Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware infected work pc [Solved]

Started by Andreib18 , Aug 04 2014 12:56 AM

  • This topic is locked This topic is locked

#46
Essexboy
Posted 07 August 2014 - 09:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is the CD at SP3 3 ? If not you may have to slipstream SP3 into it as SFC will only work with a CD of the same value

Slipstreaming details are here http://winsupersite....ck-3-sp3-128464 or here http://www.expertrev...l-other-updates

How is this system behaving now ?
  • 0

Advertisements

#47
Andreib18
Posted 07 August 2014 - 09:36 AM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts

The pure has stopped ..don't know if normal ..and on other computers some exe corrupted ..no big deal at all


  • 0

#48
Essexboy
Posted 07 August 2014 - 09:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I would like to try combofix one more time on system 1 to ensure I have it all. This was the infector point for all systems

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#49
Andreib18
Posted 07 August 2014 - 10:26 AM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts

combofix log

 

ComboFix 14-08-06.02 - Radu Mamii 08/07/2014  19:02:37.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.1749 [GMT 3:00]
Running from: c:\documents and settings\Radu Mamii\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE 3.0 *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\NetworkService\Local Settings\Application Data\Kosong.Bron.Tok.txt
c:\documents and settings\NetworkService\Local Settings\Application Data\ListHost16.txt
c:\documents and settings\Radu Mamii\Local Settings\Application Data\Kosong.Bron.Tok.txt
c:\documents and settings\Radu Mamii\Local Settings\Application Data\ListHost16.txt
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\out.txt
c:\windows\wininit.ini
.
c:\windows\system32\netsh.exe . . . is infected!!
.
c:\windows\system32\hnetcfg.dll . . . is infected!!
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-07 to 2014-08-07  )))))))))))))))))))))))))))))))
.
.
2014-08-07 15:59 . 2014-08-07 15:59 -------- d-----w- c:\windows\LastGood.Tmp
2014-08-06 12:47 . 2010-08-30 05:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-06 12:46 . 2014-08-06 12:56 -------- d-----w- C:\AdwCleaner
2014-08-06 11:50 . 2014-08-06 11:50 -------- d-----w- C:\_OTL
2014-08-05 06:41 . 2011-06-02 11:39 39736 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2014-08-05 06:41 . 2011-06-02 11:39 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2014-08-05 06:40 . 2014-08-05 06:40 -------- d-----w- c:\program files\Common Files\InfoWatch
2014-08-05 06:40 . 2014-08-07 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2014-08-05 06:40 . 2014-08-05 06:40 -------- d-----w- c:\program files\Kaspersky Lab
2014-08-05 06:40 . 2014-08-05 07:29 74336 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-08-04 18:55 . 2014-08-07 15:21 -------- d-----w- C:\FRST
2014-08-04 18:10 . 2014-08-07 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\MCShield
2014-08-04 18:10 . 2014-08-04 18:10 -------- d-----w- c:\program files\MCShield
2014-07-26 07:33 . 2014-07-26 07:33 -------- d-----w- C:\usb_driver
2014-07-14 14:08 . 2014-07-14 14:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\PowerISO
2014-07-12 06:59 . 2014-07-12 06:59 -------- d-----w- C:\TDSSKiller_Quarantine
2014-07-12 06:40 . 2014-07-12 06:40 -------- d-----w- c:\documents and settings\Radu Mamii\Application Data\PowerISO
2014-07-12 06:39 . 2014-07-12 06:39 -------- d-----w- c:\program files\PowerISO
2014-07-09 07:03 . 2014-08-01 06:32 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-09 07:03 . 2014-07-09 07:03 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-09 07:03 . 2014-07-09 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-07-09 07:03 . 2014-05-12 04:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-09 07:03 . 2014-05-12 04:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-05 07:29 . 2013-11-11 17:55 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
2014-07-09 08:32 . 2013-04-02 13:14 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 08:32 . 2013-04-02 13:14 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-27 06:59 . 2014-06-27 06:59 116320 ----a-w- c:\windows\system32\drivers\scdemu.sys
2014-05-19 16:31 . 2013-04-02 14:09 6784 ----a-w- c:\windows\system32\drivers\ubnredir.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-21 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\system32\DRIVERS\atapi.sys
[-] 2008-08-21 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
.
[-] 2008-08-21 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-08-21 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2008-08-21 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2008-08-21 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-08-21 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-08-21 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-08-21 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-08-21 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2008-08-21 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2008-08-21 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-08-21 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219-v2\SP3QFE\browser.dll
[-] 2008-08-21 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219-v2$\browser.dll
.
[-] 2008-08-21 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-08-21 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2008-08-21 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-08-21 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2008-08-21 12:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-08-21 12:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2008-08-21 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-08-21 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-08-21 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-08-21 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-08-21 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
.
[-] 2008-08-21 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-08-21 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2008-08-21 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-08-21 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-08-21 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-08-21 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-08-21 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2008-08-21 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-08-21 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2008-08-21 12:00 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
