infected computer need help

[sunstun]

i appreciate your help MrCharlie but can i ask 1 more question, my hard disk has alot of important info in it that i wouldn't let go so is there a way to delete this virus without reformatting? its okay for me to reinstall windows but reformatting is not.

[MrCharlie]

The link below explains how to automatically delete all the restore points except for the last one using disk cleanup:

http://forums.malwar...howtopic=116680

---------------------------------

After you delete all the restore points except for the last one........

Use this tool to disinfect the virus instead of the first one I mentioned:

http://free.avg.com/...ve-win32-sality

It may take some time to run, once it's finished, run it again.

MrC

[sunstun]

looks like i got a new problem now when i try to download that tool the download stops at 99% and doesnt finish no matter what browser or program i use to download it.

[MrCharlie]

Zipped up and attached.....MrC

[sunstun]

thanks, heres what i did i downloaded it ran the tool and it told me i need to reboot because the virus is active or something and after i rebooted i ran it again i got the same message but i had a log from it :

Virus Remover for Win32/Sality version 1.2.0.847

!SASCORE: C:\Program Files\SUPERAntiSpyware\SASCORE.EXE Can't open

-- EOF --

[MrCharlie]

Uninstall SUPERAntiSpyware, then try it again, MrC

[sunstun]

well, thats the problem i dont have superantispyware i uninstalled it yesterday and i went to C:\Program Files to make sure and didnt find it there too.

[MrCharlie]

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

[sunstun]

OTL.Txt :

OTL logfile created on: 15/06/2013 04:52:33 م - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C01 | Country: Egypt | Language: ARE | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.77% Memory free

3.84 Gb Paging File | 3.38 Gb Available in Paging File | 88.15% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 16.22 Gb Total Space | 8.65 Gb Free Space | 53.33% Space Free | Partition Type: NTFS

Drive D: | 87.90 Gb Total Space | 9.59 Gb Free Space | 10.91% Space Free | Partition Type: NTFS

Drive E: | 87.90 Gb Total Space | 49.98 Gb Free Space | 56.87% Space Free | Partition Type: NTFS

Drive F: | 87.45 Gb Total Space | 85.42 Gb Free Space | 97.68% Space Free | Partition Type: NTFS

Computer Name: NOUR | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/15 16:52:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2013/06/12 11:36:25 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2013/05/29 07:27:40 | 000,899,536 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2013/04/01 02:05:22 | 004,081,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2012/07/03 23:04:58 | 000,581,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2011/03/11 03:51:32 | 003,301,376 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe

PRC - [2010/05/25 17:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe

PRC - [2008/04/08 14:55:46 | 001,819,136 | ---- | M] () -- C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

PRC - [2007/09/03 03:58:52 | 000,569,344 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe

PRC - [2007/08/18 09:10:04 | 000,229,376 | ---- | M] () -- C:\Program Files\UberIcon\UberIcon Manager.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll

MOD - [2013/05/29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll

MOD - [2013/05/29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll

MOD - [2011/03/03 02:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2008/04/14 01:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/14 01:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2008/04/08 14:55:46 | 001,819,136 | ---- | M] () -- C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

MOD - [2008/04/08 13:29:34 | 000,133,632 | ---- | M] () -- C:\Program Files\Atomic Alarm Clock\Clock.dll

MOD - [2007/09/03 03:58:52 | 000,569,344 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe

MOD - [2007/09/03 03:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll

MOD - [2007/08/18 09:10:04 | 000,229,376 | ---- | M] () -- C:\Program Files\UberIcon\UberIcon Manager.exe

MOD - [2007/03/10 20:39:02 | 000,090,112 | ---- | M] () -- C:\Program Files\UberIcon\UberIcon.dll

MOD - [2006/02/06 06:53:12 | 000,053,248 | ---- | M] () -- C:\Program Files\UberIcon\Plugins\iBounce\fx.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\ersvc.dll -- (ERSvc)

