Jump to content

sunstun

Honorary Members
 View Profile  See their activity

  • Posts

    28

  • Joined

  • Last visited

 Content Type 

Everything posted by sunstun

  1. sunstun
    no you got it the wrong way i reinstalled windows after you helped me delete the virus so no you didnt waste your time and by reinstalling windows you only format C partition not all your memory so even if i reinstalled windows before i delete the virus then the virus would still be there.
  2. sunstun
    yes i did.
  3. sunstun
    yes i did and i just reinstalled windows and the pc is back to normal again no more virus's thanks to you dont worry you can consider your job done.
  4. sunstun
    Anyways, now that i made sure my pc is fine i just wanted to say Thank you again MrC and Thank you Melwarebytes you're a great company
  5. sunstun
    salitykiller **
  6. sunstun
    Sorry for the late answer i was running sanitykiller u attached earlier and it kept running for hours but guess what! it cured all exe files in my memory and the virus is gone! that task manager is back and everything is okay i think but is there a way to make sure the pc is clean now. Thanks so much for the help MrCharlie i would come and thank u especially in real life if i could you're a great man
  7. sunstun
    heres the log : ========== FILES ========== File\Folder C:\Program Files\SUPERAntiSpyware not found. OTL by OldTimer - Version 3.2.69.0 log created on 06162013_005553
  8. sunstun
    i did this step as you told me "Run OTL [*]Under the Custom Scans/Fixes box at the bottom, paste in bold: :OTL O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 Files: C:\Program Files\SUPERAntiSpyware :Commands [EMPTYJAVA] [emptytemp] [EMPTYFLASH] [*]Then click the Run Fix button at the top" and i gave you the results log above then i ran the tool u attached to a comment earlier and i got the same results as i told you before, this : Virus Remover for Win32/Sality version 1.2.0.847 !SASCORE: C:\Program Files\SUPERAntiSpyware\SASCORE.EXE Can't open -- EOF --Virus Remover for Win32/Sality version 1.2.0.847
  9. sunstun
    i really appreciate your help MrCharlie even if i dont get this virus deleted you did your best to help me thanks so much, i asked a friend of me about this virus and he told me the only way to delete it is to delete all .exe files on my memory and then make a new windows because the virus can hide in any .exe file, what do you think?
  10. sunstun
    i did as you told me and ran the fix, had to reboot after i did i got a log as you said but then i ran salitykiller and i got the same results as earlier, anyways heres the log from OTL : All processes killed ========== OTL ========== Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found. Registry value HKEY_USERS\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully. Registry value HKEY_USERS\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: %USERNAME% User: Administrator User: All Users User: Default User User: GENTLE_MAN User: LocalService User: NetworkService Total Java Files Cleaned = 0.00 mb [EMPTYTEMP] User: %USERNAME% User: Administrator ->Temp folder emptied: 2703623 bytes ->Temporary Internet Files folder emptied: 30983480 bytes ->FireFox cache emptied: 40258750 bytes ->Google Chrome cache emptied: 261463162 bytes ->Flash cache emptied: 1223 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: GENTLE_MAN User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2402044 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 17611544 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 339.00 mb [EMPTYFLASH] User: %USERNAME% User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default User User: GENTLE_MAN User: LocalService User: NetworkService Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06152013_232731 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  11. sunstun
    OTL.Txt : OTL logfile created on: 15/06/2013 04:52:33 م - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C01 | Country: Egypt | Language: ARE | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.77% Memory free 3.84 Gb Paging File | 3.38 Gb Available in Paging File | 88.15% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 16.22 Gb Total Space | 8.65 Gb Free Space | 53.33% Space Free | Partition Type: NTFS Drive D: | 87.90 Gb Total Space | 9.59 Gb Free Space | 10.91% Space Free | Partition Type: NTFS Drive E: | 87.90 Gb Total Space | 49.98 Gb Free Space | 56.87% Space Free | Partition Type: NTFS Drive F: | 87.45 Gb Total Space | 85.42 Gb Free Space | 97.68% Space Free | Partition Type: NTFS Computer Name: NOUR | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/15 16:52:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2013/06/12 11:36:25 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013/05/29 07:27:40 | 000,899,536 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2013/04/01 02:05:22 | 004,081,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2012/07/03 23:04:58 | 000,581,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2011/03/11 03:51:32 | 003,301,376 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe PRC - [2010/05/25 17:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe PRC - [2008/04/08 14:55:46 | 001,819,136 | ---- | M] () -- C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe PRC - [2007/09/03 03:58:52 | 000,569,344 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe PRC - [2007/08/18 09:10:04 | 000,229,376 | ---- | M] () -- C:\Program Files\UberIcon\UberIcon Manager.exe ========== Modules (No Company Name) ========== MOD - [2013/05/29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll MOD - [2013/05/29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll MOD - [2013/05/29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll MOD - [2011/03/03 02:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2008/04/14 01:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008/04/14 01:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2008/04/08 14:55:46 | 001,819,136 | ---- | M] () -- C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe MOD - [2008/04/08 13:29:34 | 000,133,632 | ---- | M] () -- C:\Program Files\Atomic Alarm Clock\Clock.dll MOD - [2007/09/03 03:58:52 | 000,569,344 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe MOD - [2007/09/03 03:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll MOD - [2007/08/18 09:10:04 | 000,229,376 | ---- | M] () -- C:\Program Files\UberIcon\UberIcon Manager.exe MOD - [2007/03/10 20:39:02 | 000,090,112 | ---- | M] () -- C:\Program Files\UberIcon\UberIcon.dll MOD - [2006/02/06 06:53:12 | 000,053,248 | ---- | M] () -- C:\Program Files\UberIcon\Plugins\iBounce\fx.