Jump to content

you system is in danger! virus


Recommended Posts

For the last 5 days I keep getting a popup saying ("Your system is in danger")

Then It puts an HTML file icon on my desktop and if I click on it the page comes up again. Cant seem to get rid of it.. Malwarebytes doesn’t detect it even if I right click and scan it. My Hijack this long his nothing on it as well.

I cant find a link that allows me to send the file too Malwarebytes to check it.

What do I have to do to get this found?

Here is a picture of it..

 

x8bu.jpg

 

Uploaded with ImageShack.us

 

 

http://img62.imageshack.us/img62/9359/x8bu.jpg

 

 

Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS won't run on W8)

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

thank you, this is my roguekiller log file

 

 

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : -- [Admin rights]
Mode : Scan -- Date : 01/03/2014 08:38:31
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ][PUM] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\Documents and Settings\Administrator\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> D:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Samsung SSD 840 EVO 120GB +++++
--- User ---
[MBR] 3f99f31277a1148efe3c16bd6852a366
[bSP] 8a01cf271987c688af149b3004879842 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 4096 | Size: 114464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) Samsung SSD 840 Series +++++
--- User ---
[MBR] 42723ea626362f854373daa04e0c8142
[bSP] 20bd48e7fd78bb334297d218183980ca : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 4096 | Size: 114464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) TOSHIBA External USB 3.0 USB Device +++++
--- User ---
[MBR] 0d69d7548aba8c7fb290f550541345e3
[bSP] ec184725ee1ee1ecefc1475a587d429b : Empty MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_01032014_083831.txt >>

 

 

Link to post
Share on other sites

Thanks again, Sorry I was late for work this morning and didnt have a chance to read the instructions completely.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by -- at 16:53:18 on 2014-01-03
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3299.2880 [GMT -8:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
C:\Documents and Settings\--\My Documents\Core Temp\x86\Core Temp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\--\Local Settings\Temporary Internet Files\Content.IE5\WN3WXY7M\dds[1].com
C:\DOCUME~1\--\LOCALS~1\Temp\nsb9.tmp\nsA.tmp
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\--\LOCALS~1\Temp\nsb9.tmp\PEV.DAT
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.

