BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
HOW TO REMOVE WIN32:SALITY VIRUS
   
BullGuard Antivirus Forum > BullGuard zone > BullGuard Trial users > HOW TO REMOVE WIN32:SALITY VIRUS  
Forum Quick Jump
 
New Topic Post reply to : HOW TO REMOVE WIN32:SALITY VIRUS Printable version of : HOW TO REMOVE WIN32:SALITY VIRUS
[ << Previous Thread | Next Thread >> ]

ANTIORVIRUS
New Member


Date Joined Jun 2012
Total Posts : 1
 
   Posted 6/16/2012 12:19 PM (GMT +3)    Quote: HOW TO REMOVE WIN32:SALITY VIRUSAlert an admin about: HOW TO REMOVE WIN32:SALITY VIRUS
HEY ,,,,PLEASE HELP ME
I HAVE SOME SOFTWARE SETUPS IN MY PC WITH .exe FILE EXTENSIONS,,,
WHEN I START A FULL SYSTEM SCAN WITH MY ANTIVIRUS IT DETECTS IT SUCCESSFULLY AS WIN32:SALITY VIRUS
BUT WHEN I PUSH REPAIR BUTTON OR DISINFECT BUTTON,,,,,,IT GIVES MESSAGE,,"ACTION UNSUCCESSFUL:ACCESS DENEID" AND WHEN I CLICK MOVE TO CHEST ,,,IT MOVES MY SOFTWARE'S SETUP(EXECUTABLE FILE .exe)TO VIRUS CHEST,,,,,AND I LOST MY SOFTWARE,,,,,AND IF I DONT SELECT MOVE TO CHEST ,,,ONLY ONE OPTION REMAINS FOR ME AND IT IS DELETE ,,,,AND IT DOESNT REMOVE OR DELETE VIRUS FROM FILE,,,ACTUALLY IT DELETES THE WHOLE FILE WITH .exe FILE ,,,,SO MY SOFTWARE GET OUT OF MY COMPUTER ,,,,,SO HOW I CAN REMOVE WIN:32SALITY VIRUS FROM A .exe file WITHOUT REMOVING FILE,,,,,,,,,,,,,,,,,,PLEASE HELP!!!!!!!! freaked

Post Edited (ANTIORVIRUS) : 16-06-2012 09:22:23 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12974
 
   Posted 6/17/2012 1:01 AM (GMT +3)    Quote: HOW TO REMOVE WIN32:SALITY VIRUSAlert an admin about: HOW TO REMOVE WIN32:SALITY VIRUS
Hello  and welcome.


Please turn caps lock OFF ;-)


Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
WSHELPER.*
services.exe
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /rs
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs
 
and download Kaspersky's TDSSKiller to your desktop, then unzip that and place a copy of the TDSSKiller.exe file on your desktop. Then click that to open the scanner.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot if requested.

When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller. (numbers) log.txt

 
Copy/paste those contents back here please.

-----------

Also click
http://ad13.geekstogo.com/MBRCheck.exe
to download AD13's MBRCheck.exe. Then right click that file, and select "Run as administrator". Follow the prompts, and post back here the log it should have created on your desktop.
 


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

dulc88
New Member


Date Joined Apr 2014
Total Posts : 2
 
   Posted 4/25/2014 3:23 AM (GMT +3)    Quote: HOW TO REMOVE WIN32:SALITY VIRUSAlert an admin about: HOW TO REMOVE WIN32:SALITY VIRUS
I have major problems of these on my servers and I've ran as per your instructions but I couldn't attach the logs so I've now pasted them as per below.

Regards,
Dulcie



OTL
****
OTL logfile created on: 4/24/2014 15:25:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
Windows Server 2003 Server 2003 R2 Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 6.0.3790.3959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 22.66% Memory free
7.83 Gb Paging File | 4.98 Gb Available in Paging File | 63.53% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092d:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.88 Gb Total Space | 21.48 Gb Free Space | 63.40% Space Free | Partition Type: NTFS
Drive D: | 273.40 Gb Total Space | 34.85 Gb Free Space | 12.75% Space Free | Partition Type: NTFS