.
[-] 2008-08-21 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-08-21 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2008-08-21 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-08-21 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2008-08-21 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-08-21 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2008-08-21 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-08-21 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2008-08-21 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2008-08-21 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
.
[-] 2008-08-21 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
.
[-] 2008-08-21 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-08-21 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2008-08-21 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-08-21 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2008-08-21 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-08-21 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2008-08-21 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-08-21 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2008-08-21 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-08-21 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2008-08-21 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-08-21 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2008-08-21 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-08-21 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2008-08-21 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-08-21 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2008-08-21 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-08-21 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2008-08-21 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-08-21 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2008-08-21 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-08-21 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-08-21 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-08-21 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
[-] 2002-12-11 21:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\Driver Cache\i386\ksuser.dll
[-] 2002-12-11 21:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll
.
[-] 2008-08-21 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-08-21 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-08-21 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
.
[-] 2008-08-21 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2008-08-21 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msimg32.dll
.
[-] 2008-08-21 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-08-21 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-08-21 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-08-21 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2008-08-21 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-08-21 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[-] 2008-08-21 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll
.
[-] 2008-08-21 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\MSCTFIME.IME
[-] 2008-08-21 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msctfime.ime
.
[-] 2008-08-21 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-08-21 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2008-08-21 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-08-21 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2008-08-21 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-08-21 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-08-21 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-08-21 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2008-08-21 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-08-21 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2008-08-21 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-08-21 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2008-08-21 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-08-21 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2008-08-21 . E81E9672BA621DD2D8A5EC8854EB4D7D . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-08-21 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2008-08-21 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-08-21 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
.
[-] 2008-08-21 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 19:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 19:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-08-21 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-08-21 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-08-21 12:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
.
[-] 2008-08-21 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-08-21 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2008-08-21 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-08-21 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2008-08-21 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-08-21 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2008-08-21 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-08-21 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
[-] 2004-07-09 01:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
.
[-] 2008-08-21 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-08-21 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2008-08-21 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-08-21 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
[-] 2004-07-09 01:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
.
[-] 2008-08-21 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-08-21 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2008-08-21 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-08-21 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2008-08-21 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-08-21 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