mStart Page = about:blank
uRun: [Core Temp] "c:\documents and settings\--\my documents\core temp\x86\Core Temp.exe"
uRun: [ASRockXTU] <no file>
mRun: [XFast LAN] c:\program files\asrock\xfast lan\cFosSpeed.exe
mRun: [Driver Genius] <no file>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoComputersNearMe = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CCF24DEF-6650-4EE8-8452-1586100DC424} : DHCPNameServer = 192.168.1.1
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-12-22 418376]
R3 ALSysIO;ALSysIO;\??\c:\docume~1\--\locals~1\temp\alsysio.sys --> c:\docume~1\--\locals~1\temp\ALSysIO.sys [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [2011-2-7 32384]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [2011-2-7 71552]
R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2013-12-22 229928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-12-22 22856]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2013-12-22 31288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-12-22 701512]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-12-22 1691480]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-1-1 51416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-01-03 06:03:07 -------- d-----w- c:\program files\Enigma Software Group
2014-01-03 06:03:00 -------- d-----w- c:\windows\220FB0354744483A9A0B41DF77061583.TMP
2014-01-03 06:02:59 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2014-01-02 14:27:17 -------- d--h--w- c:\windows\PIF
2014-01-02 11:49:17 -------- d-----w- c:\program files\Paragon Software
2014-01-02 07:19:23 -------- d-----w- c:\documents and settings\all users\application data\Innovative Solutions
2014-01-02 07:19:22 -------- d-----w- c:\program files\common files\Innovative Solutions
2014-01-02 04:00:40 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2014-01-02 04:00:40 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2014-01-02 04:00:40 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2014-01-02 04:00:39 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2014-01-02 03:27:48 -------- d-----w- c:\documents and settings\--\local settings\application data\PassMark
2014-01-02 03:26:19 -------- d-----w- c:\documents and settings\all users\application data\PassMark
2014-01-02 03:26:18 -------- d-----w- c:\program files\PerformanceTest
2014-01-02 02:58:52 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2014-01-02 02:58:41 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-01 20:23:43 5632 ----a-w- c:\windows\system32\ptpusb.dll
2014-01-01 20:23:43 159232 ----a-w- c:\windows\system32\ptpusd.dll
2014-01-01 02:10:25 500096 ----a-w- c:\windows\system32\drivers\rt61.sys
2014-01-01 02:10:25 -------- d-----w- c:\documents and settings\all users\application data\Ralink Driver
2013-12-30 11:35:27 -------- d-----w- c:\documents and settings\all users\application data\DriverGenius
2013-12-30 11:35:12 -------- d-----w- c:\program files\Driver-Soft
2013-12-30 05:34:25 -------- d-----w- c:\documents and settings\--\application data\NVIDIA
2013-12-30 05:34:23 -------- d-----w- c:\program files\GPU-Z
2013-12-30 03:31:57 172 ----a-w- c:\windows\uninstall.bat
2013-12-30 03:22:37 -------- d-----w- c:\documents and settings\--\local settings\application data\NVIDIA
2013-12-30 03:21:13 892704 ----a-w- c:\windows\system32\nvhdagenco32.dll
2013-12-30 03:21:12 9605120 ----a-w- c:\windows\system32\nvopencl.dll
2013-12-30 03:21:12 893728 ----a-w- c:\windows\system32\nvdispgenco3233193.dll
2013-12-30 03:21:12 1049888 ----a-w- c:\windows\system32\nvdispco3233193.dll
2013-12-30 02:56:10 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2013-12-30 02:56:09 -------- d-----w- c:\windows\6EB751B745F24DCF9C91DB996A05A626.TMP
2013-12-30 02:55:57 1127972 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-12-30 02:55:57 1127972 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-12-30 02:55:57 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-12-30 02:51:53 9646080 ----a-w- c:\windows\system32\nvcuda.dll
2013-12-30 02:51:53 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2013-12-30 02:51:53 65536 ----a-w- c:\windows\system32\OpenCL.dll
2013-12-30 02:51:53 2952992 ----a-w- c:\windows\system32\nvcuvid.dll
2013-12-30 02:51:53 2747680 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-12-30 02:51:53 22183936 ----a-w- c:\windows\system32\nvoglnt.dll
2013-12-30 02:51:53 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2013-12-30 02:51:52 2633728 ----a-w- c:\windows\system32\nvapi.dll
2013-12-30 02:51:52 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-12-30 02:51:52 12684992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-12-29 08:21:37 -------- d-----w- c:\program files\Cisco Systems
2013-12-29 08:21:14 327168 ----a-w- c:\windows\IsUninst.exe
2013-12-27 20:38:25 10240 ------w- c:\windows\system32\imdsksvc.exe
2013-12-27 20:26:36 331776 ----a-r- c:\windows\system32\ctfmon.exe.exe
2013-12-27 15:01:33 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-12-27 15:01:30 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-12-27 15:01:15 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-12-27 14:48:17 -------- d-----w- c:\windows\pss
2013-12-27 12:11:16 -------- d-----w- c:\documents and settings\--\local settings\application data\Opera Software
2013-12-27 12:11:15 -------- d-----w- c:\documents and settings\--\application data\Opera Software
2013-12-24 05:41:31 -------- d-sh--w- C:\$RECYCLE.BIN
2013-12-23 02:32:34 -------- d-----w- c:\documents and settings\--\application data\Thinstall
2013-12-23 02:27:02 -------- d-----w- c:\windows\system32\oobe
2013-12-22 16:30:04 -------- d-----w- c:\windows\system32\appmgmt
2013-12-22 16:25:56 -------- d-----w- c:\windows\system32\Lang
2013-12-22 15:41:57 -------- d-----w- c:\documents and settings\all users\application data\Paragon
2013-12-22 15:41:20 -------- d-----w- c:\documents and settings\all users\application data\pat
2013-12-22 15:28:26 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-12-22 15:28:25 -------- d-----w- c:\windows\SHELLNEW
2013-12-22 15:25:47 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-12-22 15:25:45 -------- d-----w- c:\program files\Windows Media Connect 2
2013-12-22 15:25:23 -------- d-----w- c:\windows\system32\LogFiles
2013-12-22 15:13:33 -------- d-----w- c:\documents and settings\all users\application data\Trymedia
2013-12-22 15:06:07 -------- d-----w- c:\documents and settings\--\application data\uTorrent
2013-12-22 15:04:01 -------- d-----w- c:\windows\system32\XPSViewer
2013-12-22 15:03:54 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-12-22 15:03:52 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2013-12-22 15:03:50 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-12-22 15:03:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-12-22 15:03:50 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-12-22 15:03:50 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-12-22 15:03:50 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-12-22 15:03:50 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2013-12-22 15:03:50 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-12-22 15:03:50 117760 ------w- c:\windows\system32\prntvpt.dll
2013-12-22 14:46:58 -------- d-----w- c:\documents and settings\--\local settings\application data\Identities
2013-12-22 11:45:06 -------- d-----w- c:\windows\ie8updates
2013-12-22 11:43:56 -------- d-----w- c:\windows\system32\MRT
2013-12-22 11:24:56 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-12-22 11:24:56 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2013-12-22 11:24:56 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2013-12-22 11:24:56 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-12-22 09:59:24 -------- d-----w- c:\windows\system32\CatRoot2
2013-12-22 09:52:47 -------- d---a-w- c:\program files\uTorrent
2013-12-22 09:52:46 -------- d---a-w- c:\program files\Ultra Video Splitter
2013-12-22 09:52:46 -------- d---a-w- c:\program files\Total Video Converter
2013-12-22 09:52:45 -------- d---a-w- c:\program files\SourceTec
2013-12-22 09:52:45 -------- d---a-w- c:\program files\Replay Video Capture 6
2013-12-22 09:52:45 -------- d---a-w- c:\program files\Renesas Electronics
2013-12-22 09:52:45 -------- d---a-w- c:\program files\Playback
2013-12-22 09:52:13 -------- d---a-w- c:\program files\LG Electronics
2013-12-22 09:52:13 -------- d---a-w- c:\program files\Handset WinDriver
2013-12-22 09:52:13 -------- d---a-w- c:\program files\Garmin GPS Plugin
2013-12-22 09:52:13 -------- d---a-w- c:\program files\Garmin
2013-12-22 09:51:54 -------- d---a-w- c:\program files\DAEMON Tools Lite
2013-12-22 09:51:53 -------- d---a-w- c:\program files\Creative Zone
2013-12-22 09:51:53 -------- d---a-w- c:\program files\CPUID
2013-12-22 09:51:52 -------- d---a-w- c:\program files\DVR Soft
2013-12-22 09:51:52 -------- d---a-w- c:\program files\DVD X Studios
2013-12-22 09:51:52 -------- d---a-w- c:\program files\DVD Shrink
2013-12-22 09:51:51 -------- d---a-w- c:\program files\Dream Aquarium
2013-12-22 09:50:50 -------- d---a-w- c:\program files\EA GAMES
2013-12-22 09:50:41 -------- d---a-w- c:\program files\Bejeweled 3
2013-12-22 09:37:43 -------- d-----w- c:\documents and settings\--\application data\Google
2013-12-22 09:37:31 -------- d-----w- c:\documents and settings\--\local settings\application data\Temp
2013-12-22 09:37:28 -------- d-----w- c:\documents and settings\--\local settings\application data\Google
2013-12-22 09:36:39 -------- d-----w- c:\documents and settings\--\local settings\application data\Adobe
2013-12-22 09:33:15 -------- d-----w- c:\documents and settings\--\application data\Malwarebytes
2013-12-22 09:33:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-12-22 09:33:06 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-22 09:33:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-22 09:29:18 528744 ----a-w- c:\windows\system32\OGAVerify.exe
2013-12-22 09:29:18 502120 ----a-w- c:\windows\system32\OGAAddin.dll
2013-12-22 09:27:45 -------- d-----w- c:\documents and settings\--\local settings\application data\Innovative Solutions
2013-12-22 09:26:03 -------- d-----w- c:\program files\XP Codec Pack
