dll 2013-12-22 15:25:45 -------- d-----w- c:\program files\Windows Media Connect 2 2013-12-22 15:25:23 -------- d-----w- c:\windows\system32\LogFiles 2013-12-22 15:13:33 -------- d-----w- c:\documents and settings\all users\application data\Trymedia 2013-12-22 15:06:07 -------- d-----w- c:\documents and settings\--\application data\uTorrent 2013-12-22 15:04:01 -------- d-----w- c:\windows\system32\XPSViewer 2013-12-22 15:03:54 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll 2013-12-22 15:03:52 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2013-12-22 15:03:50 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2013-12-22 15:03:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2013-12-22 15:03:50 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2013-12-22 15:03:50 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2013-12-22 15:03:50 575488 ------w- c:\windows\system32\xpsshhdr.dll 2013-12-22 15:03:50 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2013-12-22 15:03:50 1676288 ------w- c:\windows\system32\xpssvcs.dll 2013-12-22 15:03:50 117760 ------w- c:\windows\system32\prntvpt.dll 2013-12-22 14:46:58 -------- d-----w- c:\documents and settings\--\local settings\application data\Identities 2013-12-22 11:45:06 -------- d-----w- c:\windows\ie8updates 2013-12-22 11:43:56 -------- d-----w- c:\windows\system32\MRT 2013-12-22 11:24:56 5376 -c----w- c:\windows\system32\dllcache\usbd.sys 2013-12-22 11:24:56 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys 2013-12-22 11:24:56 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys 2013-12-22 11:24:56 144128 -c----w- c:\windows\system32\dllcache\usbport.sys 2013-12-22 09:59:24 -------- d-----w- c:\windows\system32\CatRoot2 2013-12-22 09:52:47 -------- d---a-w- c:\program files\uTorrent 2013-12-22 09:52:46 -------- d---a-w- c:\program files\Ultra Video Splitter 2013-12-22 09:52:46 -------- d---a-w- c:\program files\Total Video Converter 2013-12-22 09:52:45 -------- d---a-w- c:\program files\SourceTec 2013-12-22 09:52:45 -------- d---a-w- c:\program files\Replay Video Capture 6 2013-12-22 09:52:45 -------- d---a-w- c:\program files\Renesas Electronics 2013-12-22 09:52:45 -------- d---a-w- c:\program files\Playback 2013-12-22 09:52:13 -------- d---a-w- c:\program files\LG Electronics 2013-12-22 09:52:13 -------- d---a-w- c:\program files\Handset WinDriver 2013-12-22 09:52:13 -------- d---a-w- c:\program files\Garmin GPS Plugin 2013-12-22 09:52:13 -------- d---a-w- c:\program files\Garmin 2013-12-22 09:51:54 -------- d---a-w- c:\program files\DAEMON Tools Lite 2013-12-22 09:51:53 -------- d---a-w- c:\program files\Creative Zone 2013-12-22 09:51:53 -------- d---a-w- c:\program files\CPUID 2013-12-22 09:51:52 -------- d---a-w- c:\program files\DVR Soft 2013-12-22 09:51:52 -------- d---a-w- c:\program files\DVD X Studios 2013-12-22 09:51:52 -------- d---a-w- c:\program files\DVD Shrink 2013-12-22 09:51:51 -------- d---a-w- c:\program files\Dream Aquarium 2013-12-22 09:50:50 -------- d---a-w- c:\program files\EA GAMES 2013-12-22 09:50:41 -------- d---a-w- c:\program files\Bejeweled 3 2013-12-22 09:37:43 -------- d-----w- c:\documents and settings\--\application data\Google 2013-12-22 09:37:31 -------- d-----w- c:\documents and settings\--\local settings\application data\Temp 2013-12-22 09:37:28 -------- d-----w- c:\documents and settings\--\local settings\application data\Google 2013-12-22 09:36:39 -------- d-----w- c:\documents and settings\--\local settings\application data\Adobe 2013-12-22 09:33:15 -------- d-----w- c:\documents and settings\--\application data\Malwarebytes 2013-12-22 09:33:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2013-12-22 09:33:06 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-12-22 09:33:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-12-22 09:29:18 528744 ----a-w- c:\windows\system32\OGAVerify.exe 2013-12-22 09:29:18 502120 ----a-w- c:\windows\system32\OGAAddin.dll 2013-12-22 09:27:45 -------- d-----w- c:\documents and settings\--\local settings\application data\Innovative Solutions 2013-12-22 09:26:03 -------- d-----w- c:\program files\XP Codec Pack 2013-12-22 09:25:32 -------- d-----w- c:\documents and settings\--\application data\WinRAR 2013-12-22 09:24:14 -------- d-----w- c:\program files\Jasc Software Inc 2013-12-22 09:23:52 -------- d-----w- c:\windows\Logs 2013-12-22 09:23:01 -------- d-sh--w- c:\documents and settings\--\PrivacIE 2013-12-22 09:22:58 145408 ----a-w- c:\windows\system32\javacpl.cpl 2013-12-22 09:22:55 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-12-22 09:21:35 -------- d-----w- c:\documents and settings\--\application data\Sun 2013-12-22 09:20:47 4083584 ----a-w- c:\windows\system32\nv4_disp.dll 2013-12-22 09:20:30 -------- d-----w- c:\program files\NVIDIA Corporation 2013-12-22 09:19:11 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2013-12-22 09:19:09 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2013-12-22 09:19:08 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys 2013-12-22 09:19:06 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys 2013-12-22 09:19:04 142592 ----a-w- c:\windows\system32\drivers\aec.sys 2013-12-22 09:19:03 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys 2013-12-22 09:19:03 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys 2013-12-22 09:19:00 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys 2013-12-22 09:16:40 33792 ----a-w- c:\windows\system32\drivers\AmdPPM.sys 2013-12-22 09:16:30 -------- d-----w- c:\documents and settings\--\application data\InstallShield 2013-12-22 09:16:24 -------- d-----w- c:\program files\Marvell 2013-12-22 09:14:54 24064 ------w- c:\windows\system32\msxml3a.dll 2013-12-22 09:14:48 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll 2013-12-22 09:14:48 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe 2013-12-22 09:14:48 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll 2013-12-22 09:14:48 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll 2013-12-22 09:14:48 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll 2013-12-22 09:13:46 42496 ----a-w- c:\windows\system32\AdvUninstCPL.cpl 2013-12-22 09:13:45 -------- d-----w- c:\program files\Innovative Solutions 2013-12-22 09:11:12 31288 ----a-w- c:\windows\system32\drivers\usbfilter.sys 2013-12-22 09:11:10 -------- d-----w- c:\program files\AMD 2013-12-22 09:10:20 -------- d-----w- c:\program files\ATI Technologies 2013-12-22 09:10:18 -------- d-----w- c:\program files\ATI 2013-12-22 09:08:15 -------- d-----w- c:\documents and settings\--\application data\Macromedia 2013-12-22 09:08:15 -------- d-----w- c:\documents and settings\--\application data\Adobe 2013-12-22 09:07:09 -------- d-----w- c:\program files\ASRock 2013-12-22 09:07:09 -------- d-----w- c:\documents and settings\--\local settings\application data\cFos 2013-12-22 09:06:59 -------- d-----w- c:\documents and settings\all users\application data\cFos 2013-12-22 09:06:42 -------- d-----w- c:\program files\ASRock Utility 2013-12-22 09:05:59 229928 ----a-w- c:\windows\system32\drivers\k57xp32.sys 2013-12-22 09:05:59 -------- d-----w- c:\program files\Broadcom 2013-12-22 09:04:51 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2013-12-22 09:03:43 -------- d-----w- c:\windows\system32\ReinstallBackups 2013-12-22 09:02:51 -------- d-----w- c:\program files\Etron Technology 2013-12-22 08:46:26 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll 2013-12-22 08:45:59 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll 2013-12-22 08:42:55 -------- d-----w- c:\windows\system32\wbem\repository\FS 2013-12-22 00:38:57 -------- d-----r- c:\documents and settings\all users\Documents 2013-12-22 00:31:36 3072 ----a-w- c:\windows\system32\drivers\audstub.sys 2013-12-22 00:31:17 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2013-12-22 00:31:10 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys 2013-12-22 00:31:00 74240 ----a-w- c:\windows\system32\usbui.dll 2013-12-22 00:29:59 8704 -c--a-w- c:\windows\system32\dllcache\batt.dll . ==================== Find3M ==================== . 2014-01-01 05:57:08 388000 ----a-w- c:\windows\system32\drivers\timntr.sys 2014-01-01 05:57:08 32288 ----a-w- c:\windows\system32\drivers\tifsfilt.sys 2014-01-01 05:57:07 99776 ----a-w- c:\windows\system32\drivers\snapman.sys 2013-12-27 12:17:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-12-27 12:17:32 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-11-23 17:49:23 54272 ----a-w- c:\windows\system32\nvwddi.dll 2013-11-23 17:49:23 15711008 ----a-w- c:\windows\system32\nvcpl.dll 2013-11-23 17:49:23 156960 ----a-w- c:\windows\system32\nvsvc32.exe 2013-11-23 17:49:22 209184 ----a-w- c:\windows\system32\nvmctray.dll 2013-11-23 17:49:22 144160 ----a-w- c:\windows\system32\nvcolor.exe 2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll 2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys 2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll 2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll 2013-10-29 07:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec 2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll 2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll 2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll 2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll . ============= FINISH: 16:53:23.20 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/22/2013 12:46:31 AM System Uptime: 1/3/2014 4:38:49 PM (0 hours ago) . Motherboard: ASRock | | 990FX Extreme4 Processor: AMD FX-8350 Eight-Core Processor | CPUSocket | 4300/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 112 GiB total, 83.701 GiB free. D: is FIXED (NTFS) - 112 GiB total, 93.608 GiB free. G: is FIXED (NTFS) - 1397 GiB total, 870.465 GiB free. J: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . µTorrent 7-Zip 4.32 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9 Advanced Uninstaller PRO - Version 11 Advanced Uninstaller PRO 9.6.0.40 AMD USB Filter Driver ASRock eXtreme Tuner v0.1.98 Broadcom Gigabit NetLink Controller Driver Genius Professional Edition Etron USB3.0 Host Controller Google Earth HijackThis 1.99.1 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Java 7 Update 45 marvell 91xx driver Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office Professional Edition 2003 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 NVIDIA Control Panel 331.93 NVIDIA Graphics Driver 331.93 NVIDIA HD Audio Driver 1.3.26.4 NVIDIA Install Application NVIDIA nView 140.84 NVIDIA PhysX NVIDIA PhysX System Software 9.13.0725 Opera Stable 18.0.1284.68 Paint Shop Pro 7 PerformanceTest v7.0 Ralink RT6x Wireless LAN Card Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Windows Internet Explorer 8 (KB2898785) Security Update for Windows Media Player (KB2803821-v2) TechPowerUp GPU-Z Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Windows Media Format 11 runtime Windows Media Player 11 Winrar 3.93 XFast LAN v6.61 . ==== Event Viewer Messages From Past Week ======== . 12/27/2013 8:35:28 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Update for Windows Media Player 11 for Windows XP (KB939683). 12/27/2013 8:35:28 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Update for Windows Media Format 11 SDK for Windows XP (KB929399). 12/27/2013 8:35:28 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP with Windows Media Format Runtime 9.5 and 11 (KB941569). 12/27/2013 8:35:28 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP Service Pack 3 (KB973540). 12/27/2013 8:35:28 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP Service Pack 3 (KB952069). 12/27/2013 8:35:28 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP (KB975558). 12/27/2013 8:35:28 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP (KB954154). 12/27/2013 8:35:28 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP (KB2378111). 12/27/2013 8:35:28 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP3 (KB978695). 12/27/2013 8:35:28 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 3 (KB954155). 12/27/2013 8:35:28 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows Media Format Runtime 11 for Windows XP (KB2834904). 12/27/2013 6:55:02 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/27/2013 6:53:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM Fips 12/27/2013 6:30:34 AM, error: Service Control Manager [7034] - The cFosSpeed System Service service terminated unexpectedly. It has done this 1 time(s). 12/27/2013 5:57:48 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the path specified. 12/27/2013 1:32:53 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\wuaucpl.cpl.manifest. Reference error message: The operation completed successfully. . 12/27/2013 1:32:53 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\nwc.cpl.manifest. Reference error message: The operation completed successfully. . 12/27/2013 1:17:11 PM, error: AWEAlloc [52] - 1/2/2014 9:48:36 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\dbghelp.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512. 1/2/2014 10:14:10 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\pchealth\uploadlb\binaries\uploadm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512. 1/2/2014 10:14:10 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\pchsvc.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512. 1/2/2014 10:14:10 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\pchshell.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512. 1/2/2014 10:14:10 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\notiflag.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0. 1/2/2014 10:14:10 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\msinfo.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.0.1230. 1/2/2014 10:14:10 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\msconfig.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512. 1/2/2014 10:14:10 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\hscupd.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512. 1/2/2014 10:14:10 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\helphost.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0. 1/2/2014 10:14:10 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\helpctr.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512. 1/2/2014 10:14:10 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\brpinfo.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0. . ==== End Of File ===========================
  7. thank you, this is my roguekiller log file RogueKiller V8.8.0 [Dec 27 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : -- [Admin rights] Mode : Scan -- Date : 01/03/2014 08:38:31 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJ][PUM] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ -> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> D:\Documents and Settings\Administrator\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> D:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> D:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> D:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Samsung SSD 840 EVO 120GB +++++ --- User --- [MBR] 3f99f31277a1148efe3c16bd6852a366 [bSP] 8a01cf271987c688af149b3004879842 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 4096 | Size: 114464 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) Samsung SSD 840 Series +++++ --- User --- [MBR] 42723ea626362f854373daa04e0c8142 [bSP] 20bd48e7fd78bb334297d218183980ca : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 4096 | Size: 114464 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) TOSHIBA External USB 3.0 USB Device +++++ --- User --- [MBR] 0d69d7548aba8c7fb290f550541345e3 [bSP] ec184725ee1ee1ecefc1475a587d429b : Empty MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_01032014_083831.txt >>
  8. For the last 5 days I keep getting a popup saying ("Your system is in danger") Then It puts an HTML file icon on my desktop and if I click on it the page comes up again. Cant seem to get rid of it.. Malwarebytes doesn’t detect it even if I right click and scan it. My Hijack this long his nothing on it as well. I cant find a link that allows me to send the file too Malwarebytes to check it. What do I have to do to get this found? Here is a picture of it.. Uploaded with ImageShack.us http://img62.imageshack.us/img62/9359/x8bu.jpg
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.