[-] 2008-08-21 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-08-21 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-08-21 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2008-08-21 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2008-08-21 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2008-08-21 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2008-08-21 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2008-08-21 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2008-08-21 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2008-08-21 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
[-] 2008-08-21 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2008-08-21 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wshtcpip.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2014-08-05 07:27 458944 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-09-10 1964840]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2014-04-11 650816]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-08-21 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLSDeviceControlPanel"="c:\windows\system32\FLSDEVCP.EXE" [2014-05-06 107816]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2014-06-27 366904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2014-01-17 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2009-06-04 1294336]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-12 18:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryLink.exe]
2014-05-08 09:58 1463824 ----a-w- c:\program files\Research In Motion\BlackBerry Link\BlackBerryLink.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-08-21 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 15:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-09-10 17:46 1964840 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-10-28 09:07 33685504 ----a-w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-11-12 07:04 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2013-09-03 08:58 659456 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-11-12 07:05 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-05-26 16:12 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-11-06 01:55 1564528 ----a-w- c:\program files\SAMSUNG\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-11-06 01:55 311152 ----a-w- c:\program files\SAMSUNG\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2013-10-02 18:28 1090912 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 10:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-11-12 07:05 141336 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 14:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIM PeerManager]
2014-05-07 10:00 4493824 ----a-w- c:\program files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2014-02-07 08:24 443408 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S60 PC Suite Tray]
2008-12-05 22:48 699392 ----a-w- c:\program files\SAMSUNG\Samsung PC Studio 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-05-07 11:44 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2014-06-12 06:36 1267536 ----a-w- c:\documents and settings\Radu Mamii\Application Data\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2011-08-05 09:29 159456 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Radu Mamii\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\UNPROTECTED\\Iphone\\Diverse\\TinyUmbrella\\tinyumbrella-6.12.00.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"d:\\UNPROTECTED\\Iphone\\Diverse\\TinyUmbrella\\tinyumbrella-7.00.00a.exe"=
"c:\\Program Files\\HTC\\HTC Sync Manager\\HTCSyncManager.exe"=
"c:\\Program Files\\Nokia\\Nokia Care Suite\\Product Support Tool For Store 5.0\\ProductSupportToolForStore.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Fuse\\FuseService.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Fuse\\fuse.exe"=
"c:\\Documents and Settings\\Radu Mamii\\Desktop\\tinyumbrella-7.04.00.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater for Retail\\NSUforRetail.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [8/5/2014 9:41 AM 88632]
R0 UBND;UniversalBox Nokia Device Driver;c:\windows\system32\drivers\ubnd.sys [4/2/2013 5:09 PM 7808]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [8/5/2014 9:41 AM 39736]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [11/11/2013 8:55 PM 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [11/11/2013 8:55 PM 145040]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [9/25/2013 3:42 PM 818888]
R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:\windows\system32\drivers\fle5wnnt.sys [5/6/2014 5:16 PM 33404]
R2 FLSIFACE;FLSIface;c:\windows\system32\drivers\flsiface.sys [5/6/2014 5:16 PM 14272]
R2 FLSPAR;FLSPar;c:\windows\system32\drivers\flspar.sys [5/6/2014 5:16 PM 16314]
R2 FLSSER;FLSSer;c:\windows\system32\drivers\flsser.sys [5/6/2014 5:16 PM 8344]
R2 FLSVCOM;FLSVCom;c:\windows\system32\drivers\flsvcom.sys [5/6/2014 5:16 PM 35226]
R2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [9/2/2013 10:51 AM 87368]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [5/9/2013 6:24 PM 47616]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [10/10/2013 12:39 PM 167424]
R2 RIM MDNS;RIM MDNS;c:\program files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [5/7/2014 12:53 PM 389632]
R2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [5/7/2014 1:01 PM 1324544]
R2 ScsiCommandService2;SCSI command service;c:\windows\system32\ScsiCommandService2.exe [2/11/2014 12:50 PM 48128]
R3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [1/21/2014 2:41 PM 585728]
R3 cyclonebox;Cyclone Box Service;c:\windows\system32\drivers\cyclonebox.sys [4/5/2013 9:32 AM 37184]
R3 DreamBox;Dream Box device;c:\windows\system32\drivers\dreambox.sys [4/5/2013 11:06 AM 17152]
R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [5/19/2006 10:23 AM 15328]
R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [5/19/2006 10:23 AM 13440]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [6/27/2012 2:09 PM 35672]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [11/11/2013 8:55 PM 24160]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/11/2013 8:55 PM 24672]
R3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\drivers\smccard.sys [4/4/2013 12:35 PM 12800]
R3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\drivers\rimvndis.sys [4/26/2013 7:22 AM 12800]