2013-12-22 09:25:32 -------- d-----w- c:\documents and settings\--\application data\WinRAR
2013-12-22 09:24:14 -------- d-----w- c:\program files\Jasc Software Inc
2013-12-22 09:23:52 -------- d-----w- c:\windows\Logs
2013-12-22 09:23:01 -------- d-sh--w- c:\documents and settings\--\PrivacIE
2013-12-22 09:22:58 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-12-22 09:22:55 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-22 09:21:35 -------- d-----w- c:\documents and settings\--\application data\Sun
2013-12-22 09:20:47 4083584 ----a-w- c:\windows\system32\nv4_disp.dll
2013-12-22 09:20:30 -------- d-----w- c:\program files\NVIDIA Corporation
2013-12-22 09:19:11 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2013-12-22 09:19:09 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2013-12-22 09:19:08 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2013-12-22 09:19:06 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2013-12-22 09:19:04 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2013-12-22 09:19:03 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2013-12-22 09:19:03 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2013-12-22 09:19:00 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2013-12-22 09:16:40 33792 ----a-w- c:\windows\system32\drivers\AmdPPM.sys
2013-12-22 09:16:30 -------- d-----w- c:\documents and settings\--\application data\InstallShield
2013-12-22 09:16:24 -------- d-----w- c:\program files\Marvell
2013-12-22 09:14:54 24064 ------w- c:\windows\system32\msxml3a.dll
2013-12-22 09:14:48 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2013-12-22 09:14:48 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2013-12-22 09:14:48 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2013-12-22 09:14:48 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2013-12-22 09:14:48 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2013-12-22 09:13:46 42496 ----a-w- c:\windows\system32\AdvUninstCPL.cpl
2013-12-22 09:13:45 -------- d-----w- c:\program files\Innovative Solutions
2013-12-22 09:11:12 31288 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2013-12-22 09:11:10 -------- d-----w- c:\program files\AMD
2013-12-22 09:10:20 -------- d-----w- c:\program files\ATI Technologies
2013-12-22 09:10:18 -------- d-----w- c:\program files\ATI
2013-12-22 09:08:15 -------- d-----w- c:\documents and settings\--\application data\Macromedia
2013-12-22 09:08:15 -------- d-----w- c:\documents and settings\--\application data\Adobe
2013-12-22 09:07:09 -------- d-----w- c:\program files\ASRock
2013-12-22 09:07:09 -------- d-----w- c:\documents and settings\--\local settings\application data\cFos
2013-12-22 09:06:59 -------- d-----w- c:\documents and settings\all users\application data\cFos
2013-12-22 09:06:42 -------- d-----w- c:\program files\ASRock Utility
2013-12-22 09:05:59 229928 ----a-w- c:\windows\system32\drivers\k57xp32.sys
2013-12-22 09:05:59 -------- d-----w- c:\program files\Broadcom
2013-12-22 09:04:51 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2013-12-22 09:03:43 -------- d-----w- c:\windows\system32\ReinstallBackups
2013-12-22 09:02:51 -------- d-----w- c:\program files\Etron Technology
2013-12-22 08:46:26 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2013-12-22 08:45:59 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2013-12-22 08:42:55 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-12-22 00:38:57 -------- d-----r- c:\documents and settings\all users\Documents
2013-12-22 00:31:36 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2013-12-22 00:31:17 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2013-12-22 00:31:10 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2013-12-22 00:31:00 74240 ----a-w- c:\windows\system32\usbui.dll
2013-12-22 00:29:59 8704 -c--a-w- c:\windows\system32\dllcache\batt.dll
.
==================== Find3M  ====================
.
2014-01-01 05:57:08 388000 ----a-w- c:\windows\system32\drivers\timntr.sys
2014-01-01 05:57:08 32288 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2014-01-01 05:57:07 99776 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-12-27 12:17:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-27 12:17:32 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-23 17:49:23 54272 ----a-w- c:\windows\system32\nvwddi.dll
2013-11-23 17:49:23 15711008 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-23 17:49:23 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2013-11-23 17:49:22 209184 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-23 17:49:22 144160 ----a-w- c:\windows\system32\nvcolor.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 16:53:23.20 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/22/2013 12:46:31 AM
System Uptime: 1/3/2014 4:38:49 PM (0 hours ago)
.
Motherboard: ASRock |  | 990FX Extreme4
Processor: AMD FX-8350 Eight-Core Processor            | CPUSocket | 4300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 83.701 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 93.608 GiB free.
G: is FIXED (NTFS) - 1397 GiB total, 870.465 GiB free.
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
7-Zip 4.32
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9
Advanced Uninstaller PRO - Version 11
Advanced Uninstaller PRO 9.6.0.40
AMD USB Filter Driver
ASRock eXtreme Tuner v0.1.98
Broadcom Gigabit NetLink Controller
Driver Genius Professional Edition
Etron USB3.0 Host Controller
Google Earth
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java 7 Update 45
marvell 91xx driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
NVIDIA Control Panel 331.93
NVIDIA Graphics Driver 331.93
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA nView 140.84
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
Opera Stable 18.0.1284.68
Paint Shop Pro 7
PerformanceTest v7.0
Ralink RT6x Wireless LAN Card
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Media Player (KB2803821-v2)
TechPowerUp GPU-Z
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Windows Media Format 11 runtime
Windows Media Player 11
Winrar 3.93
XFast LAN v6.61
.
==== Event Viewer Messages From Past Week ========
.
12/27/2013 8:35:28 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Update for Windows Media Player 11 for Windows XP (KB939683).
12/27/2013 8:35:28 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Update for Windows Media Format 11 SDK for Windows XP (KB929399).
12/27/2013 8:35:28 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP with Windows Media Format Runtime 9.5 and 11 (KB941569).
12/27/2013 8:35:28 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP Service Pack 3 (KB973540).
12/27/2013 8:35:28 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP Service Pack 3 (KB952069).
12/27/2013 8:35:28 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP (KB975558).
12/27/2013 8:35:28 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP (KB954154).
12/27/2013 8:35:28 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP (KB2378111).
12/27/2013 8:35:28 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP3 (KB978695).
12/27/2013 8:35:28 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 3 (KB954155).
12/27/2013 8:35:28 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows Media Format Runtime 11 for Windows XP (KB2834904).
12/27/2013 6:55:02 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/27/2013 6:53:01 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdPPM Fips
12/27/2013 6:30:34 AM, error: Service Control Manager [7034]  - The cFosSpeed System Service service terminated unexpectedly.  It has done this 1 time(s).
12/27/2013 5:57:48 AM, error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The system cannot find the path specified.
12/27/2013 1:32:53 PM, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\system32\wuaucpl.cpl.manifest. Reference error message: The operation completed successfully. .
12/27/2013 1:32:53 PM, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\system32\nwc.cpl.manifest. Reference error message: The operation completed successfully. .
12/27/2013 1:17:11 PM, error: AWEAlloc [52]  -
1/2/2014 9:48:36 PM, information: Windows File Protection [64002]  - File replacement was attempted on the protected system file c:\windows\system32\dbghelp.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/2/2014 10:14:10 PM, information: Windows File Protection [64002]  - File replacement was attempted on the protected system file c:\windows\pchealth\uploadlb\binaries\uploadm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/2/2014 10:14:10 PM, information: Windows File Protection [64002]  - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\pchsvc.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/2/2014 10:14:10 PM, information: Windows File Protection [64002]  - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\pchshell.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/2/2014 10:14:10 PM, information: Windows File Protection [64002]  - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\notiflag.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
1/2/2014 10:14:10 PM, information: Windows File Protection [64002]  - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\msinfo.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.0.1230.
1/2/2014 10:14:10 PM, information: Windows File Protection [64002]  - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\msconfig.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/2/2014 10:14:10 PM, information: Windows File Protection [64002]  - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\hscupd.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/2/2014 10:14:10 PM, information: Windows File Protection [64002]  - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\helphost.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
1/2/2014 10:14:10 PM, information: Windows File Protection [64002]  - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\helpctr.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
1/2/2014 10:14:10 PM, information: Windows File Protection [64002]  - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\brpinfo.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
.
==== End Of File ===========================
 