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\ersvc.dll -- (ERSvc) SRV - [2013/06/15 08:50:52 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/13 15:37:00 | 000,190,872 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/06/12 11:36:25 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013/04/24 17:47:22 | 000,246,888 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jhsvf.sys -- (amsint32) DRV - [2013/04/05 13:32:40 | 000,114,608 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI) DRV - [2008/01/26 16:46:22 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt) DRV - [2007/08/30 11:34:50 | 000,167,552 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\vidstub.sys -- (BootScreen) DRV - [2005/03/18 06:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3 [2013/06/15 15:57:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3 [2013/06/15 15:57:41 | 000,000,000 | ---D | M] [2013/06/13 02:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2013/06/12 11:38:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions [2013/06/13 15:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/06/13 15:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/06/13 15:37:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U13 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - Extension: IDM Integration = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.12.2_0\ CHR - Extension: Web Navigation = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\ CHR - Extension: Web Navigation = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\.bak CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/06/15 15:57:34 | 000,000,133 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 205.199.44.156 registeridm.com O1 - Hosts: 205.199.44.16 registeridm.com O1 - Hosts: 127.0.0.1 www.internetdownloadmanager.com O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKU\.DEFAULT..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe () O4 - HKU\S-1-5-18..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe () O4 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.) O4 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe () O4 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500..\Run: [uberIcon] C:\Program Files\UberIcon\UberIcon Manager.exe () O4 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm () O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm () O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAFFBFA3-938F-4908-85B7-7A99363956E1}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl () O20 - Winlogon\Notify\WBSrv: DllName - (C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll) - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock) O24 - Desktop WallPaper: C:\Documents and Settings\All Users\Local Settings\Application Data\Microsoft\Wall.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\All Users\Local Settings\Application Data\Microsoft\Wall.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013/06/12 11:32:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/06/15 16:52:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2013/06/15 09:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe [2013/06/15 00:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\rkill [2013/06/15 00:12:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2013/06/15 00:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.soulsplit2 [2013/06/14 20:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GOM Player [2013/06/14 20:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GRETECH [2013/06/14 14:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol [2013/06/14 08:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype [2013/06/14 08:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype [2013/06/14 08:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013/06/14 08:00:52 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2013/06/14 08:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype [2013/06/14 07:00:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/06/14 02:46:31 | 005,159,045 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2013/06/14 01:49:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom [2013/06/14 01:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\xerox [2013/06/14 01:49:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst [2013/06/14 01:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\speechengines [2013/06/14 01:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\outlook express [2013/06/14 01:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone [2013/06/14 01:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage [2013/06/14 01:44:28 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013/06/14 01:40:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013/06/14 01:40:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013/06/14 01:40:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013/06/14 01:40:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013/06/14 01:40:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/06/14 01:40:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013/06/14 01:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Recent [2013/06/14 01:28:04 | 000,000,000 | ---D | C] -- C:\Temp [2013/06/14 01:28:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2013/06/14 01:28:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache [2013/06/14 01:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) [2013/06/14 00:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine [2013/06/13 23:36:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools [2013/06/13 23:10:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2013/06/13 16:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\JoWooD [2013/06/13 15:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/06/13 14:55:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2013/06/13 02:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla [2013/06/12 12:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013/06/12 12:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom [2013/06/12 12:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Dell [2013/06/12 12:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2013/06/12 11:47:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2013/06/12 11:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices [2013/06/12 11:46:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2013/06/12 11:44:58 | 000,000,000 | ---D | C] -- C:\Drivers [2013/06/12 11:44:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache [2013/06/12 11:44:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft [2013/06/12 11:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR [2013/06/12 11:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun [2013/06/12 11:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla [2013/06/12 11:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\7ZipSfx.001 [2013/06/12 11:44:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo [2013/06/12 11:44:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data [2013/06/12 11:44:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup [2013/06/12 11:44:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu [2013/06/12 11:44:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents [2013/06/12 11:44:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites [2013/06/12 11:44:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories [2013/06/12 11:44:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates [2013/06/12 11:44:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood [2013/06/12 11:44:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood [2013/06/12 11:44:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings [2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Zuma Deluxe RA [2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Zbshareware Lab [2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR [2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinCustomize [2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\RarSFX2 [2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\RarSFX0 [2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft [2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Download Manager [2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google [2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\games [2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop [2013/06/12 11:44:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2013/06/12 11:44:16 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2013/06/12 11:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2013/06/12 11:44:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2013/06/12 11:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2013/06/12 11:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013/06/12 11:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2013/06/12 11:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock [2013/06/12 11:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome [2013/06/12 11:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013/06/12 11:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WindowBlinds [2013/06/12 11:39:17 | 000,036,864 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbsys.dll [2013/06/12 11:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings [2013/06/12 11:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock [2013/06/12 11:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USB Disk Security [2013/06/12 11:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\USB Disk Security [2013/06/12 11:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab [2013/06/12 11:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\UberIcon [2013/06/12 11:37:45 | 000,679,936 | ---- | C] (Steve Murphy Software) -- C:\WINDOWS\System32\AWC_SS.scr [2013/06/12 11:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AWC [2013/06/12 11:37:43 | 002,805,760 | ---- | C] (FreeImage) -- C:\WINDOWS\System32\FreeImage.dll [2013/06/12 11:37:43 | 000,167,936 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\WINDOWS\System32\ccrpftv6.ocx [2013/06/12 11:37:43 | 000,098,304 | ---- | C] (Jeremy Adams, CCRP) -- C:\WINDOWS\System32\ccrpUCW6.dll [2013/06/12 11:37:43 | 000,098,304 | ---- | C] (CCRP) -- C:\WINDOWS\System32\ccrpDtp6.ocx [2013/06/12 11:37:43 | 000,090,112 | ---- | C] (http://www.mvps.org/vb) -- C:\WINDOWS\System32\ccrpTmr6.dll [2013/06/12 11:37:43 | 000,086,016 | ---- | C] (CCRP / ECX Programming) -- C:\WINDOWS\System32\ccrpudn6.ocx [2013/06/12 11:37:43 | 000,077,824 | ---- | C] (ECX Programming / CCRP) -- C:\WINDOWS\System32\ccrphky6.ocx [2013/06/12 11:37:43 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll [2013/06/12 11:37:43 | 000,040,960 | ---- | C] (The Lillypad) -- C:\WINDOWS\System32\DLLDesktop.dll [2013/06/12 11:37:43 | 000,036,864 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\AlphaImageCreator.dll [2013/06/12 11:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\AWC [2013/06/12 11:37:32 | 000,327,680 | ---- | C] (Marafiq) -- C:\WINDOWS\System32\ALLAH_NAMES.SCR [2013/06/12 11:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager [2013/06/12 11:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2013/06/12 11:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/06/12 11:36:31 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft [2013/06/12 11:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013/06/12 11:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Clean Windows MZM 2011 By Magdy Zahyan [2013/06/12 11:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Clean Windows MZM 2011 [2013/06/12 11:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Atomic Alarm Clock By MMZahyan [2013/06/12 11:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Atomic Alarm Clock [2013/06/12 11:35:48 | 000,356,352 | ---- | C] (Shooltzware Enterprises) -- C:\WINDOWS\System32\ROZEEETTA.SCR [2013/06/12 11:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013/06/12 11:35:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR [2013/06/12 11:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer [2013/06/12 11:34:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2013/06/12 11:34:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2013/06/12 11:34:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2013/06/12 11:34:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Offline Web Pages [2013/06/12 11:33:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2013/06/12 11:32:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM [2013/06/12 11:32:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures [2013/06/12 11:31:55 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate [2013/06/12 11:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services [2013/06/12 11:31:34 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks [2013/06/12 11:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap [2013/06/12 11:31:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed [2013/06/12 11:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker [2013/06/12 11:30:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore [2013/06/12 11:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting [2013/06/12 11:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System [2013/06/12 11:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared [2013/06/12 11:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer [2013/06/12 11:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RocketDock [2013/06/12 11:30:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games [2013/06/12 11:29:59 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications [2013/06/12 11:29:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration [2013/06/12 11:29:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools [2013/06/12 11:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock [2013/06/12 11:29:15 | 000,000,000 | ---D | C] -- C:\Program Files\ViGlance [2013/06/12 11:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2 [2013/06/12 11:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player [2013/06/12 11:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger [2013/06/12 11:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT [2013/06/12 11:28:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2013/06/12 11:28:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc [2013/06/12 11:28:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com [2013/06/12 11:28:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos [2013/06/12 11:28:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories [2013/06/12 07:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe [2013/06/12 07:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013/06/12 07:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013/06/12 07:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GOG.com [2013/06/12 07:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com [2013/06/12 07:39:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies [2013/06/12 02:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia [2013/06/12 01:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe [2013/06/12 01:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH [2013/06/12 00:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2013/06/12 00:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2013/06/11 23:24:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music [2013/06/11 23:24:13 | 000,000,000 | R--D | C] -- C:\Program Files [2013/06/11 23:24:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer [2013/06/11 23:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC [2013/06/11 23:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files [2013/06/11 23:23:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup [2013/06/11 23:23:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu [2013/06/11 23:23:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents [2013/06/11 23:23:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates [2013/06/11 23:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites [2013/06/11 23:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop [2013/06/11 23:23:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2013/06/11 23:23:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot [2013/06/11 23:23:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2013/06/11 23:23:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data [2013/06/11 23:22:59 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013/06/11 23:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings [2013/06/11 23:19:08 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts [2013/06/11 23:19:08 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web [2013/06/11 23:19:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32 [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32 [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\system [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\security [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHealth [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\java [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076 [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052 [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054 [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042 [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041 [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037 [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033 [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031 [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028 [2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025 [2013/06/11 22:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack [2013/06/11 22:54:17 | 003,649,536 | ---- | C] (x264vfw project) -- C:\WINDOWS\System32\x264vfw.dll [2013/06/11 22:54:16 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2013/06/11 22:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2013/06/11 22:53:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos [2013/06/11 22:45:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE [2013/06/11 22:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IDM [2013/06/11 22:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IDM [2013/06/11 22:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads [2013/06/11 22:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DMCache [2013/06/11 22:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager [2013/06/11 22:36:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy [2013/06/11 22:27:11 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe [2013/06/11 22:27:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar [2013/06/11 22:27:10 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2013/06/11 21:55:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun [2013/06/11 21:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ViGlance [2013/06/11 21:49:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures [2013/06/11 21:49:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music [2013/06/11 21:49:45 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/06/15 16:52:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2013/06/15 16:21:36 | 000,000,826 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/06/15 16:21:35 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\AtomicAlarmClock.ini [2013/06/15 16:21:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/06/15 16:16:39 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/06/15 16:14:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/06/15 16:02:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/06/15 15:57:34 | 000,000,133 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013/06/15 15:41:08 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2013/06/15 12:24:47 | 000,137,205 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2.jpg [2013/06/15 07:28:11 | 000,004,642 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\error.JPG [2013/06/15 01:43:36 | 004,391,878 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MrCharlie.rar [2013/06/14 20:57:47 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk [2013/06/14 20:57:47 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk [2013/06/14 20:53:48 | 000,000,634 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol [2013/06/14 15:54:07 | 000,022,720 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\kari 4524.jpg [2013/06/14 13:52:47 | 000,003,097 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1.JPG [2013/06/14 02:45:58 | 005,159,045 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2013/06/14 01:44:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013/06/12 23:20:57 | 000,001,843 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/06/12 23:20:57 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk [2013/06/12 12:26:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/06/12 11:44:12 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2013/06/12 11:44:01 | 000,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/06/12 11:41:36 | 000,001,119 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2013/06/12 11:41:10 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2013/06/12 11:38:06 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Web Navigation.lnk [2013/06/12 11:38:06 | 000,000,065 | ---- | M] () -- C:\prefs.js [2013/06/12 11:37:45 | 000,000,580 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AWC.lnk [2013/06/12 11:35:56 | 000,002,052 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Clean Windows MZM 2011 .lnk [2013/06/12 11:35:53 | 000,000,518 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\alarms.ini [2013/06/12 11:32:51 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2013/06/12 11:32:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2013/06/12 11:32:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2013/06/12 11:32:51 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2013/06/12 11:32:51 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2013/06/12 11:32:45 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2013/06/12 11:32:45 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2013/06/12 11:32:43 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2013/06/12 11:32:41 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2013/06/12 11:30:07 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2013/06/12 11:27:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2013/06/12 07:52:33 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Unreal Tournament GOTY.lnk [2013/06/11 23:24:17 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF [2013/06/11 23:23:19 | 000,000,822 | ---- | M] () -- C:\WINDOWS\langorig.ini [2013/06/11 22:53:12 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2013/06/11 22:30:53 | 000,311,912 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/06/11 22:30:53 | 000,040,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/06/11 21:49:54 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/06/15 12:09:25 | 000,137,205 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2.jpg [2013/06/15 08:50:53 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/06/15 07:28:11 | 000,004,642 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\error.JPG [2013/06/15 01:43:32 | 004,391,878 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MrCharlie.rar [2013/06/14 20:57:47 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk [2013/06/14 20:57:47 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk [2013/06/14 15:54:06 | 000,022,720 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\kari 4524.jpg [2013/06/14 13:52:47 | 000,003,097 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1.JPG [2013/06/14 08:00:54 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2013/06/14 01:44:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013/06/14 01:44:29 | 000,260,272 | RHS- | C] () -- C:\cmldr [2013/06/14 01:40:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013/06/14 01:40:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013/06/14 01:40:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013/06/14 01:40:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013/06/14 01:40:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013/06/12 12:26:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/06/12 11:44:38 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\AtomicAlarmClock.ini [2013/06/12 11:44:38 | 000,000,580 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AWC.lnk [2013/06/12 11:44:38 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\alarms.ini [2013/06/12 11:44:37 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk [2013/06/12 11:44:37 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk [2013/06/12 11:44:12 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD [2013/06/12 11:41:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2013/06/12 11:41:10 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2013/06/12 11:41:10 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2013/06/12 11:40:38 | 000,167,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys [2013/06/12 11:40:31 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk [2013/06/12 11:40:16 | 000,000,826 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/06/12 11:39:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll [2013/06/12 11:39:17 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\CHOICE.COM [2013/06/12 11:38:06 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Web Navigation.lnk [2013/06/12 11:38:06 | 000,000,065 | ---- | C] () -- C:\prefs.js [2013/06/12 11:37:45 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\ndspoem.rst [2013/06/12 11:35:56 | 000,002,052 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Clean Windows MZM 2011 .lnk [2013/06/12 11:34:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2013/06/12 11:32:51 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT [2013/06/12 11:32:51 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2013/06/12 11:32:51 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2013/06/12 11:32:51 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS [2013/06/12 11:32:51 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT [2013/06/12 11:32:45 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb [2013/06/12 11:32:45 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb [2013/06/12 11:32:43 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx [2013/06/12 11:31:54 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk [2013/06/12 11:30:09 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk [2013/06/12 11:30:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2013/06/12 11:29:02 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h [2013/06/12 11:29:02 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd [2013/06/12 11:29:01 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h [2013/06/12 11:28:54 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc [2013/06/12 07:53:44 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk [2013/06/12 07:52:33 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Unreal Tournament GOTY.lnk [2013/06/12 04:57:41 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/06/11 23:24:17 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF [2013/06/11 23:24:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2013/06/11 23:24:09 | 000,000,697 | ---- | C] () -- C:\WINDOWS\System32\noise.Tha [2013/06/11 23:23:55 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2013/06/11 23:22:58 | 000,151,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/06/11 23:22:05 | 000,000,327 | RHS- | C] () -- C:\boot.ini [2013/06/11 23:22:02 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf [2013/06/11 22:54:17 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2013/06/11 22:54:17 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2013/06/11 22:54:17 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll [2013/06/11 22:54:16 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2013/06/11 22:54:13 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2013/06/11 22:53:12 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2013/06/11 22:37:23 | 000,000,634 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol [2013/06/11 22:33:35 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/06/11 22:31:12 | 000,000,822 | ---- | C] () -- C:\WINDOWS\langorig.ini [2013/06/11 21:49:54 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/06/11 21:49:54 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2013/02/20 03:33:52 | 002,817,536 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/11/06 00:46:02 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/12/28 05:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\%USERNAME%\Application Data\Zbshareware Lab [2013/06/11 22:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DMCache [2013/06/15 15:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IDM [2013/06/11 21:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ViGlance [2013/06/14 14:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol [2013/06/12 11:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zbshareware Lab [2013/06/11 22:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IDM [2012/07/21 15:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab [2013/06/12 11:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Zbshareware Lab ========== Purity Check ========== < End of