Computer Name: POMSRVR_WINAIR0 | User Name: ithercules | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/24 15:11:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2014/04/13 09:56:14 | 010,387,440 | ---- | M] (Malwarebytes Corporation ) -- D:\Malwarebytes\mbam-setup-1.75.0.1300.exe
PRC - [2014/03/31 08:14:11 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- D:\mbam-setup-1.75.0.1300.exe
PRC - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/11/12 21:19:28 | 001,708,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
PRC - [2013/11/12 21:18:38 | 000,304,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Backup Exec\RAWS\bedbg.exe
PRC - [2012/09/17 23:26:11 | 000,818,240 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2012/09/17 23:25:52 | 000,289,856 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2012/07/28 03:45:10 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2010/02/02 12:23:52 | 000,713,544 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/02/02 12:21:56 | 001,043,784 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2007/02/17 03:55:16 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007/02/17 03:31:48 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2007/02/17 03:19:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007/02/17 02:58:36 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/04 16:45:02 | 000,024,672 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
PRC - [2006/11/30 12:04:50 | 000,010,240 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\cpqrcmc.exe
PRC - [2006/11/29 02:01:00 | 001,417,282 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\bin\smhstart.exe
PRC - [2006/11/29 02:01:00 | 000,041,027 | ---- | M] (Apache Software Foundation) -- C:\hp\hpsmh\bin\rotatelogs.exe
PRC - [2006/11/29 02:01:00 | 000,024,631 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\bin\hpsmhd.exe
PRC - [2006/11/20 17:10:52 | 000,729,161 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
PRC - [2006/11/17 12:13:04 | 000,006,656 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\sysdown.exe
PRC - [2006/11/17 12:12:22 | 000,004,608 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe
PRC - [2006/11/17 12:10:48 | 000,005,120 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe
PRC - [2006/11/17 07:52:02 | 000,019,456 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe
PRC - [2006/11/15 03:45:10 | 000,172,134 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\cpqteam.exe
PRC - [2006/11/03 12:13:58 | 000,057,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Cissesrv\cissesrv.exe
PRC - [2006/01/19 06:12:08 | 000,177,610 | RHS- | M] (WinZip 8.1) -- C:\WINDOWS\system32\Winzip.exe
PRC - [2006/01/19 06:12:08 | 000,177,610 | RHS- | M] (WinZip 8.1) -- C:\WINDOWS\system32\Update.exe
PRC - [2006/01/19 06:12:08 | 000,095,690 | RHS- | M] (WinZip 8.1) -- C:\WINDOWS\Rundll16.exe
PRC - [2005/03/11 14:40:26 | 000,455,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/20 20:23:02 | 000,075,888 | ---- | M] () -- C:\WINDOWS\system32\PDVFSNP.dll
MOD - [2012/09/17 23:26:56 | 000,146,496 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\ssleay32.dll
MOD - [2012/09/17 23:26:53 | 000,740,416 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_Security.dll
MOD - [2012/09/17 23:26:44 | 001,539,136 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO.dll
MOD - [2012/09/17 23:26:25 | 000,076,864 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\ACE_SSL.dll
MOD - [2012/09/17 23:25:57 | 000,535,616 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_PortableServer.dll
MOD - [2012/09/17 23:25:49 | 000,244,800 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_SSLIOP.dll
MOD - [2012/09/17 23:25:44 | 000,183,360 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_DynamicAny.dll
MOD - [2012/09/17 23:25:42 | 000,039,488 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_Valuetype.dll
MOD - [2012/09/17 23:25:03 | 000,760,896 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\libeay32.dll
MOD - [2012/09/17 23:24:57 | 001,055,808 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\ace.dll
MOD - [2011/05/04 09:27:36 | 003,007,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\msmgdsrv\c331742a5ba3cb50f6370e654edbce9e\msmgdsrv.ni.dll
MOD - [2011/05/04 09:25:40 | 000,274,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f415a550ed902dd8ce19a27d9af3ae39\Microsoft.SqlServer.ConnectionInfo.ni.dll
MOD - [2011/05/04 09:25:17 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll
MOD - [2011/05/04 09:25:16 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\990d96810a21e0fa95f916ffc66f3a94\System.Transactions.ni.dll
MOD - [2011/05/04 09:25:08 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
MOD - [2011/05/04 09:16:29 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
MOD - [2011/05/04 09:15:29 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll
MOD - [2011/05/04 09:13:45 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/05/04 09:13:36 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2011/05/04 09:12:10 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/05/04 09:12:02 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/07/24 15:56:18 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2006/12/04 16:44:52 | 000,118,880 | ---- | M] () -- C:\WINDOWS\system32\CPQNiMgt\w2kmgdll.dll
MOD - [2006/12/04 16:41:28 | 000,036,968 | ---- | M] () -- C:\WINDOWS\system32\CPQNiMgt\cpqnimib.dll
MOD - [2006/12/04 16:40:34 | 000,028,772 | ---- | M] () -- C:\WINDOWS\system32\CPQNiMgt\nicmib.dll
MOD - [2006/12/04 16:39:58 | 000,020,583 | ---- | M] () -- C:\WINDOWS\system32\CPQNiMgt\cqnisnmp.dll
MOD - [2006/11/29 02:01:00 | 000,884,736 | ---- | M] () -- C:\hp\hpsmh\bin\libeay32.dll
MOD - [2006/11/29 02:01:00 | 000,651,264 | ---- | M] () -- C:\hp\hpsmh\modules\php_domxml.dll
MOD - [2006/11/29 02:01:00 | 000,192,512 | ---- | M] () -- C:\hp\hpsmh\modules\domc.dll
MOD - [2006/11/29 02:01:00 | 000,192,512 | ---- | M] () -- C:\hp\hpsmh\bin\domc.dll
MOD - [2006/11/29 02:01:00 | 000,159,744 | ---- | M] () -- C:\hp\hpsmh\bin\ssleay32.dll
MOD - [2006/11/29 02:01:00 | 000,028,672 | ---- | M] () -- C:\hp\hpsmh\modules\php4apache2.so
MOD - [2006/11/17 07:52:02 | 000,202,752 | ---- | M] () -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\stormib.dll
MOD - [2006/11/17 07:52:02 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cpqfca.dll
MOD - [2006/11/17 07:52:02 | 000,070,144 | ---- | M] () -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cpqmida.dll
MOD - [2006/11/17 07:52:02 | 000,048,128 | ---- | M] () -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cpqmscsi.dll
MOD - [2006/11/17 07:52:02 | 000,043,520 | ---- | M] () -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cpqiscsi.dll
MOD - [2006/11/17 07:52:02 | 000,040,448 | ---- | M] () -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cpqsas.dll
MOD - [2006/11/17 07:52:02 | 000,036,352 | ---- | M] () -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cpqmdisk.dll
MOD - [2006/11/17 07:52:02 | 000,036,352 | ---- | M] () -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cpqide.dll
MOD - [2006/11/17 07:52:02 | 000,029,696 | ---- | M] () -- C:\WINDOWS\system32\cqstrutl.dll
MOD - [2006/11/17 07:52:02 | 000,029,696 | ---- | M] () -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.dll