Link to post
Share on other sites

this one is not so long... :)

 

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/03/2014 07:23:35 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Documents and Settings\--\My Documents\Core Temp\x86\Core Temp.exe (PID: 1528) [uP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * System Restore Disabled

   [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   "DisableSR" = dword:00000001

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Disabled

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Disabled

 * System Restore Service (srservice) is not Running.
   Startup Type set to: Disabled

 * Automatic Updates (wuauserv) is not Running.
   Startup Type set to: Disabled

 * System Restore Filter Driver (sr) is not Running.
   Startup Type set to: Disabled

 * helpsvc [Missing Service]
 * ImapiService [Missing Service]
 * LanmanServer [Missing Service]
 * mnmsrvc [Missing Service]
 * SCardSvr [Missing Service]
 * Schedule [Missing Service]
 * SSDPSRV [Missing Service]
 * upnphost [Missing Service]
 * UPS [Missing Service]
 * wscsvc [Missing Service]
 * Srv [Missing Service]

 * HidServ [Missing ServiceDLL Value]

Searching for Missing Digital Signatures:

 * C:\WINDOWS\System32\sfcfiles.dll : 1,614,848 : 06/14/2013 03:51 AM : 362bc5af8eaf712832c58cc13ae05750 [NoSig]

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
   

Program finished at: 01/03/2014 07:23:47 PM
Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)

Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

still getting the popup box. here is combo fix log.. thx

ComboFix 14-01-04.03 - -- 01/04/2014   8:17.1.8 - x86
Running from: c:\documents and settings\--\Desktop\ComboFix.exe
 * Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\--\Application Data\QUAD Backups
c:\documents and settings\--\Application Data\QUAD Backups\10.11.2013,18-05-19\Automatic.reg
c:\documents and settings\--\WINDOWS
c:\windows\system\VB40032.DLL
c:\windows\system32\ctfmon.exe.exe
D:\install.exe
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-04 to 2014-01-04  )))))))))))))))))))))))))))))))
.
.
2013-12-22 00:30 . 2014-01-04 05:14 -------- d-----r- C:\Program Files
2013-12-22 00:29 . 2013-10-11 09:54 -------- d-----w- C:\Documents and Settings
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-04 00:47 . 2014-01-03 16:38 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 82944 ----a-w- c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 81664 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 77568 ----a-w- c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 66048 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 5376 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 49408 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 4352 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 4352 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 40840 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 388000 ----a-w- c:\windows\system32\drivers\timntr.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 384768 ----a-w- c:\windows\system32\drivers\update.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 32288 ----a-w- c:\windows\system32\drivers\tifsfilt.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 31288 ----a-w- c:\windows\system32\drivers\usbfilter.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 30464 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 29184 ----a-w- c:\windows\system32\drivers\usbccid.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 26368 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-04 00:47 . 2014-01-03 16:38 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 22024 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 20992 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 19072 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 14976 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 144128 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 99776 ----a-w- c:\windows\system32\drivers\snapman.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 73472 ----a-w- c:\windows\system32\drivers\sr.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 6272 ----a-w- c:\windows\system32\drivers\splitter.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 357888 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 14592 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 96384 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 80128 ----a-w- c:\windows\system32\drivers\parport.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 70272 ----a-w- c:\windows\system32\drivers\psched.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 68224 ----a-w- c:\windows\system32\drivers\pci.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 6784 ----a-w- c:\windows\system32\drivers\parvdm.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 64512 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 6345832 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 62848 ----a-w- c:\windows\system32\drivers\rspndr.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 61824 ----a-w- c:\windows\system32\drivers\ohci1394.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 5888 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 57600 ----a-w- c:\windows\system32\drivers\redbook.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 500096 ----a-w- c:\windows\system32\drivers\rt61.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 42752 ----a-w- c:\windows\system32\drivers\p3.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 35840 ----a-w- c:\windows\system32\drivers\processr.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 3456 ----a-w- c:\windows\system32\drivers\oprghdlr.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 34432 ----a-w- c:\windows\system32\drivers\rawwan.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 3328 ----a-w- c:\windows\system32\drivers\pciide.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 30592 ----a-w- c:\windows\system32\drivers\rndismp.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 203776 ----a-w- c:\windows\system32\drivers\RMCast.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 19712 ----a-w- c:\windows\system32\drivers\partmgr.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 195712 ----a-w- c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 17792 ----a-w- c:\windows\system32\drivers\ptilink.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 174848 ----a-w- c:\windows\system32\drivers\rdbss.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 16512 ----a-w- c:\windows\system32\drivers\raspti.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 15744 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 146048 ----a-w- c:\windows\system32\drivers\portcls.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 120192 ----a-w- c:\windows\system32\drivers\pcmcia.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 11392 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 10240 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 88320 ----a-w- c:\windows\system32\drivers\nwlnkipx.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 63232 ----a-w- c:\windows\system32\drivers\nwlnknb.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 55936 ----a-w- c:\windows\system32\drivers\nwlnkspx.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 32512 ----a-w- c:\windows\system32\drivers\nwlnkfwd.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 163584 ----a-w- c:\windows\system32\drivers\nwrdr.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 128672 ----a-w- c:\windows\system32\drivers\nvhda32.sys.bak
2014-01-04 00:47 . 2014-01-03 16:38 12416 ----a-w- c:\windows\system32\drivers\nwlnkflt.sys.bak
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-11-18 . 4C51D5275AE8A16999EDFE7E647D00DE . 576384 . . [5.1.2600.5712] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-11-18 . 4C51D5275AE8A16999EDFE7E647D00DE . 576384 . . [5.1.2600.5712] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2010-07-08 . 51E41F16ACD80B8B39C0AE703A213F09 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2010-07-08 . 51E41F16ACD80B8B39C0AE703A213F09 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2008-04-14 12:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-14 12:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
.
[-] 2009-12-23 . C519E15665CD89A91AD383FCE3CB556A . 110592 . . [5.1.2600.5922] . . c:\windows\system32\services.exe
[-] 2009-12-23 . C519E15665CD89A91AD383FCE3CB556A . 110592 . . [5.1.2600.5922] . . c:\windows\system32\dllcache\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
.
[-] 2009-04-02 . 53A8857723277B1D6D5EE60A9F85B117 . 509440 . . [5.1.2600.5788] . . c:\windows\system32\winlogon.exe
[-] 2009-04-02 . 53A8857723277B1D6D5EE60A9F85B117 . 509440 . . [5.1.2600.5788] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2013-06-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\22376\comctl32.dll
[-] 2013-06-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2012-10-03 . 6CBFEEB384F04681AF75F495AA48DD32 . 991744 . . [5.1.2600.6293] . . c:\windows\system32\kernel32.dll
[-] 2012-10-03 . 6CBFEEB384F04681AF75F495AA48DD32 . 991744 . . [5.1.2600.6293] . . c:\windows\system32\dllcache\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2013-10-29 . 680BD97BA5C817BCE79162496D51528D . 6020608 . . [8.00.6001.23543] . . c:\windows\SoftwareDistribution\Download\552be217d6abd48aa524ea7d9e7609e2\SP3QFE\mshtml.dll
[-] 2013-10-29 . 680BD97BA5C817BCE79162496D51528D . 6020608 . . [8.00.6001.23543] . . c:\windows\system32\mshtml.dll
[-] 2013-10-29 . 680BD97BA5C817BCE79162496D51528D . 6020608 . . [8.00.6001.23543] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2013-05-17 . 05CF1926E4E7B6D91D66BD5CD54FC1F0 . 6014976 . . [8.00.6001.23501] . . c:\windows\ie8updates\KB2898785-IE8\mshtml.dll
.
[-] 2013-06-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2008-10-29 . 06B8485FB1DA9A552B10AB978CD1AC85 . 343040 . . [7.0.2600.5701] . . c:\windows\system32\msvcrt.dll
[-] 2008-10-29 . 06B8485FB1DA9A552B10AB978CD1AC85 . 343040 . . [7.0.2600.5701] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2008-10-29 . A4C4A54FD7E31179CB5BDF7896DF3DF7 . 343040 . . [7.0.2600.5701] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5701_x-ww_40d12c25\msvcrt.dll
.
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
.
[-] 2008-04-17 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\netlogon.dll
[-] 2008-04-17 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2008-08-06 . E2B32B10ACC5D97623275AAFB67E5F03 . 249856 . . [5.1.2600.5654] . . c:\windows\system32\tapisrv.dll
[-] 2008-08-06 . E2B32B10ACC5D97623275AAFB67E5F03 . 249856 . . [5.1.2600.5654] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2013-10-29 . FBF173582874C30EC5FAF8F8A67D873E . 920064 . . [8.00.6001.23543] . . c:\windows\SoftwareDistribution\Download\552be217d6abd48aa524ea7d9e7609e2\SP3QFE\wininet.dll
[-] 2013-10-29 . FBF173582874C30EC5FAF8F8A67D873E . 920064 . . [8.00.6001.23543] . . c:\windows\system32\wininet.dll
[-] 2013-10-29 . FBF173582874C30EC5FAF8F8A67D873E . 920064 . . [8.00.6001.23543] . . c:\windows\system32\dllcache\wininet.dll
[-] 2013-05-07 . CE5BA470204A3176E60721C4B63B8DF3 . 920064 . . [8.00.6001.23499] . . c:\windows\ie8updates\KB2898785-IE8\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2008-07-03 . 2BB75B7F548D82A099125D0C5971DE7D . 1033728 . . [6.00.2900.5634] . . c:\windows\explorer.exe
[-] 2008-07-03 . 2BB75B7F548D82A099125D0C5971DE7D . 1033728 . . [6.00.2900.5634] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\SoftwareDistribution\Download\87a056c425c12d77e4b0efe9fe3acd91\SP3QFE\ole32.dll
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\ole32.dll
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\dllcache\ole32.dll
.
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\SoftwareDistribution\Download\efc6606d13b2657017eb0460e00e68ef\SP3QFE\usp10.dll
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\usp10.dll
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\dllcache\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
.
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msimg32.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
.
[-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\MSCTFIME.IME
[-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2013-06-14 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2009-05-18 . 5128852A18AE46C387F87BF27DA4C9DD . 296960 . . [5.1.2600.5815] . . c:\windows\system32\termsrv.dll
[-] 2009-05-18 . 5128852A18AE46C387F87BF27DA4C9DD . 296960 . . [5.1.2600.5815] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2008-04-28 . 0A878AA66E4DD3E2608192A1ECCD9F8F . 344064 . . [5.1.2600.5589] . . c:\windows\system32\hnetcfg.dll
[-] 2008-04-28 . 0A878AA66E4DD3E2608192A1ECCD9F8F . 344064 . . [5.1.2600.5589] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
.
[-] 2008-04-14 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-14 06:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\SoftwareDistribution\Download\c08b665da8c22012f43cbfaa106605b3\SP3QFE\ntkrnlpa.exe
[-] 2013-07-04 . 05F3DB567EAE368AE3BBD7E973490646 . 2028544 . . [5.1.2600.6419] . . c:\windows\system32\ntkrnlpa.exe
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntkrnlpa.exe
.
[-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-05-13 . D2CF91B2C710E9F666E60AFBF87643EE . 1689088 . . [5.03.2600.5601] . . c:\windows\system32\d3d9.dll
[-] 2008-05-13 . D2CF91B2C710E9F666E60AFBF87643EE . 1689088 . . [5.03.2600.5601] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
[-] 2013-07-04 . AFEE19399CF992A098309F7FDF87880A . 2149888 . . [5.1.2600.6419] . . c:\windows\system32\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\SoftwareDistribution\Download\c08b665da8c22012f43cbfaa106605b3\SP3QFE\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-07-04 . 9F8A0D0CBB2FA265A754516128C00E22 . 175616 . . [5.1.2600.5635] . . c:\windows\system32\w32time.dll
[-] 2008-07-04 . 9F8A0D0CBB2FA265A754516128C00E22 . 175616 . . [5.1.2600.5635] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wshtcpip.dll
.
c:\windows\System32\ctfmon.exe ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
c:\windows\System32\schedsvc.dll ... is missing !!
c:\windows\System32\ssdpsrv.dll ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\documents and settings\--\My Documents\Core Temp\x86\Core Temp.exe" [2009-08-05 378384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-20 1202560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-11-23 15711008]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2013-11-23 17:49 15711008 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2013-11-23 17:49 209184 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\tlntsvr.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-17 1691480]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-01-02 51416]
R3 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S3 ALSysIO;ALSysIO;c:\docume~1\--\LOCALS~1\Temp\ALSysIO.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 32384]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-09-11 71552]
S3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\DRIVERS\k57xp32.sys [2011-01-18 229928]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 31288]
.
.
.
------- Supplementary Scan -------
.