report > Extras.Txt : OTL Extras logfile created on: 15/06/2013 04:52:33 م - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C01 | Country: Egypt | Language: ARE | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.77% Memory free 3.84 Gb Paging File | 3.38 Gb Available in Paging File | 88.15% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 16.22 Gb Total Space | 8.65 Gb Free Space | 53.33% Space Free | Partition Type: NTFS Drive D: | 87.90 Gb Total Space | 9.59 Gb Free Space | 10.91% Space Free | Partition Type: NTFS Drive E: | 87.90 Gb Total Space | 49.98 Gb Free Space | 56.87% Space Free | Partition Type: NTFS Drive F: | 87.45 Gb Total Space | 85.42 Gb Free Space | 97.68% Space Free | Partition Type: NTFS Computer Name: NOUR | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "ANTIVIRUSDISABLENOTIFY" = 1 "FIREWALLDISABLENOTIFY" = 1 "UPDATESDISABLENOTIFY" = 1 "UacDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 1 "UacDisableNotify" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\WINDOWS\system32\cmd.exe" = C:\WINDOWS\system32\cmd.exe:*:Enabled:ipsec -- (Microsoft Corporation) "C:\Program Files\UberIcon\UberIcon Manager.exe" = C:\Program Files\UberIcon\UberIcon Manager.exe:*:Enabled:ipsec -- () "C:\Program Files\Stardock\Object Desktop\WindowBlinds\screen.exe" = C:\Program Files\Stardock\Object Desktop\WindowBlinds\screen.exe:*:Enabled:ipsec -- () "C:\WINDOWS\system32\igfxtray.exe" = C:\WINDOWS\system32\igfxtray.exe:*:Enabled:ipsec -- (Intel Corporation) "C:\Program Files\USB Disk Security\USBGuard.exe" = C:\Program Files\USB Disk Security\USBGuard.exe:*:Enabled:ipsec -- (Zbshareware Lab) "C:\Program Files\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Enabled:ipsec -- (Sun Microsystems, Inc.) "C:\Program Files\Internet Download Manager\IDMan.exe" = C:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:ipsec -- (Tonec Inc.) "C:\Program Files\Google\Update\GoogleUpdate.exe" = C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec -- (Google Inc.) "C:\Program Files\ViGlance\ViGlance.exe" = C:\Program Files\ViGlance\ViGlance.exe:*:Enabled:ipsec -- (Lee-Soft.com, Lee Matthew Chantrey) "C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe" = C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe:*:Enabled:ipsec -- (Google Inc.) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec -- (Mozilla Corporation) "C:\WINDOWS\system32\wuauclt.exe" = C:\WINDOWS\system32\wuauclt.exe:*:Enabled:ipsec -- (Microsoft Corporation) "C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe:*:Enabled:ipsec -- () "C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" = C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe:*:Enabled:ipsec -- () "C:\Program Files\Common Files\Java\Java Update\jusched.exe" = C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Enabled:ipsec -- (Sun Microsystems, Inc.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:ipsec -- (Google Inc.) "C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation) "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" = C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated) "C:\Program Files\Skype\Updater\Updater.exe" = C:\Program Files\Skype\Updater\Updater.exe:*:Enabled:ipsec -- (Skype Technologies) "C:\Program Files\RocketDock\RocketDock.exe" = C:\Program Files\RocketDock\RocketDock.exe:*:Enabled:ipsec -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13 "{31C569B1-70E9-4A3F-87F2-D1EA85C892A7}" = KMPlayer 3.0.0.1441 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5 "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{B6562C2A-4599-46CF-A853-F10AC23A6CEC}" = Atomic Alarm Clock By MMZahyan "{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller "{D3C72C05-7549-4679-90A3-6DF0FEF437EC}" = Clean Windows MZM 2011 By Magdy Zahyan "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F2A0E1AA-3126-36FF-81E8-15E4A295AEBC}" = Google Chrome "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "BootSkin" = BootSkin "FlatOut_is1" = FlatOut "GOM Player" = GOM Player "ie8" = Windows Internet Explorer 8 "Internet Download Manager" = Internet Download Manager "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.9.0 "Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "RocketDock_is1" = RocketDock 1.3.5 "Steve Murphy's Automatic Wallpaper Changer_is1" = AWC V4.10 "Unreal Tournament – Game of the Year Edition_is1" = Unreal Tournament – Game of the Year Edition "USB Disk Security_is1" = USB Disk Security "WinRAR archiver" = WinRAR 4.00 (32-bit) ========== Last 20 Event Log Errors ========== [ System Events ] Error - 14/06/2013 08:23:35 ص | Computer Name = NOUR | Source = Service Control Manager | ID = 7000 Description = The helpsvc service failed to start due to the following error: %%2 Error - 14/06/2013 01:43:30 م | Computer Name = NOUR | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 14/06/2013 07:53:40 م | Computer Name = NOUR | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 15/06/2013 01:27:06 ص | Computer Name = NOUR | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 15/06/2013 06:11:04 ص | Computer Name = NOUR | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 15/06/2013 06:11:08 ص | Computer Name = NOUR | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 15/06/2013 07:34:52 ص | Computer Name = NOUR | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 15/06/2013 10:14:52 ص | Computer Name = NOUR | Source = Service Control Manager | ID = 7000 Description = The helpsvc service failed to start due to the following error: %%2 Error - 15/06/2013 10:16:51 ص | Computer Name = NOUR | Source = Service Control Manager | ID = 7000 Description = The helpsvc service failed to start due to the following error: %%2 Error - 15/06/2013 10:21:43 ص | Computer Name = NOUR | Source = Service Control Manager | ID = 7000 Description = The helpsvc service failed to start due to the following error: %%2 < End of report >
  12. sunstun
    well, thats the problem i dont have superantispyware i uninstalled it yesterday and i went to C:\Program Files to make sure and didnt find it there too.
  13. sunstun
    thanks, heres what i did i downloaded it ran the tool and it told me i need to reboot because the virus is active or something and after i rebooted i ran it again i got the same message but i had a log from it : Virus Remover for Win32/Sality version 1.2.0.847 !SASCORE: C:\Program Files\SUPERAntiSpyware\SASCORE.EXE Can't open -- EOF --
  14. sunstun
    looks like i got a new problem now when i try to download that tool the download stops at 99% and doesnt finish no matter what browser or program i use to download it.
  15. sunstun
    i appreciate your help MrCharlie but can i ask 1 more question, my hard disk has alot of important info in it that i wouldn't let go so is there a way to delete this virus without reformatting? its okay for me to reinstall windows but reformatting is not.
  16. sunstun
    when i try to open sound volume information i get this error :
  17. sunstun
    here we go
  18. sunstun
    i have no idea whats the problem but virustotal doesn't load for me i've been trying but no it's not working for me
  19. sunstun
    Rkill.txt : Rkill 2.5.3 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 06/15/2013 12:31:25 AM in x86 mode. Windows Version: Microsoft Windows XP Service Pack 3 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Program Files\Google\Chrome\Application\chrome.exe (PID: 71848) [FI] * C:\WINDOWS\system32\NOTEPAD.EXE (PID: 72136) [WD-HEUR] * C:\Program Files\Google\Chrome\Application\chrome.exe (PID: 73772) [FI] * C:\Program Files\Google\Chrome\Application\chrome.exe (PID: 74280) [FI] * C:\Program Files\Google\Chrome\Application\chrome.exe (PID: 71956) [FI] 5 proccesses terminated! Possibly Patched Files. * C:\WINDOWS\Explorer.EXE Checking Registry for malware related settings: * System Policy Removed: DisableRegistryTools [HKCU] * System Policy Removed: DisableTaskMgr [HKCU] Backup Registry file created at: C:\Documents and Settings\Administrator\Desktop\rkill\rkill-06-15-2013-12-31-29.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * helpsvc [Missing Parameters Key] * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [incorrect ImagePath] Searching for Missing Digital Signatures: * C:\WINDOWS\System32\comres.dll [NoSig] * C:\WINDOWS\System32\mspmsnsv.dll [NoSig] * C:\WINDOWS\System32\ntkrnlpa.exe [NoSig] * C:\WINDOWS\System32\ntoskrnl.exe [NoSig] * C:\WINDOWS\System32\setupapi.dll [NoSig] * C:\WINDOWS\System32\UxTheme.dll [NoSig] * C:\WINDOWS\explorer.exe [NoSig] Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 06/15/2013 12:31:58 AM Execution time: 0 hours(s), 0 minute(s), and 33 seconds(s)
  20. sunstun
    heres the log : RogueKiller V8.6.0 [Jun 14 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP Started in : Normal mode User : Administrator [Admin rights] Mode : Scan -- Date : 06/14/2013 22:03:12 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [HJ POL] HKCU\[...]\System : DisableTaskMgr (1) -> FOUND [HJ POL] HKCU\[...]\System : DisableRegistryTools (1) -> FOUND [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ SECU] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND [HJ SECU] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND [HJ SECU] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3000JS-63PDB1 +++++ --- User --- [MBR] cce7a2b34dd8f5f3c06c29487319f05e [bSP] c1acf2cf9aca12daa470f9bd116d2a26 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 16606 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 34009605 | Size: 269559 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_06142013_220312.txt >>
  21. sunstun
    everything, nothing's changed the virus remains task manager disabled, registry disabled and exe files keep gettin ruined again and again.
  22. sunstun
    to be honest i don't feel any change. checkup.txt : Results of screen317's Security Check version 0.99.64 Windows XP Service Pack 3 x86 (UAC is disabled!) ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 13 Java version out of Date! Adobe Flash Player 11.4.402.265 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (21.0) Google Chrome 22.0.1229.79 Google Chrome 27.0.1453.110 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 6% ````````````````````End of Log``````````````````````
  23. sunstun
    the logs : AdwCleanerR2.txt AdwCleanerS2.txt
  24. sunstun
    ComboFix.txt : ComboFix.txt
  25. sunstun
    there we go ComboFix.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.