MOD - [2006/11/17 07:52:02 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\storalrt.dll
MOD - [2006/11/17 07:52:02 | 000,019,456 | ---- | M] () -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\iscsimib.dll
MOD - [2006/11/17 07:52:02 | 000,005,632 | ---- | M] () -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\storsnmp.dll
MOD - [2006/04/04 22:00:00 | 000,016,896 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2004/04/27 21:04:04 | 000,061,440 | ---- | M] () -- C:\hp\hpsmh\data\cgi-bin\vcagent\XalanMessages_1_7_0.dll
MOD - [2003/02/25 15:49:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe /service msvsmon80 -- (msvsmon80)
SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - [2014/02/06 18:14:53 | 000,270,328 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVCleanupService.exe -- (SAVCleanupService)
SRV - [2014/02/06 18:14:49 | 000,725,496 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe -- (Sophos Device Control Service)
SRV - [2014/02/06 18:14:44 | 000,275,960 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2014/02/06 18:14:41 | 001,541,624 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_update.exe -- (swi_update)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/11/12 21:19:28 | 001,708,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe -- (BackupExecAgentAccelerator)
SRV - [2013/11/12 21:18:38 | 000,304,976 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Backup Exec\RAWS\bedbg.exe -- (bedbg)
SRV - [2013/08/30 17:30:08 | 000,135,168 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe -- (Tomcat5)
SRV - [2013/08/22 22:51:13 | 000,187,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/20 20:23:14 | 000,268,400 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Symantec\Backup Exec\RAWS\PDVFSService.exe -- (PDVFSService)
SRV - [2013/06/14 10:53:14 | 000,516,936 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2012/09/17 23:26:11 | 000,818,240 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2012/09/17 23:25:52 | 000,289,856 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2012/07/28 03:45:10 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2010/02/02 12:21:56 | 001,043,784 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/02/02 12:18:22 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007/12/19 13:35:10 | 000,726,400 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe -- (Smcinst)
SRV - [2007/02/18 00:30:26 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/17 04:07:00 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/17 03:55:56 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/17 03:41:50 | 000,792,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/17 03:20:52 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/17 03:19:44 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/17 03:19:28 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2007/02/17 02:50:02 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2006/12/04 16:45:02 | 000,024,672 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe -- (CpqNicMgmt)
SRV - [2006/11/30 12:04:50 | 000,010,240 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\cpqrcmc.exe -- (CpqRcmc)
SRV - [2006/11/29 02:01:00 | 001,417,282 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\hp\hpsmh\bin\smhstart.exe -- (SysMgmtHp)
SRV - [2006/11/20 17:10:52 | 000,729,161 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe -- (cpqvcagent)
SRV - [2006/11/17 12:13:04 | 000,006,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\sysdown.exe -- (sysdown)
SRV - [2006/11/17 12:12:22 | 000,004,608 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe -- (CqMgServ)
SRV - [2006/11/17 12:10:48 | 000,199,680 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\WINDOWS\system32\CIMntfy\cimntfy.exe -- (CIMnotify)
SRV - [2006/11/17 12:10:48 | 000,005,120 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe -- (CqMgHost)
SRV - [2006/11/17 07:52:02 | 000,019,456 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe -- (CqMgStor)
SRV - [2006/11/03 12:13:58 | 000,057,344 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\HP\Cissesrv\cissesrv.exe -- (Cissesrv)
SRV - [2006/04/04 22:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2006/04/04 22:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2005/03/11 14:40:26 | 000,455,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- a -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (LicenseInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jjoipq.sys -- (asc3360pr)
DRV - [2013/06/20 20:23:02 | 000,075,888 | ---- | M] () [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\PDVFSNP.dll -- (PDVFSNP)
DRV - [2013/04/29 11:29:46 | 000,125,528 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VirtFile.sys -- (VirtFile)
DRV - [2013/03/07 00:19:20 | 000,172,232 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2013/03/07 00:19:20 | 000,033,736 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2013/01/14 14:21:58 | 000,064,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\pdfsd.sys -- (PDVFSDriver)
DRV - [2012/07/28 03:47:11 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2011/04/30 11:52:53 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2010/11/04 10:34:26 | 000,022,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vstor2-mntapi10-shared.sys -- (vstor2-mntapi10-shared)
DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/02/08 10:25:06 | 000,136,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/08/20 01:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/08/20 01:00:00 | 000,112,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2007/02/17 04:09:26 | 000,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/17 03:57:50 | 000,072,704 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv)
DRV - [2007/02/17 02:49:38 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver)
DRV - [2007/02/17 02:31:14 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk)
DRV - [2006/11/17 12:13:04 | 000,110,080 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpqilo2.sys -- (hpqilo2)
DRV - [2006/11/09 13:27:06 | 000,208,384 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cpqteam.sys -- (CPQTeamMP)
DRV - [2006/11/09 13:27:06 | 000,208,384 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cpqteam.sys -- (CPQTeam)
DRV - [2006/11/01 14:58:32 | 000,054,584 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\HpCISSs2.sys -- (HpCISSs2)
DRV - [2006/10/20 11:14:40 | 000,028,160 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cpqcidrv.sys -- (CpqCiDrv)
DRV - [2006/08/07 13:23:56 | 000,049,664 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bxnd52x.sys -- (l2nd)
DRV - [2006/08/07 12:40:32 | 000,033,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bxdiagx.sys -- (b06diag)
DRV - [2005/12/06 22:44:42 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1849713185-651054221-310601177-3520\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2062434412-627062527-4131258346-4985\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2062434412-627062527-4131258346-4985\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2062434412-627062527-4131258346-4985\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.48.13:8080