mStart Page = about:blank
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ASRockXTU - (no file)
HKLM-Run-Driver Genius - (no file)
MSConfigStartUp-ctfmon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-04 08:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
"ImagePath"="\??\"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-01-04  08:19:45
ComboFix-quarantined-files.txt  2014-01-04 16:19
.
Pre-Run: 90,244,235,264 bytes free
Post-Run: 90,313,961,472 bytes free
.
- - End Of File - - DABAA76D332D34800B85FCBE9F3DDBC5
8F558EB6672622401DA993E1E865C861
 

Link to post
Share on other sites

Where did you get this copy of Windows??

All these files aren't the normal Windows files that comes with XP and several are missing:

 

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

.

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

.

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

.

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

.

[-] 2008-11-18 . 4C51D5275AE8A16999EDFE7E647D00DE . 576384 . . [5.1.2600.5712] . . c:\windows\system32\dllcache\ntfs.sys

[-] 2008-11-18 . 4C51D5275AE8A16999EDFE7E647D00DE . 576384 . . [5.1.2600.5712] . . c:\windows\system32\drivers\ntfs.sys

.

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[-] 2010-07-08 . 51E41F16ACD80B8B39C0AE703A213F09 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2010-07-08 . 51E41F16ACD80B8B39C0AE703A213F09 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys

.

[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll

[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll

.

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe

.

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll

.

[-] 2008-04-14 12:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

[-] 2008-04-14 12:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll

.

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll

.

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

.

[-] 2009-12-23 . C519E15665CD89A91AD383FCE3CB556A . 110592 . . [5.1.2600.5922] . . c:\windows\system32\services.exe

[-] 2009-12-23 . C519E15665CD89A91AD383FCE3CB556A . 110592 . . [5.1.2600.5922] . . c:\windows\system32\dllcache\services.exe

.