SRV - [2013/06/15 08:50:52 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/06/13 15:37:00 | 000,190,872 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/06/12 11:36:25 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2013/04/24 17:47:22 | 000,246,888 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jhsvf.sys -- (amsint32)

DRV - [2013/04/05 13:32:40 | 000,114,608 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)

DRV - [2008/01/26 16:46:22 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)

DRV - [2007/08/30 11:34:50 | 000,167,552 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\vidstub.sys -- (BootScreen)

DRV - [2005/03/18 06:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3 [2013/06/15 15:57:41 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3 [2013/06/15 15:57:41 | 000,000,000 | ---D | M]

[2013/06/13 02:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2013/06/12 11:38:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions

[2013/06/13 15:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013/06/13 15:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

[2013/06/13 15:37:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U13 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

CHR - Extension: IDM Integration = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.12.2_0\

CHR - Extension: Web Navigation = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\

CHR - Extension: Web Navigation = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\.bak

CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/06/15 15:57:34 | 000,000,133 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 205.199.44.156 registeridm.com

O1 - Hosts: 205.199.44.16 registeridm.com

O1 - Hosts: 127.0.0.1 www.internetdownloadmanager.com

O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKU\.DEFAULT..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe ()

O4 - HKU\S-1-5-18..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe ()

O4 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)

O4 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()

O4 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe ()

O4 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500..\Run: [uberIcon] C:\Program Files\UberIcon\UberIcon Manager.exe ()

O4 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAFFBFA3-938F-4908-85B7-7A99363956E1}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl ()

O20 - Winlogon\Notify\WBSrv: DllName - (C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll) - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock)

O24 - Desktop WallPaper: C:\Documents and Settings\All Users\Local Settings\Application Data\Microsoft\Wall.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\All Users\Local Settings\Application Data\Microsoft\Wall.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2013/06/12 11:32:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/15 16:52:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2013/06/15 09:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe

[2013/06/15 00:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\rkill

[2013/06/15 00:12:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2013/06/15 00:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.soulsplit2

[2013/06/14 20:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GOM Player

[2013/06/14 20:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GRETECH

[2013/06/14 14:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol

[2013/06/14 08:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype

[2013/06/14 08:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2013/06/14 08:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2013/06/14 08:00:52 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2013/06/14 08:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype

[2013/06/14 07:00:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013/06/14 02:46:31 | 005,159,045 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[2013/06/14 01:49:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom

[2013/06/14 01:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\xerox

[2013/06/14 01:49:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst

[2013/06/14 01:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\speechengines

[2013/06/14 01:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\outlook express

[2013/06/14 01:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone

[2013/06/14 01:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage

[2013/06/14 01:44:28 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013/06/14 01:40:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013/06/14 01:40:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013/06/14 01:40:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013/06/14 01:40:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013/06/14 01:40:29 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/06/14 01:40:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013/06/14 01:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Recent

[2013/06/14 01:28:04 | 000,000,000 | ---D | C] -- C:\Temp

[2013/06/14 01:28:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2013/06/14 01:28:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache

[2013/06/14 01:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

[2013/06/14 00:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine

[2013/06/13 23:36:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools

[2013/06/13 23:10:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2013/06/13 16:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\JoWooD

[2013/06/13 15:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013/06/13 14:55:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2013/06/13 02:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla

[2013/06/12 12:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\Intel

[2013/06/12 12:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom

[2013/06/12 12:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Dell

[2013/06/12 12:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield

[2013/06/12 11:47:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups

[2013/06/12 11:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices

[2013/06/12 11:46:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE

[2013/06/12 11:44:58 | 000,000,000 | ---D | C] -- C:\Drivers

[2013/06/12 11:44:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache

[2013/06/12 11:44:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft

[2013/06/12 11:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR

[2013/06/12 11:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun

[2013/06/12 11:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla

[2013/06/12 11:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\7ZipSfx.001

[2013/06/12 11:44:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo

[2013/06/12 11:44:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data

[2013/06/12 11:44:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup

[2013/06/12 11:44:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu

[2013/06/12 11:44:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents

[2013/06/12 11:44:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites

[2013/06/12 11:44:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories

[2013/06/12 11:44:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates

[2013/06/12 11:44:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood

[2013/06/12 11:44:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood

[2013/06/12 11:44:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings

[2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Zuma Deluxe RA

[2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Zbshareware Lab

[2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR

[2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinCustomize

[2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\RarSFX2

[2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\RarSFX0

[2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft

[2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Download Manager

[2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google

[2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\games

[2013/06/12 11:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop

[2013/06/12 11:44:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution

[2013/06/12 11:44:16 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2013/06/12 11:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2013/06/12 11:44:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2013/06/12 11:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2013/06/12 11:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2013/06/12 11:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla

[2013/06/12 11:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock

[2013/06/12 11:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

[2013/06/12 11:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2013/06/12 11:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WindowBlinds

[2013/06/12 11:39:17 | 000,036,864 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbsys.dll

[2013/06/12 11:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings

[2013/06/12 11:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock

[2013/06/12 11:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USB Disk Security

[2013/06/12 11:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\USB Disk Security

[2013/06/12 11:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab

[2013/06/12 11:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\UberIcon

[2013/06/12 11:37:45 | 000,679,936 | ---- | C] (Steve Murphy Software) -- C:\WINDOWS\System32\AWC_SS.scr

[2013/06/12 11:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AWC

[2013/06/12 11:37:43 | 002,805,760 | ---- | C] (FreeImage) -- C:\WINDOWS\System32\FreeImage.dll

[2013/06/12 11:37:43 | 000,167,936 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\WINDOWS\System32\ccrpftv6.ocx

[2013/06/12 11:37:43 | 000,098,304 | ---- | C] (Jeremy Adams, CCRP) -- C:\WINDOWS\System32\ccrpUCW6.dll

[2013/06/12 11:37:43 | 000,098,304 | ---- | C] (CCRP) -- C:\WINDOWS\System32\ccrpDtp6.ocx

[2013/06/12 11:37:43 | 000,090,112 | ---- | C] (http://www.mvps.org/vb) -- C:\WINDOWS\System32\ccrpTmr6.dll

[2013/06/12 11:37:43 | 000,086,016 | ---- | C] (CCRP / ECX Programming) -- C:\WINDOWS\System32\ccrpudn6.ocx

[2013/06/12 11:37:43 | 000,077,824 | ---- | C] (ECX Programming / CCRP) -- C:\WINDOWS\System32\ccrphky6.ocx

[2013/06/12 11:37:43 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll

[2013/06/12 11:37:43 | 000,040,960 | ---- | C] (The Lillypad) -- C:\WINDOWS\System32\DLLDesktop.dll

[2013/06/12 11:37:43 | 000,036,864 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\AlphaImageCreator.dll

[2013/06/12 11:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\AWC

[2013/06/12 11:37:32 | 000,327,680 | ---- | C] (Marafiq) -- C:\WINDOWS\System32\ALLAH_NAMES.SCR

[2013/06/12 11:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager

[2013/06/12 11:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2013/06/12 11:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2013/06/12 11:36:31 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft

[2013/06/12 11:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2013/06/12 11:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Clean Windows MZM 2011 By Magdy Zahyan

[2013/06/12 11:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Clean Windows MZM 2011

[2013/06/12 11:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Atomic Alarm Clock By MMZahyan

[2013/06/12 11:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Atomic Alarm Clock

[2013/06/12 11:35:48 | 000,356,352 | ---- | C] (Shooltzware Enterprises) -- C:\WINDOWS\System32\ROZEEETTA.SCR

[2013/06/12 11:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2013/06/12 11:35:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR

[2013/06/12 11:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer

[2013/06/12 11:34:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall

[2013/06/12 11:34:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$

[2013/06/12 11:34:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2013/06/12 11:34:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Offline Web Pages

[2013/06/12 11:33:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2013/06/12 11:32:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM

[2013/06/12 11:32:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures

[2013/06/12 11:31:55 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate

[2013/06/12 11:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services

[2013/06/12 11:31:34 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks

[2013/06/12 11:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap

[2013/06/12 11:31:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed

[2013/06/12 11:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker

[2013/06/12 11:30:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore

[2013/06/12 11:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting

[2013/06/12 11:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System

[2013/06/12 11:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared

[2013/06/12 11:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer

[2013/06/12 11:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RocketDock

[2013/06/12 11:30:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games

[2013/06/12 11:29:59 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications

[2013/06/12 11:29:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration

[2013/06/12 11:29:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools

[2013/06/12 11:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock

[2013/06/12 11:29:15 | 000,000,000 | ---D | C] -- C:\Program Files\ViGlance

[2013/06/12 11:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2

[2013/06/12 11:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player

[2013/06/12 11:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger

[2013/06/12 11:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT

[2013/06/12 11:28:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US

[2013/06/12 11:28:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc

[2013/06/12 11:28:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com

[2013/06/12 11:28:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos

[2013/06/12 11:28:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories

[2013/06/12 07:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2013/06/12 07:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2013/06/12 07:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2013/06/12 07:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GOG.com

[2013/06/12 07:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com

[2013/06/12 07:39:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies

[2013/06/12 02:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia

[2013/06/12 01:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe

[2013/06/12 01:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH

[2013/06/12 00:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2013/06/12 00:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2013/06/11 23:24:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music

[2013/06/11 23:24:13 | 000,000,000 | R--D | C] -- C:\Program Files

[2013/06/11 23:24:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer

[2013/06/11 23:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC

[2013/06/11 23:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files

[2013/06/11 23:23:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup

[2013/06/11 23:23:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu

[2013/06/11 23:23:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents

[2013/06/11 23:23:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates

[2013/06/11 23:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites

[2013/06/11 23:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop

[2013/06/11 23:23:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2

[2013/06/11 23:23:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot

[2013/06/11 23:23:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2013/06/11 23:23:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data

[2013/06/11 23:22:59 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2013/06/11 23:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings

[2013/06/11 23:19:08 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts

[2013/06/11 23:19:08 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web

[2013/06/11 23:19:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\system

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\security

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHealth

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\java

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028

[2013/06/11 23:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

[2013/06/11 22:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack

[2013/06/11 22:54:17 | 003,649,536 | ---- | C] (x264vfw project) -- C:\WINDOWS\System32\x264vfw.dll

[2013/06/11 22:54:16 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm

[2013/06/11 22:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

[2013/06/11 22:53:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos

[2013/06/11 22:45:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE

[2013/06/11 22:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IDM

[2013/06/11 22:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IDM

[2013/06/11 22:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads

[2013/06/11 22:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DMCache

[2013/06/11 22:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager

[2013/06/11 22:36:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy

[2013/06/11 22:27:11 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe

[2013/06/11 22:27:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar

[2013/06/11 22:27:10 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information

[2013/06/11 21:55:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun

[2013/06/11 21:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ViGlance

[2013/06/11 21:49:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures

[2013/06/11 21:49:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music

[2013/06/11 21:49:45 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/15 16:52:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2013/06/15 16:21:36 | 000,000,826 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/06/15 16:21:35 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\AtomicAlarmClock.ini

[2013/06/15 16:21:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/06/15 16:16:39 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/06/15 16:14:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/06/15 16:02:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/06/15 15:57:34 | 000,000,133 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/06/15 15:41:08 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2013/06/15 12:24:47 | 000,137,205 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2.jpg

[2013/06/15 07:28:11 | 000,004,642 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\error.JPG

[2013/06/15 01:43:36 | 004,391,878 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MrCharlie.rar

[2013/06/14 20:57:47 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk

[2013/06/14 20:57:47 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk

[2013/06/14 20:53:48 | 000,000,634 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol

[2013/06/14 15:54:07 | 000,022,720 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\kari 4524.jpg

[2013/06/14 13:52:47 | 000,003,097 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1.JPG

[2013/06/14 02:45:58 | 005,159,045 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[2013/06/14 01:44:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2013/06/12 23:20:57 | 000,001,843 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/06/12 23:20:57 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk

[2013/06/12 12:26:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2013/06/12 11:44:12 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD

[2013/06/12 11:44:01 | 000,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/06/12 11:41:36 | 000,001,119 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2013/06/12 11:41:10 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2013/06/12 11:38:06 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Web Navigation.lnk

[2013/06/12 11:38:06 | 000,000,065 | ---- | M] () -- C:\prefs.js

[2013/06/12 11:37:45 | 000,000,580 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AWC.lnk

[2013/06/12 11:35:56 | 000,002,052 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Clean Windows MZM 2011 .lnk

[2013/06/12 11:35:53 | 000,000,518 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\alarms.ini

[2013/06/12 11:32:51 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2013/06/12 11:32:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2013/06/12 11:32:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2013/06/12 11:32:51 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2013/06/12 11:32:51 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2013/06/12 11:32:45 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2013/06/12 11:32:45 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2013/06/12 11:32:43 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2013/06/12 11:32:41 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI

[2013/06/12 11:30:07 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat

[2013/06/12 11:27:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2013/06/12 07:52:33 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Unreal Tournament GOTY.lnk

[2013/06/11 23:24:17 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF

[2013/06/11 23:23:19 | 000,000,822 | ---- | M] () -- C:\WINDOWS\langorig.ini

[2013/06/11 22:53:12 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2013/06/11 22:30:53 | 000,311,912 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/06/11 22:30:53 | 000,040,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/06/11 21:49:54 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/15 12:09:25 | 000,137,205 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2.jpg

[2013/06/15 08:50:53 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/06/15 07:28:11 | 000,004,642 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\error.JPG

[2013/06/15 01:43:32 | 004,391,878 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MrCharlie.rar

[2013/06/14 20:57:47 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk

[2013/06/14 20:57:47 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk

[2013/06/14 15:54:06 | 000,022,720 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\kari 4524.jpg

[2013/06/14 13:52:47 | 000,003,097 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1.JPG

[2013/06/14 08:00:54 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2013/06/14 01:44:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2013/06/14 01:44:29 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2013/06/14 01:40:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013/06/14 01:40:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013/06/14 01:40:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013/06/14 01:40:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013/06/14 01:40:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013/06/12 12:26:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2013/06/12 11:44:38 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\AtomicAlarmClock.ini

[2013/06/12 11:44:38 | 000,000,580 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AWC.lnk

[2013/06/12 11:44:38 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\alarms.ini

[2013/06/12 11:44:37 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk

[2013/06/12 11:44:37 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk

[2013/06/12 11:44:12 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD

[2013/06/12 11:41:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2013/06/12 11:41:10 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2013/06/12 11:41:10 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2013/06/12 11:40:38 | 000,167,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys

[2013/06/12 11:40:31 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk

[2013/06/12 11:40:16 | 000,000,826 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/06/12 11:39:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll

[2013/06/12 11:39:17 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\CHOICE.COM

[2013/06/12 11:38:06 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Web Navigation.lnk

[2013/06/12 11:38:06 | 000,000,065 | ---- | C] () -- C:\prefs.js

[2013/06/12 11:37:45 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\ndspoem.rst

[2013/06/12 11:35:56 | 000,002,052 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Clean Windows MZM 2011 .lnk

[2013/06/12 11:34:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2013/06/12 11:32:51 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT

[2013/06/12 11:32:51 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2013/06/12 11:32:51 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2013/06/12 11:32:51 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS

[2013/06/12 11:32:51 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT

[2013/06/12 11:32:45 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb

[2013/06/12 11:32:45 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb

[2013/06/12 11:32:43 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx

[2013/06/12 11:31:54 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk

[2013/06/12 11:30:09 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk

[2013/06/12 11:30:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2013/06/12 11:29:02 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h

[2013/06/12 11:29:02 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd

[2013/06/12 11:29:01 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h

[2013/06/12 11:28:54 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc

[2013/06/12 07:53:44 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk

[2013/06/12 07:52:33 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Unreal Tournament GOTY.lnk

[2013/06/12 04:57:41 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/06/11 23:24:17 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF

[2013/06/11 23:24:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2013/06/11 23:24:09 | 000,000,697 | ---- | C] () -- C:\WINDOWS\System32\noise.Tha

[2013/06/11 23:23:55 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT

[2013/06/11 23:22:58 | 000,151,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/06/11 23:22:05 | 000,000,327 | RHS- | C] () -- C:\boot.ini

[2013/06/11 23:22:02 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

[2013/06/11 22:54:17 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2013/06/11 22:54:17 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2013/06/11 22:54:17 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll

[2013/06/11 22:54:16 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2013/06/11 22:54:13 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2013/06/11 22:53:12 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2013/06/11 22:37:23 | 000,000,634 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol

[2013/06/11 22:33:35 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/06/11 22:31:12 | 000,000,822 | ---- | C] () -- C:\WINDOWS\langorig.ini

[2013/06/11 21:49:54 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/06/11 21:49:54 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2013/02/20 03:33:52 | 002,817,536 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/11/06 00:46:02 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/28 05:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\%USERNAME%\Application Data\Zbshareware Lab

[2013/06/11 22:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DMCache

[2013/06/15 15:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IDM

[2013/06/11 21:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ViGlance

[2013/06/14 14:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol

[2013/06/12 11:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zbshareware Lab

[2013/06/11 22:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IDM

[2012/07/21 15:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab

[2013/06/12 11:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Zbshareware Lab

========== Purity Check ==========

< End of report >

Extras.Txt :

OTL Extras logfile created on: 15/06/2013 04:52:33 م - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C01 | Country: Egypt | Language: ARE | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.77% Memory free

3.84 Gb Paging File | 3.38 Gb Available in Paging File | 88.15% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 16.22 Gb Total Space | 8.65 Gb Free Space | 53.33% Space Free | Partition Type: NTFS

Drive D: | 87.90 Gb Total Space | 9.59 Gb Free Space | 10.91% Space Free | Partition Type: NTFS

Drive E: | 87.90 Gb Total Space | 49.98 Gb Free Space | 56.87% Space Free | Partition Type: NTFS

Drive F: | 87.45 Gb Total Space | 85.42 Gb Free Space | 97.68% Space Free | Partition Type: NTFS

Computer Name: NOUR | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"ANTIVIRUSDISABLENOTIFY" = 1

"FIREWALLDISABLENOTIFY" = 1

"UPDATESDISABLENOTIFY" = 1

"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"FirewallOverride" = 1

"UpdatesDisableNotify" = 1

"UacDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\WINDOWS\system32\cmd.exe" = C:\WINDOWS\system32\cmd.exe:*:Enabled:ipsec -- (Microsoft Corporation)

"C:\Program Files\UberIcon\UberIcon Manager.exe" = C:\Program Files\UberIcon\UberIcon Manager.exe:*:Enabled:ipsec -- ()

"C:\Program Files\Stardock\Object Desktop\WindowBlinds\screen.exe" = C:\Program Files\Stardock\Object Desktop\WindowBlinds\screen.exe:*:Enabled:ipsec -- ()

"C:\WINDOWS\system32\igfxtray.exe" = C:\WINDOWS\system32\igfxtray.exe:*:Enabled:ipsec -- (Intel Corporation)

"C:\Program Files\USB Disk Security\USBGuard.exe" = C:\Program Files\USB Disk Security\USBGuard.exe:*:Enabled:ipsec -- (Zbshareware Lab)

"C:\Program Files\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Enabled:ipsec -- (Sun Microsystems, Inc.)

"C:\Program Files\Internet Download Manager\IDMan.exe" = C:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:ipsec -- (Tonec Inc.)

"C:\Program Files\Google\Update\GoogleUpdate.exe" = C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec -- (Google Inc.)

"C:\Program Files\ViGlance\ViGlance.exe" = C:\Program Files\ViGlance\ViGlance.exe:*:Enabled:ipsec -- (Lee-Soft.com, Lee Matthew Chantrey)

"C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe" = C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe:*:Enabled:ipsec -- (Google Inc.)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec -- (Mozilla Corporation)

"C:\WINDOWS\system32\wuauclt.exe" = C:\WINDOWS\system32\wuauclt.exe:*:Enabled:ipsec -- (Microsoft Corporation)

"C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe:*:Enabled:ipsec -- ()

"C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" = C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe:*:Enabled:ipsec -- ()

"C:\Program Files\Common Files\Java\Java Update\jusched.exe" = C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Enabled:ipsec -- (Sun Microsystems, Inc.)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:ipsec -- (Google Inc.)

"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)

"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" = C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated)

"C:\Program Files\Skype\Updater\Updater.exe" = C:\Program Files\Skype\Updater\Updater.exe:*:Enabled:ipsec -- (Skype Technologies)

"C:\Program Files\RocketDock\RocketDock.exe" = C:\Program Files\RocketDock\RocketDock.exe:*:Enabled:ipsec -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13

"{31C569B1-70E9-4A3F-87F2-D1EA85C892A7}" = KMPlayer 3.0.0.1441

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9

"{B6562C2A-4599-46CF-A853-F10AC23A6CEC}" = Atomic Alarm Clock By MMZahyan

"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller

"{D3C72C05-7549-4679-90A3-6DF0FEF437EC}" = Clean Windows MZM 2011 By Magdy Zahyan

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F2A0E1AA-3126-36FF-81E8-15E4A295AEBC}" = Google Chrome

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"BootSkin" = BootSkin

"FlatOut_is1" = FlatOut

"GOM Player" = GOM Player

"ie8" = Windows Internet Explorer 8

"Internet Download Manager" = Internet Download Manager

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.9.0

"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"RocketDock_is1" = RocketDock 1.3.5

"Steve Murphy's Automatic Wallpaper Changer_is1" = AWC V4.10

"Unreal Tournament – Game of the Year Edition_is1" = Unreal Tournament – Game of the Year Edition

"USB Disk Security_is1" = USB Disk Security

"WinRAR archiver" = WinRAR 4.00 (32-bit)

========== Last 20 Event Log Errors ==========

[ System Events ]

Error - 14/06/2013 08:23:35 ص | Computer Name = NOUR | Source = Service Control Manager | ID = 7000

Description = The helpsvc service failed to start due to the following error: %%2

Error - 14/06/2013 01:43:30 م | Computer Name = NOUR | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 14/06/2013 07:53:40 م | Computer Name = NOUR | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 15/06/2013 01:27:06 ص | Computer Name = NOUR | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 15/06/2013 06:11:04 ص | Computer Name = NOUR | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 15/06/2013 06:11:08 ص | Computer Name = NOUR | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 15/06/2013 07:34:52 ص | Computer Name = NOUR | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 15/06/2013 10:14:52 ص | Computer Name = NOUR | Source = Service Control Manager | ID = 7000

Description = The helpsvc service failed to start due to the following error: %%2

Error - 15/06/2013 10:16:51 ص | Computer Name = NOUR | Source = Service Control Manager | ID = 7000

Description = The helpsvc service failed to start due to the following error: %%2

Error - 15/06/2013 10:21:43 ص | Computer Name = NOUR | Source = Service Control Manager | ID = 7000

Description = The helpsvc service failed to start due to the following error: %%2

< End of report >

[MrCharlie]

I don't see any SAS in the logs....do this anyway:

Please do this:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

:OTL

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

Files:

C:\Program Files\SUPERAntiSpyware

:Commands

[EMPTYJAVA]

[emptytemp]

[EMPTYFLASH]

[*]Then click the Run Fix button at the top

[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"

[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

----------------------------

Try it again, if you get the same results........

Download, unzip and run SalityKiller:

http://forums.malwar...ndpost&p=691303

Let me know......MrC

[sunstun]

i did as you told me and ran the fix, had to reboot after i did i got a log as you said but then i ran salitykiller and i got the same results as earlier, anyways heres the log from OTL :

All processes killed

========== OTL ==========

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.

Registry value HKEY_USERS\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: %USERNAME%

User: Administrator

User: All Users

User: Default User

User: GENTLE_MAN

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: %USERNAME%

User: Administrator

->Temp folder emptied: 2703623 bytes

->Temporary Internet Files folder emptied: 30983480 bytes

->FireFox cache emptied: 40258750 bytes

->Google Chrome cache emptied: 261463162 bytes

->Flash cache emptied: 1223 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: GENTLE_MAN

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2402044 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 17611544 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 339.00 mb

[EMPTYFLASH]

User: %USERNAME%

User: Administrator

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: GENTLE_MAN

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06152013_232731

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[sunstun]

i really appreciate your help MrCharlie even if i dont get this virus deleted you did your best to help me thanks so much, i asked a friend of me about this virus and he told me the only way to delete it is to delete all .exe files on my memory and then make a new windows because the virus can hide in any .exe file, what do you think?

[MrCharlie]

I don't understand...

I gave you 2 tools that will work on the virus, did you run them both??

What happened??

MrC

[sunstun]

i did this step as you told me "Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

:OTL

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\S-1-5-21-1060284298-1292428093-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

Files:

C:\Program Files\SUPERAntiSpyware

:Commands

[EMPTYJAVA]

[emptytemp]

[EMPTYFLASH]

[*]Then click the Run Fix button at the top"

and i gave you the results log above then i ran the tool u attached to a comment earlier and i got the same results as i told you before, this :

Virus Remover for Win32/Sality version 1.2.0.847

!SASCORE: C:\Program Files\SUPERAntiSpyware\SASCORE.EXE Can't open

-- EOF --Virus Remover for Win32/Sality version 1.2.0.847

[MrCharlie]

Run OTL again, I messed up on the code:

Please do this:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

:Files

C:\Program Files\SUPERAntiSpyware

[*]Then click the Run Fix button at the top

[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"

[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

[sunstun]

heres the log :

========== FILES ==========

File\Folder C:\Program Files\SUPERAntiSpyware not found.

OTL by OldTimer - Version 3.2.69.0 log created on 06162013_005553

[MrCharlie]

File\Folder C:\Program Files\SUPERAntiSpyware not found.

Ok that folder is not on the system.

Now did you try both of the tools??

If so, what happened?? MrC

[sunstun]

Sorry for the late answer i was running sanitykiller u attached earlier and it kept running for hours but guess what! it cured all exe files in my memory and the virus is gone! that task manager is back and everything is okay i think but is there a way to make sure the pc is clean now. Thanks so much for the help MrCharlie i would come and thank u especially in real life if i could you're a great man

[sunstun]

salitykiller **

[MrCharlie]

That's Good News

The last one I did at home the scan took 20 hours but it fixed it.

Download and run Norton Power Eraser:

http://security.syma...m/nbrt/npe.aspx

User Guide:

http://www.symantec....=spe-user-guide

--------------------------------------------------------------------------------

Then run ComboFix again:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[sunstun]

Anyways, now that i made sure my pc is fine i just wanted to say Thank you again MrC and Thank you Melwarebytes you're a great company

[MrCharlie]

Did you see my instructions here:

http://forums.malwarebytes.org/index.php?showtopic=127713&view=findpost&p=691857

MrC

[sunstun]

yes i did and i just reinstalled windows and the pc is back to normal again no more virus's thanks to you dont worry you can consider your job done.

[MrCharlie]

You reinstalled windows????

MrC

[sunstun]

yes i did.