IE - HKU\S-1-5-21-2062434412-627062527-4131258346-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.av-basesystems.com/info/home/index.html
IE - HKU\S-1-5-21-2062434412-627062527-4131258346-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2062434412-627062527-4131258346-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost,127.0.0.1;<local>
IE - HKU\S-1-5-21-2062434412-627062527-4131258346-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.48.13:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.av-basesystems.com/info/home/index.html"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..network.proxy.backup.ftp: "192.168.48.13"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "192.168.48.13"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "192.168.48.13"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "192.168.48.13"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "192.168.48.13"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "192.168.48.13"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "192.168.48.13"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.48.13"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "192.168.48.13"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/22 22:51:02 | 000,000,000 | ---D | M]

[2009/08/06 08:45:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.AIRNIUGINI\Application Data\Mozilla\Extensions
[2014/04/24 14:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.AIRNIUGINI\Application Data\Mozilla\Firefox\Profiles\ck6dysm9.default\extensions
[2014/04/24 14:59:53 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator.AIRNIUGINI\Application Data\Mozilla\Firefox\Profiles\ck6dysm9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/08/22 22:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/22 22:51:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/06 13:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014/03/06 13:32:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2006/04/04 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [CPQTEAM] C:\WINDOWS\System32\cpqteam.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ScanRegistry] C:\WINDOWS\System32\scanregw.exe (WinZip 8.1)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.exe (WinZip 8.1)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 21600
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1849713185-651054221-310601177-3520\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1849713185-651054221-310601177-3520\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 1
O7 - HKU\S-1-5-21-1849713185-651054221-310601177-3520\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-1849713185-651054221-310601177-3520\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 1
O7 - HKU\S-1-5-21-1849713185-651054221-310601177-3520\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 1
O7 - HKU\S-1-5-21-1849713185-651054221-310601177-3520\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 1
O7 - HKU\S-1-5-21-1849713185-651054221-310601177-3520\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 1
O7 - HKU\S-1-5-21-2062434412-627062527-4131258346-4985\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2062434412-627062527-4131258346-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.48.108 192.168.48.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = airniugini.corp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{386E440B-9571-47C4-82E4-00E8CFBF9A94}: Domain = airniugini.corp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{386E440B-9571-47C4-82E4-00E8CFBF9A94}: NameServer = 192.168.48.108
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D5E87CA-EB2E-45E3-B0CF-AA8ABC25286F}: DhcpNameServer = 192.168.48.108 192.168.48.4
O18 - Protocol\Handler\hpapp {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hpapp\Apps - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator.AIRNIUGINI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator.AIRNIUGINI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/04 17:14:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SophosBootTasks)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: Ias - C:\WINDOWS\System32\ias.dll (Microsoft Corporation)
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sacsvr - C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
NetSvcs: TrkSvr - C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2014/04/24 14:50:44 | 005,582,776 | ---- | C] (Security Stronghold) -- C:\Documents and Settings\Administrator.AIRNIUGINI\My Documents\Win32.SalityRemovalTool.exe
[2014/04/24 14:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AIRNIUGINI\My Documents\w32 Sality
[2014/04/24 14:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.AIRNIUGINI\My Documents\Kaspersky
[2014/04/23 12:01:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/23 11:57:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014/04/10 16:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Redirected
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/24 15:20:16 | 000,000,576 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2014/04/24 14:59:10 | 000,002,599 | ---- | M] () -- C:\Documents and Settings\Administrator.AIRNIUGINI\Desktop\Sophos Virus Removal Tool.lnk
[2014/04/24 14:43:52 | 000,013,748 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/23 22:31:45 | 000,000,208 | ---- | M] () -- C:\WINDOWS\tasks\WinAir_copy_bak_file.job
[2014/04/23 14:53:10 | 000,009,708 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2014/04/21 02:00:00 | 000,000,530 | ---- | M] () -- C:\WINDOWS\tasks\Weekly.job
[2014/04/19 12:14:00 | 000,137,728 | ---- | M] () -- C:\WINDOWS\System32\MSWINSCK.OCX
[2014/04/13 09:57:49 | 005,582,776 | ---- | M] (Security Stronghold) -- C:\Documents and Settings\Administrator.AIRNIUGINI\My Documents\Win32.SalityRemovalTool.exe
[2014/04/01 09:58:41 | 000,618,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/01 09:58:41 | 000,125,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/31 18:29:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/31 17:50:14 | 000,000,213 | -HS- | M] () -- C:\boot.ini
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/19 12:14:00 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\MSWINSCK.OCX
[2014/03/26 10:18:32 | 000,000,530 | ---- | C] () -- C:\WINDOWS\tasks\Weekly.job
[2013/06/20 20:23:02 | 000,075,888 | ---- | C] () -- C:\WINDOWS\System32\PDVFSNP.dll
[2009/04/08 15:09:30 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\Administrator.AIRNIUGINI\ntuser.pol
[2007/05/07 08:13:51 | 000,009,708 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2007/05/04 17:11:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/02/24 13:20:42 | 001,519,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 21:02:57 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2007/02/17 04:08:30 | 000,278,016 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/07/24 16:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AIRNIUGINI\Application Data\pdf995
[2010/10/01 15:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.AIRNIUGINI\Application Data\TuneUp Software
[2007/12/19 16:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2013/08/21 01:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2014/04/10 16:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected
[2014/02/06 18:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2013/06/14 10:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/10/01 15:26:49 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2013/06/26 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITAppAdmin\Application Data\IsolatedStorage
[2013/10/30 17:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITAppAdmin\Application Data\Notepad++
[2013/06/14 10:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITAppAdmin\Application Data\TuneUp Software
[2009/09/20 16:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naga\Application Data\pdf995
[2011/06/04 13:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nagalingam\Application Data\pdf995

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2003/02/07 15:17:32 | 000,038,524 | ---- | M] () -- C:\DATEDIR.EXE
[2006/01/19 06:12:08 | 000,177,610 | ---- | M] (WinZip 8.1) -- C:\WINZIP_TMP.exe

< MD5 for: EXPLORER.EXE >
[2006/04/04 22:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) MD5=4B93BB34AF478A0FD9765D9B73356DC9 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/02/17 02:58:36 | 001,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\explorer.exe
[2007/02/17 02:58:36 | 001,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/02/03 21:39:50 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=7990FB9B9A7F37F4413D7B13A1259037 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2007/02/17 03:58:58 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=98CD58DA0C7809C8546B9EA8BF3B00FD -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2007/02/17 03:58:58 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=98CD58DA0C7809C8546B9EA8BF3B00FD -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2006/04/04 22:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=B6DAA698BD2E07BB636A9383C9CB3A10 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/03 21:07:32 | 000,113,152 | ---- | M] (Microsoft Corporation) MD5=CF500580CDD83B145646A4DCFCE1CF3C -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/03 21:07:32 | 000,113,152 | ---- | M] (Microsoft Corporation) MD5=CF500580CDD83B145646A4DCFCE1CF3C -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2007/02/17 04:04:26 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=C09CCFE81DEC9B162533D7184D705682 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2007/02/17 04:04:26 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=C09CCFE81DEC9B162533D7184D705682 -- C:\WINDOWS\system32\svchost.exe
[2006/04/04 22:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=CA8E6441930B54A8B8210061CE5FCCE7 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/04/04 22:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=29A1877F2D0EACFF20B6507A3C00F31B -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2007/02/17 04:07:44 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2007/02/17 04:07:44 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/04/04 22:00:00 | 000,508,928 | ---- | M] (Microsoft Corporation) MD5=325FD6D25FC1D77C363E87B445C8B023 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2007/02/17 04:09:06 | 000,528,384 | ---- | M] (Microsoft Corporation) MD5=B4AA8AE0F18E5DFCF99A671A181D3EDC -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2007/02/17 04:09:06 | 000,528,384 | ---- | M] (Microsoft Corporation) MD5=B4AA8AE0F18E5DFCF99A671A181D3EDC -- C:\WINDOWS\system32\winlogon.exe

< HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /rs >

< End of report >







*** EXTRAS.TXT*****
OTL Extras logfile created on: 4/24/2014 15:25:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
Windows Server 2003 Server 2003 R2 Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 6.0.3790.3959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 22.66% Memory free
7.83 Gb Paging File | 4.98 Gb Available in Paging File | 63.53% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092d:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.88 Gb Total Space | 21.48 Gb Free Space | 63.40% Space Free | Partition Type: NTFS
Drive D: | 273.40 Gb Total Space | 34.85 Gb Free Space | 12.75% Space Free | Partition Type: NTFS

Computer Name: POMSRVR_WINAIR0 | User Name: ithercules | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2062434412-627062527-4131258346-4985\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2062434412-627062527-4131258346-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"8194:TCP:*:enabled:Sophos8194" = 8194:TCP:*:enabled:Sophos8194

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe" = C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe:*:Enabled:SQL Server Management Studio -- (Microsoft Corporation)
"C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe" = C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe:*:Enabled:Backup Exec Remote Agent for Windows -- (Symantec Corporation)
"C:\Program Files\Symantec\Backup Exec\RAWS\VxGather.exe" = C:\Program Files\Symantec\Backup Exec\RAWS\VxGather.exe:*:Enabled:Backup Exec Diagnostic Gathering Utility -- (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe" = C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe:*:Enabled:Backup Exec Remote Agent for Windows -- (Symantec Corporation)
"C:\Program Files\Symantec\Backup Exec\RAWS\VxGather.exe" = C:\Program Files\Symantec\Backup Exec\RAWS\VxGather.exe:*:Enabled:Backup Exec Diagnostic Gathering Utility -- (Symantec Corporation)
"\\POMSRVR_WINAIR0\c$\WINZIP_TMP.exe" = \\POMSRVR_WINAIR0\c$\WINZIP_TMP.exe:*:Enabled:ipsec
"\\POMSRVR_WINAIR0\Admin$\WINZIP_TMP.exe" = \\POMSRVR_WINAIR0\Admin$\WINZIP_TMP.exe:*:Enabled:ipsec
"C:\WINDOWS\system32\scanregw.exe" = C:\WINDOWS\system32\scanregw.exe:*:Enabled:ipsec -- (WinZip 8.1)
"C:\WINDOWS\system32\userinit.exe" = C:\WINDOWS\system32\userinit.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\WINDOWS\system32\cpqteam.exe" = C:\WINDOWS\system32\cpqteam.exe:*:Enabled:ipsec -- (Hewlett-Packard Company)
"C:\WINDOWS\SYSTEM32\Update.exe" = C:\WINDOWS\SYSTEM32\Update.exe:*:Enabled:ipsec -- (WinZip 8.1)
"C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe" = C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe" = C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe:*:Enabled:ipsec -- (TuneUp Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04DDF575-93A4-4682-A4F1-ABD29ECDFE04}" = HP Insight Diagnostics Online Edition for Windows
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{0DEE841C-14D1-4497-8204-31B04370FDB7}" = HP ProLiant Remote Monitor Service
"{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}" = Microsoft SQL Server 2005
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1821E850-D8BB-4119-BC09-395CD266FAA5}" = HP Smart Array SAS/SATA Event Notification Service
"{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}" = Microsoft SQL Server 2005 Tools
"{2243F21A-E132-44F7-BA13-024D0845C815}" = Microsoft SQL Server 2005 Backward compatibility
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{37E9AD9F-3217-4229-B5A5-7A0C82364C6C}" = Microsoft SQL Server 2005 Notification Services
"{3C4DF0FD-95CF-4F7B-A816-97CEF616948F}" = HP System Management Homepage
"{4320988A-7DE0-478D-A38B-CE9509BCE320}" = Sophos Anti-Virus
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5A5F45AE-0250-4C34-9D89-F10BDDEE665F}" = HP Version Control Agent
"{8ABF8FEB-ABB0-40DC-9945-85AF36EF30A9}" = Microsoft SQL Server 2005 Analysis Services
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{A188FCCF-E929-494D-B1F1-4313E02ACD52}" = SQLXML4
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B03AAFA3-07B7-4D93-8ECD-12B977BF861E}" = HP ProLiant Integrated Management Log Viewer
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BF38D61B-B739-4170-84C5-05F3DA650447}" = Symantec Backup Exec Remote Agent for Windows
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DFB7A687-8111-4CC2-B175-9431708F7902}" = HP Insight Management Agents
"{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}" = Microsoft SQL Server 2005 Integration Services
"{F8C40C34-FF8A-4A4D-8FA4-8DFF4503A61C}" = HP Lights-Out Online Configuration Utility
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"Adobe AIR" = Adobe AIR
"Apache Tomcat 5.5" = Apache Tomcat 5.5 (remove only)
"ATI Display Driver" = ATI Display Driver
"dBASE PLUS series1 Runtime Engine" = dBASE PLUS Runtime Engine
"HP ACU" = HP Array Configuration Utility
"HP ACUCLI" = HP Array Configuration Utility CLI
"HP ADU" = HP Array Diagnostic Utility
"HP Protected Your Data" = HP Protect Your Data
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"RealVNC_is1" = VNC Free Edition 4.1.1
"Remote Agent for Windows Servers" = Symantec Backup Exec Remote Agent for Windows
"TuneUp Utilities" = TuneUp Utilities
"WIC" = Windows Imaging Component
"WinAir SQL 5.0.0_is1" = WinAir Workstation version 5.0.0
"Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2062434412-627062527-4131258346-4985\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Update Center 5.1" = Update Center 5.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2062434412-627062527-4131258346-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Update Center 5.1" = Update Center 5.1

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/22/2014 22:01:04 | Computer Name = POMSRVR_WINAIR0 | Source = Sophos Anti-Virus | ID = 131078
Description = E_FAILURE. CManager::BeginProcessing in the ComponentManager component
encountered a catastrophic error that it could not recover from.

Error - 4/22/2014 22:01:04 | Computer Name = POMSRVR_WINAIR0 | Source = Sophos Anti-Virus | ID = 131091
Description = Error when calling BeginProcessing on ComponentManager.

Error - 4/22/2014 22:01:04 | Computer Name = POMSRVR_WINAIR0 | Source = Sophos Anti-Virus | ID = 196608
Description = Exception caught in CInfrastructureModule::PreMessageLoop.

Error - 4/23/2014 01:09:00 | Computer Name = POMSRVR_WINAIR0 | Source = Sophos Anti-Virus | ID = 131078
Description = E_FAILURE. CManager::BeginProcessing in the ComponentManager component
encountered a catastrophic error that it could not recover from.

Error - 4/23/2014 01:09:00 | Computer Name = POMSRVR_WINAIR0 | Source = Sophos Anti-Virus | ID = 131091
Description = Error when calling BeginProcessing on ComponentManager.

Error - 4/23/2014 01:09:00 | Computer Name = POMSRVR_WINAIR0 | Source = Sophos Anti-Virus | ID = 196608
Description = Exception caught in CInfrastructureModule::PreMessageLoop.

Error - 4/23/2014 01:09:32 | Computer Name = POMSRVR_WINAIR0 | Source = Sophos Anti-Virus | ID = 131078
Description = E_FAILURE. CManager::BeginProcessing in the ComponentManager component
encountered a catastrophic error that it could not recover from.

Error - 4/23/2014 01:09:32 | Computer Name = POMSRVR_WINAIR0 | Source = Sophos Anti-Virus | ID = 131091
Description = Error when calling BeginProcessing on ComponentManager.

Error - 4/23/2014 01:09:32 | Computer Name = POMSRVR_WINAIR0 | Source = Sophos Anti-Virus | ID = 196608
Description = Exception caught in CInfrastructureModule::PreMessageLoop.

Error - 4/24/2014 00:33:55 | Computer Name = POMSRVR_WINAIR0 | Source = WinVNC4 | ID = 1
Description = DeviceFrameBuffer: BitBlt failed:5

[ System Events ]
Error - 4/18/2014 23:46:58 | Computer Name = POMSRVR_WINAIR0 | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 4/18/2014 23:47:10 | Computer Name = POMSRVR_WINAIR0 | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 4/18/2014 23:47:57 | Computer Name = POMSRVR_WINAIR0 | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 4/18/2014 23:47:57 | Computer Name = POMSRVR_WINAIR0 | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 4/18/2014 23:48:02 | Computer Name = POMSRVR_WINAIR0 | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 4/18/2014 23:48:02 | Computer Name = POMSRVR_WINAIR0 | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 4/18/2014 23:48:02 | Computer Name = POMSRVR_WINAIR0 | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 4/18/2014 23:48:02 | Computer Name = POMSRVR_WINAIR0 | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 4/19/2014 01:17:59 | Computer Name = POMSRVR_WINAIR0 | Source = NetBT | ID = 4321
Description = The name "AIRNIUGINI :1d" could not be registered on the Interface
with IP address 192.168.48.60. The machine with the IP address 192.168.48.108 did
not allow the name to be claimed by this machine.

Error - 4/19/2014 01:27:02 | Computer Name = POMSRVR_WINAIR0 | Source = NetBT | ID = 4321
Description = The name "AIRNIUGINI :1d" could not be registered on the Interface
with IP address 192.168.48.60. The machine with the IP address 192.168.48.108 did
not allow the name to be claimed by this machine.

[ TuneUp Events ]
Error - 9/19/2013 06:32:22 | Computer Name = POMSRVR_WINAIR0 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 9/19/2013 06:32:22 | Computer Name = POMSRVR_WINAIR0 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 9/19/2013 06:32:22 | Computer Name = POMSRVR_WINAIR0 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =


< End of report >
Back to Top
 

dulc88
New Member


Date Joined Apr 2014
Total Posts : 2
 
   Posted 4/25/2014 4:02 AM (GMT +3)    Quote: HOW TO REMOVE WIN32:SALITY VIRUSAlert an admin about: HOW TO REMOVE WIN32:SALITY VIRUS
Here's the log from the MBR Check...

Cheers,
Dulcie



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Server 2003 R2, Standard Edition
Windows Information: Service Pack 2 (build 3790)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 123):
0x80800000 \WINDOWS\system32\ntkrnlpa.exe
0x80A5A000 \WINDOWS\system32\hal.dll
0xF7707000 \WINDOWS\system32\KDCOM.DLL
0xF770F000 \WINDOWS\system32\BOOTVID.dll
0xF7352000 ACPI.sys
0xF7487000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF733C000 pci.sys
0xF7497000 isapnp.sys
0xF7717000 pciide.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74B7000 MountMgr.sys
0xF7315000 ftdisk.sys
0xF771F000 dmload.sys
0xF72E9000 dmio.sys
0xF72BF000 volsnap.sys
0xF74C7000 PartMgr.sys
0xF72A2000 atapi.sys
0xF74D7000 HpCISSs2.sys
0xF7284000 \WINDOWS\system32\drivers\storport.sys
0xF74E7000 disk.sys
0xF7271000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF724C000 fltmgr.sys
0xF74F7000 Dfs.sys
0xF7226000 KSecDD.sys
0xF7855000 bxvbdx.sys
0xF7B4A000 Ntfs.sys
0xF76C8000 NDIS.sys
0xF7207000 Mup.sys
0xF7507000 crcdisk.sys
0xF7537000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7567000 \SystemRoot\system32\DRIVERS\bxnd52x.sys
0xF777F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9F34000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7787000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9DD6000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB9DBA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7547000 \SystemRoot\system32\DRIVERS\watchdog.sys
0xF7527000 \SystemRoot\system32\DRIVERS\cpqcidrv.sys
0xB9D9B000 \SystemRoot\system32\DRIVERS\hpqilo2.sys
0xB9D88000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7587000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7607000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB9CD3000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7597000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF778F000 \SystemRoot\system32\DRIVERS\sdcfilter.sys
0xF7647000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9CBE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9CAA000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9C83000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7797000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9C6F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF75C7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9C56000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB9C44000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7637000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7627000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9C0D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF75E7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79A7000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9BAE000 \SystemRoot\system32\DRIVERS\update.sys
0xF7677000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7577000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB9A18000 \SystemRoot\System32\drivers\dmboot.sys
0xB99DB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79A9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77AF000 \SystemRoot\system32\DRIVERS\savonaccessfilter.sys
0xB98EB000 \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys
0xF77B7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF77BF000 \SystemRoot\System32\Drivers\Null.SYS
0xF77C7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77CF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7697000 \SystemRoot\System32\drivers\vga.sys
0xF77D7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF77DF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7617000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7667000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF77E7000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB9862000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB9D78000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB97CE000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB97A4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9773000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB9D68000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB9D58000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB9721000 \SystemRoot\System32\drivers\afd.sys
0xB9D48000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB9651000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB963F000 \SystemRoot\system32\drivers\pdfsd.sys
0xB95C9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB95B8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB9555000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB9536000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB9516000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB94D9000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF77F7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB9D18000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB9D08000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB9CF8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB9CE8000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xB9B6E000 \SystemRoot\System32\Drivers\dump_HpCISSs2.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9B5E000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9D3000 \SystemRoot\System32\drivers\dxg.sys
0xF780F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9EA000 \SystemRoot\System32\ati2dvag.dll
0xBFA2A000 \SystemRoot\System32\ati2cqag.dll
0xBFA64000 \SystemRoot\System32\atikvmag.dll
0xBFA9A000 \SystemRoot\System32\ATMFD.DLL
0xB917A000 \SystemRoot\system32\DRIVERS\bridge.sys
0xB9449000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB8EA9000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8D2D000 \SystemRoot\system32\DRIVERS\srv.sys
0xB87C5000 \SystemRoot\system32\DRIVERS\vstor2-mntapi10-shared.sys
0xB7FC8000 \SystemRoot\system32\DRIVERS\VirtFile.sys
0xB7F58000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xF7A92000 \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
0xB8015000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB7C55000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xF79F5000 \??\C:\WINDOWS\system32\drivers\jjoipq.sys
0xBFF60000 \SystemRoot\System32\RDPDD.dll
0x7C800000 \WINDOWS\system32\ntdll.dll

Processes (total 74):
0 System Idle Process
4 System
372 C:\WINDOWS\system32\smss.exe
420 csrss.exe
448 C:\WINDOWS\system32\winlogon.exe
496 C:\WINDOWS\system32\services.exe
508 C:\WINDOWS\system32\lsass.exe
704 C:\WINDOWS\system32\svchost.exe
792 svchost.exe
1148 svchost.exe
1184 svchost.exe
1224 C:\WINDOWS\system32\svchost.exe
1392 C:\WINDOWS\system32\spoolsv.exe
1416 msdtc.exe
1548 C:\Program Files\Symantec\Backup Exec\RAWS\bedbg.exe
1568 C:\Program Files\HP\Cissesrv\cissesrv.exe
1584 C:\WINDOWS\system32\cpqrcmc.exe
1600 C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
1632 C:\WINDOWS\system32\svchost.exe
1704 C:\WINDOWS\system32\inetsrv\inetinfo.exe
1896 MsDtsSrvr.exe
1940 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
1972 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
2096 C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
2152 svchost.exe
2268 C:\WINDOWS\system32\snmp.exe
2300 C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
2452 C:\Program Files\Sophos\Remote Management System\RouterNT.exe
2500 C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
2692 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2876 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
2976 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3060 C:\WINDOWS\system32\sysdown.exe
3088 C:\hp\hpsmh\bin\smhstart.exe
3132 C:\hp\hpsmh\bin\hpsmhd.exe
3148 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
3200 C:\hp\hpsmh\bin\rotatelogs.exe
3208 C:\hp\hpsmh\bin\rotatelogs.exe
3300 C:\hp\hpsmh\bin\hpsmhd.exe
3308 C:\Program Files\RealVNC\VNC4\winvnc4.exe
3372 C:\hp\hpsmh\bin\rotatelogs.exe
3380 C:\hp\hpsmh\bin\rotatelogs.exe
3392 C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
4276 C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
4320 C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe
4344 C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe
4412 wmiprvse.exe
4528 C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe
4584 C:\WINDOWS\system32\svchost.exe
4748 C:\WINDOWS\system32\svchost.exe
4860 C:\WINDOWS\system32\dmadmin.exe
5616 wmiprvse.exe
5392 C:\Program Files\Java\jre7\bin\jqs.exe
1988 svchost.exe
5264 C:\WINDOWS\Rundll16.exe
1124 C:\WINDOWS\explorer.exe
6664 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
6600 C:\WINDOWS\system32\msiexec.exe
2120 C:\WINDOWS\system32\msiexec.exe
7280 \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1\mbam-setup-1.75.0.1300.exe
2020 \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1\mbam-setup-1.75.0.1300.exe
3144 \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1\mbam-setup-1.75.0.1300.exe
5140 csrss.exe
684 C:\WINDOWS\system32\winlogon.exe
7944 C:\WINDOWS\system32\rdpclip.exe
8172 C:\WINDOWS\system32\ctfmon.exe
7336 C:\WINDOWS\explorer.exe
5220 C:\WINDOWS\system32\cpqteam.exe
8576 C:\WINDOWS\system32\Winzip.exe
8620 C:\WINDOWS\system32\Update.exe
10120 \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1\Malwarebytes\mbam-setup-1.75.0.1300.exe
8640 C:\WINDOWS\system32\logon.scr
19520 C:\WINDOWS\system32\inetsrv\w3wp.exe
20472 \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1\MBRCheck (1).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00004000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00004000 (NTFS)

PhysicalDrive0 Model Number: HPLOGICAL VOLUME, Rev: 2.08
PhysicalDrive1 Model Number: HPLOGICAL VOLUME, Rev: 2.08

Size Device Name MBR Status
--------------------------------------------
33 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
273 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
Dump the MBR of a physical disk to file.
Restore the MBR of a physical disk with a standard boot code.
Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: -99RE: Dumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!
Back to Top
 
New Topic Post reply to : HOW TO REMOVE WIN32:SALITY VIRUS Printable version of : HOW TO REMOVE WIN32:SALITY VIRUS
 
Forum Information
Currently it is Thursday, July 24, 2014 5:09 AM (GMT +3)
There are a total of 60,522 posts in 13,303 threads.
In the last 3 days there were 3 new threads and 8 reply posts. View Active Threads
Who's Online
This forum has 36154 registered members. Please welcome our newest member, waferisigadung.
5 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Virus Through Email (3)7/23/2014 4:07:57 AM (Touch)
Firewall causing high CPU usage (5)7/22/2014 7:01:03 PM (rv1979)
Python.exe is malware?? (1)7/22/2014 12:51:17 PM (Touch)
Cant delete annoying music downloader help? (1)7/22/2014 7:44:23 AM (Touch)