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe

.

[-] 2009-04-02 . 53A8857723277B1D6D5EE60A9F85B117 . 509440 . . [5.1.2600.5788] . . c:\windows\system32\winlogon.exe

[-] 2009-04-02 . 53A8857723277B1D6D5EE60A9F85B117 . 509440 . . [5.1.2600.5788] . . c:\windows\system32\dllcache\winlogon.exe

.

[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys

[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys

.

[-] 2013-06-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\22376\comctl32.dll

[-] 2013-06-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

.

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll

.

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

.

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll

.

[-] 2012-10-03 . 6CBFEEB384F04681AF75F495AA48DD32 . 991744 . . [5.1.2600.6293] . . c:\windows\system32\kernel32.dll

[-] 2012-10-03 . 6CBFEEB384F04681AF75F495AA48DD32 . 991744 . . [5.1.2600.6293] . . c:\windows\system32\dllcache\kernel32.dll

.

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll

.

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll

.

[-] 2013-10-29 . 680BD97BA5C817BCE79162496D51528D . 6020608 . . [8.00.6001.23543] . . c:\windows\SoftwareDistribution\Download\552be217d6abd48aa524ea7d9e7609e2\SP3QFE\mshtml.dll

[-] 2013-10-29 . 680BD97BA5C817BCE79162496D51528D . 6020608 . . [8.00.6001.23543] . . c:\windows\system32\mshtml.dll

[-] 2013-10-29 . 680BD97BA5C817BCE79162496D51528D . 6020608 . . [8.00.6001.23543] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2013-05-17 . 05CF1926E4E7B6D91D66BD5CD54FC1F0 . 6014976 . . [8.00.6001.23501] . . c:\windows\ie8updates\KB2898785-IE8\mshtml.dll

.

[-] 2013-06-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2008-10-29 . 06B8485FB1DA9A552B10AB978CD1AC85 . 343040 . . [7.0.2600.5701] . . c:\windows\system32\msvcrt.dll

[-] 2008-10-29 . 06B8485FB1DA9A552B10AB978CD1AC85 . 343040 . . [7.0.2600.5701] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2008-10-29 . A4C4A54FD7E31179CB5BDF7896DF3DF7 . 343040 . . [7.0.2600.5701] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5701_x-ww_40d12c25\msvcrt.dll

.

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll

.

[-] 2008-04-17 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\netlogon.dll

[-] 2008-04-17 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\dllcache\netlogon.dll

.

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll

.

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll

.

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll

.

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe

.

[-] 2008-08-06 . E2B32B10ACC5D97623275AAFB67E5F03 . 249856 . . [5.1.2600.5654] . . c:\windows\system32\tapisrv.dll

[-] 2008-08-06 . E2B32B10ACC5D97623275AAFB67E5F03 . 249856 . . [5.1.2600.5654] . . c:\windows\system32\dllcache\tapisrv.dll

.

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

.

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

.

[-] 2013-10-29 . FBF173582874C30EC5FAF8F8A67D873E . 920064 . . [8.00.6001.23543] . . c:\windows\SoftwareDistribution\Download\552be217d6abd48aa524ea7d9e7609e2\SP3QFE\wininet.dll

[-] 2013-10-29 . FBF173582874C30EC5FAF8F8A67D873E . 920064 . . [8.00.6001.23543] . . c:\windows\system32\wininet.dll

[-] 2013-10-29 . FBF173582874C30EC5FAF8F8A67D873E . 920064 . . [8.00.6001.23543] . . c:\windows\system32\dllcache\wininet.dll

[-] 2013-05-07 . CE5BA470204A3176E60721C4B63B8DF3 . 920064 . . [8.00.6001.23499] . . c:\windows\ie8updates\KB2898785-IE8\wininet.dll

.

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll

.

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll

.

[-] 2008-07-03 . 2BB75B7F548D82A099125D0C5971DE7D . 1033728 . . [6.00.2900.5634] . . c:\windows\explorer.exe

[-] 2008-07-03 . 2BB75B7F548D82A099125D0C5971DE7D . 1033728 . . [6.00.2900.5634] . . c:\windows\system32\dllcache\explorer.exe

.

[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe

[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe

.

[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\SoftwareDistribution\Download\87a056c425c12d77e4b0efe9fe3acd91\SP3QFE\ole32.dll

[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\ole32.dll

[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\dllcache\ole32.dll

.

[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\SoftwareDistribution\Download\efc6606d13b2657017eb0460e00e68ef\SP3QFE\usp10.dll

[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\usp10.dll

[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\dllcache\usp10.dll

.

[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll

[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll

[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\ksuser.dll

[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\ksuser.dll

[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\ksuser.dll

[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\ksuser.dll

[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\ksuser.dll

.

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

.

[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll

[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll

.

[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll

[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msimg32.dll

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

.

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

.

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

.

[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll

[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll

.

[-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\MSCTFIME.IME

[-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime

.

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll

.

[-] 2013-06-14 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys

[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys

.

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

.

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

.

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

.

[-] 2009-05-18 . 5128852A18AE46C387F87BF27DA4C9DD . 296960 . . [5.1.2600.5815] . . c:\windows\system32\termsrv.dll

[-] 2009-05-18 . 5128852A18AE46C387F87BF27DA4C9DD . 296960 . . [5.1.2600.5815] . . c:\windows\system32\dllcache\termsrv.dll

.

[-] 2008-04-28 . 0A878AA66E4DD3E2608192A1ECCD9F8F . 344064 . . [5.1.2600.5589] . . c:\windows\system32\hnetcfg.dll

[-] 2008-04-28 . 0A878AA66E4DD3E2608192A1ECCD9F8F . 344064 . . [5.1.2600.5589] . . c:\windows\system32\dllcache\hnetcfg.dll

.