R3 token;USB Token Service;c:\windows\system32\drivers\eps2kt1.sys [4/4/2013 12:35 PM 21888]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [4/2/2013 2:49 PM 1425280]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [3/2/2012 5:02 PM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [3/2/2012 5:02 PM 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [3/2/2012 5:02 PM 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [3/2/2012 5:02 PM 25088]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys [7/3/2012 12:56 PM 25856]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [7/3/2012 12:43 PM 23040]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [7/3/2012 12:43 PM 27776]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [7/4/2012 2:47 PM 70400]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [5/19/2014 1:41 PM 32064]
S3 BRCM;Broadcom USB to Serial Service;c:\windows\system32\drivers\bcmvcp.sys [4/17/2013 12:20 PM 41344]
S3 CSSTUSB;TI CSST USB Driver;c:\windows\system32\drivers\csstusb.sys [3/9/2011 4:37 PM 33792]
S3 DFU;DFU - Kernel Driver (WDM);c:\windows\system32\drivers\52xdfu.sys [3/20/2014 8:05 PM 12416]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [12/11/2013 1:45 PM 84248]
S3 Egatecard;Egatecard;c:\windows\system32\drivers\egate.sys [5/19/2006 10:23 AM 18880]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [12/11/2013 1:44 PM 16384]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4/3/2013 8:54 PM 13224]
S3 ghsser;Handset Serial Port for NOLOGO;c:\windows\system32\drivers\ghsser.sys [7/1/2013 1:20 PM 107776]
S3 gxdlusb;gxdlusb;c:\windows\system32\drivers\gxdlusb.sys [3/2/2004 6:06 PM 10240]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [10/24/2013 9:43 AM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [12/7/2012 6:27 PM 21248]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [7/1/2013 1:20 PM 17672]
S3 mstrgen;MCCI® Firmware Update Driver for MTK;c:\windows\system32\drivers\mstrgen.sys [2/10/2014 11:56 AM 62080]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [4/3/2013 3:35 PM 18944]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10/26/2013 1:10 PM 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10/26/2013 1:10 PM 8576]
S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\ccdcmbsa.sys [3/4/2014 11:08 AM 18176]
S3 NOKIA_3806_PHONE;NOKIA 3806 phone;c:\windows\system32\drivers\NOKIA_3806_PHONE.sys [1/15/2009 10:58 AM 101120]
S3 qcusbser;ALCATEL USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [4/29/2013 4:55 PM 108160]
S3 SciU2S;Spreadtrum USB to Serial port driver for DL;c:\windows\system32\drivers\SciU2S.sys [5/8/2014 11:50 AM 117248]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [3/4/2014 11:08 AM 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [3/4/2014 11:08 AM 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [3/4/2014 11:08 AM 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [3/4/2014 11:08 AM 100224]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [5/19/2014 1:41 PM 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [5/19/2014 1:41 PM 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [5/19/2014 1:41 PM 153672]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [5/19/2014 1:41 PM 130248]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [12/11/2013 1:45 PM 182680]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudobex.sys [12/11/2013 1:45 PM 182680]
S3 ssudrmnet;SAMSUNG Mobile USB RMNET Drivers;c:\windows\system32\drivers\ssudrmnet.sys [12/11/2013 1:45 PM 60184]
S3 ssudrmnetmp;SAMSUNG Mobile USB RMNET Network Adapter Drivers;c:\windows\system32\drivers\ssudrmnetmp.sys [12/11/2013 1:45 PM 80664]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [12/11/2013 1:45 PM 182680]
S3 UBNRedir;UBNRedir;c:\windows\system32\drivers\ubnredir.sys [4/2/2013 5:09 PM 6784]
S3 UsbGps;LGE Mobile USB GPS NMEA Port;c:\windows\system32\drivers\lgusbgps.sys [3/2/2012 5:03 PM 20096]
S3 USBSHGX;SHARP GSM GPRS USB Driver 2.0.0;c:\windows\system32\drivers\usbgx_2.sys [3/25/2004 4:29 PM 24144]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 11:38 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-02 08:32]
.
2014-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2014-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-02 12:39]
.
2014-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-02 12:39]
.
2014-08-07 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-19 01:59]
.
2014-07-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-19 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ro/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 193.231.242.2 193.226.60.2
FF - ProfilePath - c:\documents and settings\Radu Mamii\Application Data\Mozilla\Firefox\Profiles\j7hu8h2q.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Notify-AtiExtEvent - (no file)
SafeBoot-83511949.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-DriverToolkit - c:\program files\DriverToolkit\DriverToolkit.exe
MSConfigStartUp-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
AddRemove-InfinityBox Shell - c:\infinitybox\Shell\Shell_uninstall.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-07 19:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,12,a3,83,5c,ce,71,42,92,25,43,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,12,a3,83,5c,ce,71,42,92,25,43,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wondershare\Wondershare Helper Compact\1953384805\el*PROCESSOR_LEVEL=6*PROCESSOR_REVISION=0f0d*ProgramFiles=c:\program files*sessionname=console*systemdrive=c:*systemroot=c:\WINDOWS*TEMP=c:\docume~1\RADUMA~1\LOCALS~1\Temp*TMP=c:\docume~1\RADUMA~1\LOCALS~1\Temp*USERDOMAIN=SERVICE-429D9B2*USERNAME=Radu Mami]
"JoinUserExperience"=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1056)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Samsung\Samsung PC Studio 7\phonebrowser.dll
c:\program files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
c:\program files\Samsung\Samsung PC Studio 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Samsung\Samsung PC Studio 7\Resource\PhoneBrowser_Samsung.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\program files\Zune\ZuneBusEnum.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2014-08-07  19:25:04 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-07 16:24
.
Pre-Run: 172,414,562,304 bytes free
Post-Run: 172,336,353,280 bytes free
.
- - End Of File - - 0557D915466FE9A1CF5DF6CFB344E10F
8F558EB6672622401DA993E1E865C861

  • 0

#50
Andreib18
Posted 07 August 2014 - 11:20 AM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts

Also the cd with windows is no longer good ...can I put one in one thumd drive ?


  • 0

#51
Essexboy
Posted 07 August 2014 - 11:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes you can slipstream to a USB no problem

As you can see from the combofix report there are a lot of suspect system files. You have two that are infected. I will use FRST to search for replacements

Run FRST and in the search box type the following :

netsh.exe;hnetcfg.dll

frst.JPG

Then click search files

Once done a search.txt will be produced please post that
  • 0

#52
Andreib18
Posted 08 August 2014 - 12:38 AM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts

search.tct :: 

 

Farbar Recovery Scan Tool (x86) Version:5-08-2014
Ran by Radu Mamii at 2014-08-08 09:25:49
Running from C:\Documents and Settings\Radu Mamii\Desktop
Boot Mode: Normal
 
================== Search: "netsh.exe;hnetcfg.dll" ===================
 
C:\WINDOWS\system32\hnetcfg.dll
[2008-08-21 15:00][2008-08-21 15:00] 0344064 ____A (Microsoft Corporation) e81e9672ba621dd2d8a5ec8854eb4d7d     
 
C:\WINDOWS\system32\netsh.exe
[2008-08-21 15:00][2008-08-21 15:00] 0086016 ____A (Microsoft Corporation) 6afccf9ced142fc8f52ffc7ffbbd449e     
 
C:\WINDOWS\system32\dllcache\hnetcfg.dll
[2008-08-21 15:00][2008-08-21 15:00] 0344064 ___AC (Microsoft Corporation) 3cb32d3b8cbe79899d63280bb7a83cd9     
 
C:\WINDOWS\system32\dllcache\netsh.exe
[2008-08-21 15:00][2008-08-21 15:00] 0086016 ___AC (Microsoft Corporation) 6309955f8a1bdd10a8467c50ed3f023e     
 
=== End Of Search ===

  • 0

#53
Essexboy
Posted 08 August 2014 - 06:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK they have a different MD5 so lets hope these are not infected as well. We will run the replacement with combofix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:
 

FCopy::
C:\WINDOWS\system32\dllcache\hnetcfg.dll|C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\dllcache\netsh.exe|C:\WINDOWS\system32\netsh.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#54
Andreib18
Posted 08 August 2014 - 09:00 AM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts

When i run this command it's says that no recovery console and no bootable partition detected ..then after stage 3 i get a bsod ..no logs


  • 0

#55
Essexboy
Posted 08 August 2014 - 09:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK reboot and I will use FRST  although it will not confirm if the infection is still present

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

Replace: C:\WINDOWS\system32\dllcache\hnetcfg.dll C:\WINDOWS\system32\hnetcfg.dll
Replace: C:\WINDOWS\system32\dllcache\netsh.exe C:\WINDOWS\system32\netsh.exe
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

Advertisements

#56
Andreib18
Posted 08 August 2014 - 10:04 AM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts

fixlog 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:5-08-2014
Ran by Radu Mamii at 2014-08-08 18:54:51 Run:3
Running from C:\Documents and Settings\Radu Mamii\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Replace: C:\WINDOWS\system32\dllcache\hnetcfg.dll C:\WINDOWS\system32\hnetcfg.dll
Replace: C:\WINDOWS\system32\dllcache\netsh.exe C:\WINDOWS\system32\netsh.exe
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:
*****************
 
C:\WINDOWS\system32\hnetcfg.dll => Moved successfully.
C:\WINDOWS\system32\dllcache\hnetcfg.dll copied successfully to C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\netsh.exe => Moved successfully.
C:\WINDOWS\system32\dllcache\netsh.exe copied successfully to C:\WINDOWS\system32\netsh.exe
 
=========  bitsadmin /reset /allusers =========
 
'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
=========  DEL %TEMP%\*.* /F /S /Q =========
 
C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\adb.log
The process cannot access the file because it is being used by another process.
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\NGLALog.txt
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\pcsuitecheck_new.xml
C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Perflib_Perfdata_59c.dat
The process cannot access the file because it is being used by another process.
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\WCESCOMM.LOG
C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\WCESLog.log
The process cannot access the file because it is being used by another process.
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Cookies\HEWW8NHH.txt
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Cookies\U7D1AQF5.txt
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\NGLATempNokia\Nokia Sans Wide Bold v3.1.ttf
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\NGLATempNokia\Nokia Sans Wide BolIta v3.1.ttf
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\NGLATempNokia\Nokia Sans Wide Italic v3.1.ttf
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\NGLATempNokia\Nokia Sans Wide v3.1.ttf
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\0Q1NPR0E\6e8c9294dee1d86c1113115d17985fa8[1].swf
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\0Q1NPR0E\client_ad[1].php
C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\0Q1NPR0E\client_ad[2].php
The process cannot access the file because it is being used by another process.
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\0Q1NPR0E\get-user-id[1]
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\0Q1NPR0E\smiley_16px[1].gif
C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\DOFDHJZM\client_ad[1].php
The process cannot access the file because it is being used by another process.
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\DOFDHJZM\combo[1]
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\DOFDHJZM\combo[1].txt
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\DOFDHJZM\get-user-id[1]
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\DOFDHJZM\imp[1]
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\FEYL1AC6\6e8c9294dee1d86c1113115d17985fa8[1].swf
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\FEYL1AC6\clientad_rotator_090324[1].js
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\FEYL1AC6\client_ad[1].php
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\FEYL1AC6\client_ad[2].php
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\FEYL1AC6\imp[1]
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\MU4ERCVK\6e8c9294dee1d86c1113115d17985fa8[1].swf
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\MU4ERCVK\get-user-id[1]
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\MU4ERCVK\imp[1]
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\MU4ERCVK\nopic_32[1].gif
Deleted file - C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\MU4ERCVK\ylc_1.9[1].js
 
========= End of CMD: =========
 
 
=========  RD /S /Q %TEMP% =========
 
C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\adb.log - The process cannot access the file because it is being used by another process.
C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Cookies\index.dat - The process cannot access the file because it is being used by another process.
C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\History\History.IE5\index.dat - The process cannot access the file because it is being used by another process.
C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\History\History.IE5\MSHIST~1\index.dat - The process cannot access the file because it is being used by another process.
C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\Perflib_Perfdata_59c.dat - The process cannot access the file because it is being used by another process.
C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\TEMPOR~1\Content.IE5\0Q1NPR0E\client_ad[2].php - The process cannot access the file because it is being used by another process.
C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\TEMPOR~1\Content.IE5\DOFDHJZM\client_ad[1].php - The process cannot access the file because it is being used by another process.
C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\TEMPOR~1\Content.IE5\index.dat - The process cannot access the file because it is being used by another process.
C:\DOCUME~1\RADUMA~1\LOCALS~1\Temp\WCESLog.log - The process cannot access the file because it is being used by another process.
 
========= End of CMD: =========
 
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

  • 0

#57
Essexboy
Posted 08 August 2014 - 10:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What you need to do now is run SFC

Start a command prompt and type in sfc /scannow

It will ask for the CD so you need to have the slipstreamed SP3 version
Once it has completed could you let me know how the computer is behaving
  • 0

#58
Andreib18
Posted 08 August 2014 - 11:27 AM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts

Ok ...now I'm not at work ...tomorow morning i'll run sfc and i think it can take some time .. i'l post tomorow


  • 0

#59
Essexboy
Posted 08 August 2014 - 11:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Yes, it may take on hour or so.  How is the computer behaving after the file replace ?


  • 0

#60
Andreib18
Posted 08 August 2014 - 11:51 AM

Andreib18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts

The updates are ready to install appers in taskbar now,when i shutdown always installs update 1 of 1 .. and after file replace i don't use it very much but today the hdd seems to struggle alot (red led stays on ,and hdd make noise) and act pretty low. Also .. in the service we have another laptop that has only one box and we use it only for unlock some models of phones(only firmware downloads from support,no pc suits)  can i post a log of otl or something befor install avira on him?it have installed mcschield 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP