Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected with win32.sality virus [Closed]


  • This topic is locked This topic is locked

#1
evillymind

evillymind

    New Member

  • Member
  • Pip
  • 3 posts
Dear friend as explained in topic title my computer is infected by win32/sality virus.I have tried formating my PC also. I am posting log from combofix will also post log from OLT soon. Please help.

ComboFix 12-08-29.03 - Lovey 30/08/2012 8:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.484 [GMT 5.5:30]
Running from: c:\documents and settings\Lovey\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\explorer.exe.local
c:\windows\kdcoms.dll
c:\windows\system32\system.exe
c:\windows\userinit.exe
D:\install.exe
D:\wlslao.pif
E:\nyfi.pif
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AIC32P
-------\Service_aic32p
-------\Service_amsint32
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\WinRAR.4.11.x32.en.tano1221.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Documents and Settings\\Lovey\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"d:\\Pazera_Video_Converters_Suite\\Pazera_Free_MP4_to_AVI_Converter\\mp4toavi.exe"=
"d:\\Pazera_Video_Converters_Suite\\Video_Converters.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28/04/2010 08:17 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/06/2010 09:27 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [24/06/2010 09:27 810144]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/08/2012 01:02 250568]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys --> c:\windows\system32\DRIVERS\klim5.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 19:32]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1078081533-1417001333-1003Core.job
- c:\documents and settings\Lovey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-29 16:11]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1078081533-1417001333-1003UA.job
- c:\documents and settings\Lovey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-29 16:11]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-30 08:07
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2572)
c:\windows\system32\browselc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-08-30 08:09:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-30 02:38
.
Pre-Run: 20,541,587,456 bytes free
Post-Run: 20,571,242,496 bytes free
.
- - End Of File - - 7AF3D525B8DE1F6EDCC4873FAFD2D9EE
  • 0

Advertisements


#2
evillymind

evillymind

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
From OTL Log

OTL logfile created on: 30/08/2012 08:28:33 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Lovey\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.23 Mb Total Physical Memory | 683.22 Mb Available Physical Memory | 67.36% Memory free
2.38 Gb Paging File | 2.16 Gb Available in Paging File | 90.71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.07 Gb Total Space | 19.17 Gb Free Space | 79.65% Space Free | Partition Type: NTFS
Drive D: | 23.38 Gb Total Space | 2.90 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Drive E: | 29.23 Gb Total Space | 0.86 Gb Free Space | 2.94% Space Free | Partition Type: FAT32
Drive F: | 615.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SUPERNATURAL | User Name: Lovey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/30 08:27:45 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lovey\Desktop\OTL.exe
PRC - [2012/08/30 01:25:50 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2010/06/24 09:27:12 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/06/24 09:27:06 | 002,202,704 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/18 04:06:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2012/08/30 01:25:50 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/30 01:02:00 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/06/24 09:27:54 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/06/24 09:27:12 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Lovey\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\klim5.sys -- (klim5)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/08/29 18:33:18 | 000,104,064 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/06/24 09:27:24 | 000,095,896 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/06/24 09:26:24 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/04/28 08:17:46 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2004/08/04 04:38:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001/08/17 17:49:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001/08/17 17:49:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001/08/17 17:49:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001/08/17 17:49:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Lovey\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Lovey\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/08/30 00:10:12 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Lovey\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Lovey\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Lovey\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Lovey\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Lovey\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll

O1 HOSTS File: ([2012/08/30 08:06:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4C8ED48-C92E-45ED-8A3C-55489AA13EBE}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Lovey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lovey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/29 19:39:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/10/05 00:47:06 | 000,000,110 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/30 08:27:18 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lovey\Desktop\OTL.exe
[2012/08/30 08:02:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/30 08:02:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/30 08:02:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/30 08:02:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/30 08:02:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/30 08:02:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lovey\My Documents\My Videos
[2012/08/30 08:02:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lovey\Start Menu\Programs\Administrative Tools
[2012/08/30 08:02:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/08/30 07:58:21 | 004,740,381 | R--- | C] (Swearware) -- C:\Documents and Settings\Lovey\Desktop\ComboFix.exe
[2012/08/30 07:56:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/08/30 07:56:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2012/08/30 07:56:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2012/08/30 07:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lovey\Local Settings\Application Data\Sun
[2012/08/30 01:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lovey\Application Data\Macromedia
[2012/08/30 01:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lovey\Application Data\Adobe
[2012/08/30 01:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/08/30 01:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/30 01:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/08/30 01:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lovey\Application Data\Sun
[2012/08/30 00:59:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2012/08/30 00:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/08/30 00:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012/08/30 00:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012/08/30 00:59:02 | 000,000,000 | R--D | C] -- C:\Program Files
[2012/08/30 00:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/08/30 00:58:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/08/30 00:58:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2012/08/30 00:58:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2012/08/30 00:58:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2012/08/30 00:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/08/30 00:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2012/08/30 00:58:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/08/30 00:58:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2012/08/30 00:58:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/08/30 00:58:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/08/30 00:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2012/08/30 00:57:50 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/08/30 00:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/08/30 00:53:17 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2012/08/30 00:53:17 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/08/30 00:53:17 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2012/08/30 00:53:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2012/08/30 00:53:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2012/08/30 00:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lovey\Local Settings\Application Data\Opera
[2012/08/30 00:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lovey\Application Data\Opera
[2012/08/30 00:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/08/30 00:36:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lovey\Recent
[2012/08/30 00:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2012/08/30 00:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lovey\Local Settings\Application Data\ESET
[2012/08/30 00:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/30 00:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2012/08/30 00:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/08/29 23:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lovey\Application Data\vlc
[2012/08/29 23:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/08/29 23:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/08/29 22:25:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/08/29 22:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/29 22:24:53 | 003,989,000 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Lovey\My Documents\ccsetup322.exe
[2012/08/29 22:17:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/08/29 22:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lovey\My Documents\Downloads
[2012/08/29 21:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lovey\Start Menu\Programs\Google Chrome
[2012/08/29 21:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lovey\Local Settings\Application Data\Google
[2012/08/29 21:37:26 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Lovey\UserData
[2012/08/29 21:28:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/08/29 19:56:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012/08/29 19:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2012/08/29 19:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/08/29 19:53:17 | 000,000,000 | ---D | C] -- C:\Intel
[2012/08/29 19:51:00 | 000,000,000 | ---D | C] -- C:\swsetup
[2012/08/29 19:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lovey\Application Data\WinRAR
[2012/08/29 19:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lovey\Start Menu\Programs\WinRAR
[2012/08/29 19:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/08/29 19:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/08/29 19:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lovey\Application Data\Identities
[2012/08/29 19:44:11 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2012/08/29 19:44:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lovey\My Documents\My Pictures
[2012/08/29 19:44:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lovey\My Documents\My Music
[2012/08/29 19:44:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Lovey\Application Data\Microsoft
[2012/08/29 19:44:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Lovey\Cookies
[2012/08/29 19:44:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lovey\SendTo
[2012/08/29 19:44:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lovey\Application Data
[2012/08/29 19:44:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lovey\Start Menu\Programs\Startup
[2012/08/29 19:44:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lovey\Start Menu
[2012/08/29 19:44:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lovey\My Documents
[2012/08/29 19:44:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lovey\Favorites
[2012/08/29 19:44:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lovey\Start Menu\Programs\Accessories
[2012/08/29 19:44:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lovey\Templates
[2012/08/29 19:44:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lovey\PrintHood
[2012/08/29 19:44:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lovey\NetHood
[2012/08/29 19:44:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lovey\Local Settings
[2012/08/29 19:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lovey\Local Settings\Application Data\Microsoft
[2012/08/29 19:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lovey\Desktop
[2012/08/29 19:43:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/08/29 19:43:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/08/29 19:43:18 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2012/08/29 19:43:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2012/08/29 19:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2012/08/29 19:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2012/08/29 19:42:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2012/08/29 19:41:27 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/08/29 19:41:27 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/08/29 19:41:27 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012/08/29 19:40:30 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/08/29 19:40:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/08/29 19:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/08/29 19:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/08/29 19:38:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2012/08/29 19:38:45 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2012/08/29 19:38:45 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2012/08/29 19:38:36 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/08/29 19:38:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2012/08/29 19:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012/08/29 19:37:47 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2012/08/29 19:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/08/29 19:37:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/08/29 19:37:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2012/08/29 19:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2012/08/29 19:37:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2012/08/29 19:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2012/08/29 19:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012/08/29 19:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012/08/29 19:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/08/29 19:37:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/08/29 19:36:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/08/29 19:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/08/29 19:36:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/08/29 19:36:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/08/29 19:36:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/08/29 19:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012/08/29 19:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/08/29 19:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2012/08/29 19:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2012/08/29 19:35:44 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2012/08/29 19:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2012/08/29 19:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012/08/29 19:35:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2012/08/29 19:35:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2012/08/29 19:35:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/08/29 19:35:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/30 08:27:45 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lovey\Desktop\OTL.exe
[2012/08/30 08:06:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/30 08:06:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/30 08:01:11 | 004,740,381 | R--- | M] (Swearware) -- C:\Documents and Settings\Lovey\Desktop\ComboFix.exe
[2012/08/30 07:57:34 | 000,580,770 | ---- | M] () -- C:\Documents and Settings\Lovey\Desktop\ComboFix_ A guide and tutorial on using ComboFix.mht
[2012/08/30 07:56:44 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2012/08/30 07:55:53 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1078081533-1417001333-1003UA.job
[2012/08/30 07:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/30 00:44:08 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Lovey\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/08/30 00:44:08 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/08/29 23:20:52 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/08/29 23:15:25 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Lovey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/29 23:13:13 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Lovey\Desktop\Windows Media Player.lnk
[2012/08/29 22:25:08 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/08/29 22:24:41 | 003,989,000 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Lovey\My Documents\ccsetup322.exe
[2012/08/29 22:15:16 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/29 21:57:56 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Lovey\Desktop\Google Chrome.lnk
[2012/08/29 21:57:56 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Lovey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/29 21:46:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1078081533-1417001333-1003Core.job
[2012/08/29 19:44:50 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Lovey\Desktop\WinRAR.lnk
[2012/08/29 19:44:45 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/29 19:44:45 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/29 19:44:22 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Lovey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/29 19:44:21 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Lovey\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/08/29 19:44:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/29 19:42:49 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/08/29 19:42:39 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/29 19:42:08 | 000,004,382 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/29 19:42:02 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/08/29 19:39:46 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/29 19:39:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/08/29 19:39:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/08/29 19:39:46 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/08/29 19:39:46 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/08/29 19:39:43 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/08/29 19:39:43 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/08/29 19:39:43 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/08/29 19:39:33 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/08/29 19:36:49 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/08/29 19:34:40 | 000,000,211 | -HS- | M] () -- C:\BOOT.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/30 08:05:31 | 000,000,027 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/30 08:02:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/30 08:02:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/30 08:02:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/30 08:02:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/30 08:02:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/30 07:57:33 | 000,580,770 | ---- | C] () -- C:\Documents and Settings\Lovey\Desktop\ComboFix_ A guide and tutorial on using ComboFix.mht
[2012/08/30 07:56:43 | 000,000,211 | -HS- | C] () -- C:\BOOT.BAK
[2012/08/30 07:56:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/08/30 01:02:02 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/30 01:00:57 | 002,104,298 | ---- | C] () -- C:\WINDOWS\System32\drivers\2gmgsmt.sf2
[2012/08/30 00:59:10 | 000,004,382 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/08/30 00:59:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/08/30 00:59:04 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012/08/30 00:59:04 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012/08/30 00:59:04 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012/08/30 00:59:03 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012/08/30 00:58:45 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012/08/30 00:58:31 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/08/30 00:58:31 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2012/08/30 00:58:31 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2012/08/30 00:58:31 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/08/30 00:58:31 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2012/08/30 00:58:31 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012/08/30 00:58:31 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2012/08/30 00:58:31 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012/08/30 00:58:31 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/08/30 00:58:31 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2012/08/30 00:58:31 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012/08/30 00:58:31 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/08/30 00:58:31 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/08/30 00:58:31 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2012/08/30 00:58:31 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012/08/30 00:58:30 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2012/08/30 00:58:30 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/08/30 00:58:29 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012/08/30 00:58:29 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012/08/30 00:57:50 | 000,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/30 00:57:07 | 000,000,282 | RHS- | C] () -- C:\boot.ini
[2012/08/30 00:57:04 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/08/30 00:44:08 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Lovey\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/08/30 00:44:08 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2012/08/30 00:44:08 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/08/29 23:20:52 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/08/29 23:13:13 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Lovey\Desktop\Windows Media Player.lnk
[2012/08/29 23:12:38 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Lovey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/29 22:25:08 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/08/29 22:15:16 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/08/29 21:57:56 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Lovey\Desktop\Google Chrome.lnk
[2012/08/29 21:57:56 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Lovey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/29 21:41:02 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1078081533-1417001333-1003UA.job
[2012/08/29 21:41:01 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1078081533-1417001333-1003Core.job
[2012/08/29 19:53:26 | 001,674,683 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2012/08/29 19:53:26 | 000,001,023 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2012/08/29 19:53:25 | 000,058,558 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2012/08/29 19:53:25 | 000,029,820 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2012/08/29 19:44:50 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Lovey\Desktop\WinRAR.lnk
[2012/08/29 19:44:21 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Lovey\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/08/29 19:44:14 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Lovey\Start Menu\Programs\Outlook Express.lnk
[2012/08/29 19:44:11 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Lovey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/29 19:44:11 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Lovey\Start Menu\Programs\Internet Explorer.lnk
[2012/08/29 19:44:05 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Lovey\Start Menu\Programs\Remote Assistance.lnk
[2012/08/29 19:44:05 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Lovey\Start Menu\Programs\Windows Media Player.lnk
[2012/08/29 19:42:49 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/08/29 19:42:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/08/29 19:41:21 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/08/29 19:41:05 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/08/29 19:40:59 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/08/29 19:40:58 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/08/29 19:40:56 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/08/29 19:40:49 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/08/29 19:40:45 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/08/29 19:40:41 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012/08/29 19:40:32 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/08/29 19:39:46 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/29 19:39:46 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/08/29 19:39:46 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/08/29 19:39:46 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2012/08/29 19:39:46 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2012/08/29 19:39:43 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/08/29 19:39:43 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/08/29 19:39:41 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2012/08/29 19:38:35 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/08/29 19:38:24 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2012/08/29 19:37:58 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2012/08/29 19:37:58 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2012/08/29 19:37:52 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012/08/29 19:37:40 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2012/08/29 19:37:29 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2012/08/29 19:36:51 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/08/29 19:36:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/08/29 19:36:27 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/08/29 19:36:03 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2012/08/29 19:36:03 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2012/08/29 19:36:03 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2012/08/29 19:36:03 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2012/08/29 19:36:03 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2012/08/29 19:36:03 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2012/08/29 19:36:03 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2012/08/29 19:36:03 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2012/08/29 19:36:02 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2012/08/29 19:36:02 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2012/08/29 19:36:02 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2012/08/29 19:36:00 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2012/08/29 19:36:00 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2012/08/29 19:35:59 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2012/08/29 19:35:52 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc

========== LOP Check ==========

[2012/08/30 00:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/08/30 00:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lovey\Application Data\Opera

========== Purity Check ==========



< End of report >


From Extras file

OTL Extras logfile created on: 30/08/2012 08:28:33 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Lovey\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.23 Mb Total Physical Memory | 683.22 Mb Available Physical Memory | 67.36% Memory free
2.38 Gb Paging File | 2.16 Gb Available in Paging File | 90.71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.07 Gb Total Space | 19.17 Gb Free Space | 79.65% Space Free | Partition Type: NTFS
Drive D: | 23.38 Gb Total Space | 2.90 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Drive E: | 29.23 Gb Total Space | 0.86 Gb Free Space | 2.94% Space Free | Partition Type: FAT32
Drive F: | 615.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SUPERNATURAL | User Name: Lovey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\WinRAR.4.11.x32.en.tano1221.exe" = E:\WinRAR.4.11.x32.en.tano1221.exe:*:Enabled:ipsec -- ()
"C:\Documents and Settings\Lovey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Lovey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:ipsec -- (Google Inc.)
"D:\Pazera_Video_Converters_Suite\Pazera_Free_MP4_to_AVI_Converter\mp4toavi.exe" = D:\Pazera_Video_Converters_Suite\Pazera_Free_MP4_to_AVI_Converter\mp4toavi.exe:*:Enabled:ipsec -- ()
"D:\Pazera_Video_Converters_Suite\Video_Converters.exe" = D:\Pazera_Video_Converters_Suite\Video_Converters.exe:*:Enabled:ipsec -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:ipsec -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0791A9FF-ED33-4BC0-9D5C-8B615D65C619}" = ESET NOD32 Antivirus
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"Opera 12.01.1532" = Opera 12.01
"VLC media player" = VLC media player 2.0.3
"WinRAR archiver" = WinRAR 4.11 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29/08/2012 14:40:57 | Computer Name = SUPERNATURAL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 29/08/2012 14:43:16 | Computer Name = SUPERNATURAL | Source = Application Error | ID = 1000
Description = Faulting application userinit.exe, version 1.0.0.0, faulting module
userinit.exe, version 1.0.0.0, fault address 0x000321fe.

Error - 29/08/2012 14:50:59 | Computer Name = SUPERNATURAL | Source = Application Error | ID = 1000
Description = Faulting application userinit.exe, version 1.0.0.0, faulting module
userinit.exe, version 1.0.0.0, fault address 0x000321fe.

Error - 29/08/2012 15:00:52 | Computer Name = SUPERNATURAL | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.3.21.103, faulting
module unknown, version 0.0.0.0, fault address 0x00350031.

Error - 29/08/2012 15:16:04 | Computer Name = SUPERNATURAL | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.3.21.103, faulting
module unknown, version 0.0.0.0, fault address 0x0118f0dc.

Error - 29/08/2012 16:16:02 | Computer Name = SUPERNATURAL | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.3.21.103, faulting
module unknown, version 0.0.0.0, fault address 0x0118f0dc.

Error - 29/08/2012 17:16:01 | Computer Name = SUPERNATURAL | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.3.21.103, faulting
module unknown, version 0.0.0.0, fault address 0x0118f0dc.

Error - 29/08/2012 21:34:54 | Computer Name = SUPERNATURAL | Source = Application Error | ID = 1000
Description = Faulting application userinit.exe, version 1.0.0.0, faulting module
userinit.exe, version 1.0.0.0, fault address 0x000321fe.

Error - 29/08/2012 21:36:06 | Computer Name = SUPERNATURAL | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.3.21.103, faulting
module unknown, version 0.0.0.0, fault address 0x00350031.

Error - 29/08/2012 22:16:01 | Computer Name = SUPERNATURAL | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.3.21.103, faulting
module unknown, version 0.0.0.0, fault address 0x0114f0dc.

[ System Events ]
Error - 29/08/2012 13:38:23 | Computer Name = SUPERNATURAL | Source = Service Control Manager | ID = 7000
Description = The amsint32 service failed to start due to the following error: %%2

Error - 29/08/2012 13:40:57 | Computer Name = SUPERNATURAL | Source = Service Control Manager | ID = 7000
Description = The amsint32 service failed to start due to the following error: %%2

Error - 29/08/2012 13:44:00 | Computer Name = SUPERNATURAL | Source = Service Control Manager | ID = 7000
Description = The amsint32 service failed to start due to the following error: %%2

Error - 29/08/2012 14:48:27 | Computer Name = SUPERNATURAL | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 29/08/2012 14:56:10 | Computer Name = SUPERNATURAL | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 29/08/2012 15:00:51 | Computer Name = SUPERNATURAL | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 fffffff0, parameter2 00000000, parameter3
8052551f, parameter4 00000000.

Error - 29/08/2012 21:40:05 | Computer Name = SUPERNATURAL | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 29/08/2012 22:35:34 | Computer Name = SUPERNATURAL | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_AIC32P\0000 disappeared from the system without
first being prepared for removal.


< End of report >
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there is no guarantee I can clear this but lets give it a whirl

Download Sality Killer zip to your desktop and extract SalityKiller.exe

Run the utility SalityKiller.exe on the infected computer
A reboot might require after disinfection.

Download the file Sality_RegKeys.zip
unpack the file Sality_RegKeys.zip
run the file Disable_autorun.reg from the archive Sality_RegKeys.zip

Once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key:

under Windows 2000 run the registry file SafeBootWin200.reg
under Windows XP run the registry file SafeBootWinXP.reg
under Windows 2003 run the registry file SafeBootWinServer2003.reg
under Windows Vista / 2008 run the registry file SafebootVista.reg
under Windows 7 / 2008 R2 run the registry file SafebootWin7.reg


THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#4
evillymind

evillymind

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Dear Friend Thanks a million. I think it has worked will confirm. I am just rescanning my pc. Greatly thankful your help. :thumbsup:
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run aswMBR please and a fresh OTL scan so that I can confirm that
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP