Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help to remove jview.exe and shimgv.exe viruses


  • This topic is locked This topic is locked

#1
techgeek37

techgeek37

    Member

  • Member
  • PipPip
  • 21 posts
results of OTL;



OTL logfile created on: 7/31/2012 3:06:31 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\[email protected]\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.89 Mb Total Physical Memory | 584.28 Mb Available Physical Memory | 57.68% Memory free
2.37 Gb Paging File | 1.43 Gb Available in Paging File | 60.20% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 11.95 Gb Free Space | 40.80% Space Free | Partition Type: NTFS
Drive D: | 119.72 Gb Total Space | 51.21 Gb Free Space | 42.78% Space Free | Partition Type: NTFS

Computer Name: POS40 | User Name: [email protected] | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/31 15:05:07 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\[email protected]\My Documents\Downloads\OTL.exe
PRC - [2012/07/10 12:09:02 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/06/23 12:30:07 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe
PRC - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:55:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/04/24 02:11:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/04/18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/09/29 16:19:26 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/09/29 16:19:16 | 003,508,112 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2010/07/05 03:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] (1280 X 960) -- C:\Documents and Settings\[email protected]\Application Data\Java\ϝshimgvwʅ.exe
PRC - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] (1280 X 960) -- C:\Documents and Settings\[email protected]\Application Data\Java\ߙJviewʚ.exe
PRC - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/27 15:40:24 | 000,102,400 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/17 10:48:22 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\[email protected]\Local Settings\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
MOD - [2012/07/10 12:09:00 | 000,438,296 | ---- | M] () -- C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/10 12:08:59 | 003,972,120 | ---- | M] () -- C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 12:07:22 | 000,140,328 | ---- | M] () -- C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 12:07:21 | 000,262,184 | ---- | M] () -- C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 12:07:19 | 002,386,984 | ---- | M] () -- C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/10 10:17:27 | 009,255,112 | ---- | M] () -- C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012/07/03 12:10:11 | 004,051,456 | ---- | M] () -- C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.3\libGLESv2.dll
MOD - [2012/07/03 12:10:11 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.3\libEGL.dll
MOD - [2012/06/14 08:55:53 | 014,631,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9f9ada0c61de38cc68d1cfea4af0e2b2\PresentationFramework.ni.dll
MOD - [2012/06/14 08:55:29 | 012,597,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\640fdc3675ab17fb1e77f27347d5d9e4\PresentationCore.ni.dll
MOD - [2012/06/14 08:54:41 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/14 08:54:35 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/05/12 09:15:31 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/12 08:46:31 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/12 08:43:59 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
MOD - [2012/05/11 22:03:06 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 22:02:55 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/11 21:58:45 | 001,249,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012/04/16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/05 11:41:31 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2011/09/29 16:19:26 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/09/16 11:55:38 | 000,621,480 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2011/09/16 11:55:38 | 000,463,784 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2011/09/16 11:55:38 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2011/09/16 11:55:38 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2010/07/05 05:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/05 05:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/05 03:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] () -- C:\Documents and Settings\[email protected]\Application Data\Java\?shimgvw?.exe
MOD - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] () -- C:\Documents and Settings\[email protected]\Application Data\Java\?Jview?.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:55:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2002/02/04 05:20:00 | 000,053,296 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\CWBRXD.EXE -- (Cwbrxd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mesjeiqp.sys -- (mesjeiqp)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 21:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/20 01:12:06 | 000,023,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MP4ConverterAudio.sys -- (MP4ConverterAudio)
DRV - [2011/08/25 12:43:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/08/25 12:43:54 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/06/02 13:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2010/12/21 13:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/07/05 03:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008/06/19 18:52:30 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k)
DRV - [2008/03/28 10:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000b8ac6f0df8da
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000b8ac6f0df8da
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKCU\..\SearchScopes\{A5325974-F981-49B1-801A-3ADD7B3A5DA7}: "URL" = http://websearch.ask...54-65CA4BE5D5F2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/23 12:30:21 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com.my/
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylo...000b8ac6f0df8da
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com.my/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: I Want This = C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\crossrider
CHR - Extension: I Want This = C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\
CHR - Extension: I Want This = C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_2\crossrider
CHR - Extension: I Want This = C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_2\
CHR - Extension: Gmail = C:\Documents and Settings\[email protected]\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/15 10:33:58 | 000,437,990 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15066 more lines...
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WinToFlash Suggestor) - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Client Access Check Version] C:\Program Files\IBM\Client Access\cwbckver.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [jre͸] C:\Documents and Settings\[email protected]\Application Data\Java\ߙJviewʚ.exe (1280 X 960)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [METROJAY-832BEB̉] C:\Documents and Settings\[email protected]\Application Data\Java\ϝshimgvwʅ.exe (1280 X 960)
O4 - HKCU..\Run: [POS40̉] C:\Documents and Settings\[email protected]\Application Data\Java\ϝshimgvwʅ.exe (1280 X 960)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FTP Utility.lnk = C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {1FBDF235-C5A9-4F21-BD79-9EC0DCF8AC29} http://metrojayasuri.../AVC_AX_DVR.cab (CV781Object Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1317179352906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFD33790-568A-4DBC-8844-B19E995D33B4}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O27 - HKLM IFEO\ansavgd: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\attrib.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\autorunme.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\blastclnn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\blastclnnn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\cscript.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\egui.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\EHttpSrv.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ise32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\Nbrowser.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\New Folder.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Njeeves.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32kui.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npc_login.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npc_tray.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npcsvc32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npflgutl.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfports.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfrules.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfsvc32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfuser.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfwiz.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nprosec.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nuaa.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Nvcoa.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvcsched.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvoy.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\reg32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\rtpsvc.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\scsaver.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\SSCVIHOST.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscript.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/28 09:05:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/31 11:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RegUtility
[2012/07/31 11:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\RegUtility
[2012/07/29 13:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/07/26 16:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[email protected]\Desktop\MyEgy.Com.Billboard Hot 100
[2012/07/26 13:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[email protected]\Desktop\Pelbagai - Kompilasi Lagu Raya 2
[2012/07/26 13:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Unrar Extract and Recover 4.5
[2012/07/26 12:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Appnimi
[2012/07/26 12:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[email protected]\Desktop\PA System
[2012/07/26 12:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[email protected]\Desktop\Lagu Raya 2012
[2012/07/19 12:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[email protected]\Desktop\Photomatix Pro v4.2.3 Port
[2012/07/17 10:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[email protected]\Local Settings\Application Data\Samsung
[2012/07/17 10:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[email protected]\My Documents\samsung
[2012/07/17 10:47:28 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudmdm.sys
[2012/07/17 10:47:27 | 000,077,624 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudbus.sys
[2012/07/17 10:47:22 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadbus.sys
[2012/07/17 10:47:22 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadwhnt.sys
[2012/07/17 10:47:22 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadwh.sys
[2012/07/17 10:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
[2012/07/17 10:46:35 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2012/07/17 10:46:22 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2012/07/17 10:46:22 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2012/07/17 10:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012/07/17 10:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[email protected]\Application Data\Samsung
[2012/07/17 10:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2012/07/17 10:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/07/17 10:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[email protected]\Local Settings\Application Data\Downloaded Installations
[2012/07/05 13:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/07/05 12:08:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\[email protected]\Recent
[2012/07/04 16:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2012/07/04 15:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2012/07/04 15:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Unattended Soft
[2012/07/04 15:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2012/07/04 15:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2012/07/03 12:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinToFlash Suggestor
[2012/07/03 12:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[email protected]\Local Settings\Application Data\I Want This
[2012/07/03 12:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\I Want This
[2012/07/03 12:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[email protected]\Local Settings\Application Data\Babylon
[2012/07/03 12:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/07/03 12:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[email protected]\Application Data\Babylon
[2010/08/13 00:32:04 | 015,728,768 | ---- | C] (EffectMatrix Inc. ) -- C:\Documents and Settings\[email protected]\Application Data\tvc371.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/31 15:08:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/07/31 14:56:47 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FA4D989F-E347-4307-9C3B-3C1A33CD1E2D}.job
[2012/07/31 12:17:26 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-861567501-813497703-1801674531-1003.job
[2012/07/31 12:17:22 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-813497703-1801674531-1003.job
[2012/07/31 12:17:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/31 12:17:15 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-861567501-813497703-1801674531-500.job
[2012/07/31 12:14:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/31 11:07:15 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegUtility.lnk
[2012/07/31 10:46:52 | 000,132,391 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\viruses.JPG
[2012/07/30 09:32:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-813497703-1801674531-1003Core1cd654db4d2e17e.job
[2012/07/26 12:09:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-813497703-1801674531-500.job
[2012/07/22 17:39:00 | 000,967,729 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\01 Track 1.wma
[2012/07/20 11:25:09 | 001,494,982 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\MAYBANK CARDMEMBERS mode.jpg