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll

.

[-] 2008-04-14 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[-] 2008-04-14 06:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

.

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

.

[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll

[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll

.

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll

.

[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll

.

[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\SoftwareDistribution\Download\c08b665da8c22012f43cbfaa106605b3\SP3QFE\ntkrnlpa.exe

[-] 2013-07-04 . 05F3DB567EAE368AE3BBD7E973490646 . 2028544 . . [5.1.2600.6419] . . c:\windows\system32\ntkrnlpa.exe

[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntkrnlpa.exe

.

[-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

[-] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

.

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll

.

[-] 2008-05-13 . D2CF91B2C710E9F666E60AFBF87643EE . 1689088 . . [5.03.2600.5601] . . c:\windows\system32\d3d9.dll

[-] 2008-05-13 . D2CF91B2C710E9F666E60AFBF87643EE . 1689088 . . [5.03.2600.5601] . . c:\windows\system32\dllcache\d3d9.dll

.

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll

.

[-] 2008-04-14 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

[-] 2008-04-14 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll

.

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll

.

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll

.

[-] 2013-07-04 . AFEE19399CF992A098309F7FDF87880A . 2149888 . . [5.1.2600.6419] . . c:\windows\system32\ntoskrnl.exe

[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\SoftwareDistribution\Download\c08b665da8c22012f43cbfaa106605b3\SP3QFE\ntoskrnl.exe

[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntoskrnl.exe

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

.

[-] 2008-07-04 . 9F8A0D0CBB2FA265A754516128C00E22 . 175616 . . [5.1.2600.5635] . . c:\windows\system32\w32time.dll

[-] 2008-07-04 . 9F8A0D0CBB2FA265A754516128C00E22 . 175616 . . [5.1.2600.5635] . . c:\windows\system32\dllcache\w32time.dll

.

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll

.

[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll

[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll

.

[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll

[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll

.

[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll

[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wshtcpip.dll

.

c:\windows\System32\ctfmon.exe ... is missing !!

c:\windows\System32\regsvc.dll ... is missing !!

c:\windows\System32\schedsvc.dll ... is missing !!

c:\windows\System32\ssdpsrv.dll ... is missing !!

c:\windows\system32\drivers\i8042prt.sys . . . is missing!!

-----------------------------------------------------------

Please do this:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

I got the windows copy retail but I installed a patch so I wouldn’t have to call India every time the clock changes for more than an hour,, to get a new serial number.. ridiculous..

That is not were I got the virus its been that way for ever. The pop ups just started.

I got the windows copy retail but I installed a patch so I wouldn’t have to call India every time the clock changes for more than an hour,, to get a new serial number.. ridiculous..

That is not were I got the virus its been that way for ever. The pop ups just started.

I get pop ups about 2 to 3 times a day. I will wait and see if I still get them.. thanks

 

Adwcleaner  log:

 

 

# AdwCleaner v3.016 - Report created 04/01/2014 at 12:38:12

# Updated 23/12/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : -- - AMD

# Running from : C:\Documents and Settings\--\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

Folder Deleted : C:\Program Files\driver-soft

Folder Deleted : C:\Documents and Settings\--\Application Data\thinstall

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FDBBC21-E399-4542-B4CE-86326E1F0727}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B878FD4-8F19-46DB-94B1-4CABFF80679C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BA495EF-6CD5-413A-8AEF-483631B98C4F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C71E394-2E6F-452A-AB7D-C17E78307083}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BADB1512-759C-4792-A18A-DD6BDC4E1991}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E54FBC83-9028-45AC-A5B9-D5DA828E59C2}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{633AA60B-C339-46C3-951F-047F9822C473}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9156C8F9-B397-4DEF-8AC5-5966221A134A}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}

Key Deleted : HKLM\Software\Driver-Soft

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

*************************

 

AdwCleaner[R0].txt - [1917 octets] - [04/01/2014 12:34:47]

AdwCleaner[s0].txt - [1878 octets] - [04/01/2014 12:38:12]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1938 octets] ##########

 

Malwarebytes log:

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.05.04

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

-- :: AMD [administrator]

 

Protection: Enabled

 

1/4/2014 2:21:52 PM

mbam-log-2014-01-04 (14-21-52).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 238547

Time elapsed: 5 minute(s), 22 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

Thank you!

 

Adwcleaner  log:

 

 

# AdwCleaner v3.016 - Report created 04/01/2014 at 12:38:12

# Updated 23/12/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : -- - AMD

# Running from : C:\Documents and Settings\--\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

Folder Deleted : C:\Program Files\driver-soft

Folder Deleted : C:\Documents and Settings\--\Application Data\thinstall

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FDBBC21-E399-4542-B4CE-86326E1F0727}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B878FD4-8F19-46DB-94B1-4CABFF80679C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BA495EF-6CD5-413A-8AEF-483631B98C4F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C71E394-2E6F-452A-AB7D-C17E78307083}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BADB1512-759C-4792-A18A-DD6BDC4E1991}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E54FBC83-9028-45AC-A5B9-D5DA828E59C2}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{633AA60B-C339-46C3-951F-047F9822C473}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9156C8F9-B397-4DEF-8AC5-5966221A134A}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}

Key Deleted : HKLM\Software\Driver-Soft

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

*************************

 

AdwCleaner[R0].txt - [1917 octets] - [04/01/2014 12:34:47]

AdwCleaner[s0].txt - [1878 octets] - [04/01/2014 12:38:12]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1938 octets] ##########

 

Malwarebytes log:

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.05.04

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

-- :: AMD [administrator]

 

Protection: Enabled

 

1/4/2014 2:21:52 PM

mbam-log-2014-01-04 (14-21-52).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 238547

Time elapsed: 5 minute(s), 22 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

Thank you!

Link to post
Share on other sites

Good.......

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.