[2012/07/20 10:50:00 | 002,061,722 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\MAYBANK CARDMEMBERS.jpg
[2012/07/19 17:42:21 | 010,596,928 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\IMG_0507_tonemapped.jpg
[2012/07/19 14:08:20 | 011,329,985 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\IMG_0766_tonemapped.jpg
[2012/07/19 11:32:17 | 007,197,953 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\Photomatix_Pro_v4.2.3_Port.rar
[2012/07/18 09:46:55 | 000,062,010 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\birthday-ballon-border-md.png
[2012/07/18 09:28:04 | 000,040,985 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\hearts_border.png
[2012/07/17 18:56:01 | 000,119,296 | ---- | M] () -- C:\Documents and Settings\[email protected]\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/17 18:21:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/07/17 18:21:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2012/07/17 12:27:04 | 000,054,472 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\error disable network.JPG
[2012/07/17 10:48:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/07/17 10:47:36 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2012/07/17 10:46:39 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\[email protected]\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/07/14 17:38:54 | 002,221,149 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\raya sale2.jpg
[2012/07/14 17:25:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\Copy of raya sale.jpg
[2012/07/14 16:56:00 | 002,770,668 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\raya sale.jpg
[2012/07/12 12:54:39 | 000,023,944 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\facts.jpg
[2012/07/12 09:20:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/12 08:46:35 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\[email protected]\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/12 08:46:34 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\Google Chrome.lnk
[2012/07/12 08:42:23 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/12 08:26:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/10 17:10:46 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/07/09 16:14:44 | 001,246,708 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\Raya Mailer 2012_Front.jpg
[2012/07/09 16:14:40 | 000,928,666 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\Raya Mailer 2012_C&F.jpg
[2012/07/09 16:14:37 | 001,164,830 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\Raya Mailer 2012_Back.jpg
[2012/07/09 16:04:53 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/07/09 15:57:06 | 000,402,881 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\Diners Club-Metrojaya .jpg
[2012/07/09 15:54:09 | 000,551,658 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\MJ tentcard 6x7-25 0712.pdf
[2012/07/09 12:43:21 | 000,043,548 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\MJ brands.JPG
[2012/07/09 12:10:21 | 000,063,996 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\MJ Gift Voucher.JPG
[2012/07/09 12:00:50 | 003,038,701 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\MJPC4.jpg
[2012/07/09 11:44:04 | 000,174,358 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\MJPC.jpg
[2012/07/09 11:10:06 | 000,061,985 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\MJPC2.JPG
[2012/07/09 11:09:10 | 000,039,201 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\MJPCT.JPG
[2012/07/09 10:54:32 | 000,170,806 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\MJPC.png
[2012/07/09 10:43:15 | 000,148,687 | ---- | M] () -- C:\Documents and Settings\[email protected]\Desktop\Metrojaya Kuching Sarawak OPENING SOON!!!.jpg
[2012/07/04 16:01:36 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc
[2012/07/04 16:01:16 | 000,034,308 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mazuki.dll
[2012/07/04 16:01:04 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2012/07/04 15:58:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Irremote.ini
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/31 11:07:15 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegUtility.lnk
[2012/07/31 10:46:00 | 000,132,391 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\viruses.JPG
[2012/07/23 11:47:29 | 000,967,729 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\01 Track 1.wma
[2012/07/20 11:24:54 | 001,494,982 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\MAYBANK CARDMEMBERS mode.jpg
[2012/07/20 11:12:42 | 002,061,722 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\MAYBANK CARDMEMBERS.jpg
[2012/07/19 17:42:13 | 010,596,928 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\IMG_0507_tonemapped.jpg
[2012/07/19 17:12:00 | 007,003,668 | R--- | C] () -- C:\Documents and Settings\[email protected]\Desktop\IMG_0507.JPG
[2012/07/19 14:08:10 | 011,329,985 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\IMG_0766_tonemapped.jpg
[2012/07/19 13:27:46 | 006,815,423 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\IMG_0766.JPG
[2012/07/19 12:54:58 | 007,197,953 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\Photomatix_Pro_v4.2.3_Port.rar
[2012/07/19 11:11:16 | 000,054,472 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\error disable network.JPG
[2012/07/19 09:27:48 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-813497703-1801674531-1003Core1cd654db4d2e17e.job
[2012/07/18 09:46:58 | 000,062,010 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\birthday-ballon-border-md.png
[2012/07/18 09:28:07 | 000,040,985 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\hearts_border.png
[2012/07/17 20:05:13 | 000,260,608 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/07/17 18:56:04 | 734,003,200 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\[DB]_Naruto_Shippuuden_The Movie_[75F57621].avi
[2012/07/17 18:21:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/07/17 18:21:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2012/07/17 10:47:36 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2012/07/17 10:46:39 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\[email protected]\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/07/14 17:38:49 | 002,221,149 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\raya sale2.jpg
[2012/07/14 17:19:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\Copy of raya sale.jpg
[2012/07/14 17:18:40 | 002,770,668 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\raya sale.jpg
[2012/07/12 12:54:47 | 000,023,944 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\facts.jpg
[2012/07/12 08:22:48 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/07/09 16:14:23 | 001,246,708 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\Raya Mailer 2012_Front.jpg
[2012/07/09 16:14:19 | 000,928,666 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\Raya Mailer 2012_C&F.jpg
[2012/07/09 16:14:16 | 001,164,830 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\Raya Mailer 2012_Back.jpg
[2012/07/09 16:03:03 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/07/09 15:57:04 | 000,402,881 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\Diners Club-Metrojaya .jpg
[2012/07/09 15:54:05 | 000,551,658 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\MJ tentcard 6x7-25 0712.pdf
[2012/07/09 12:42:07 | 000,043,548 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\MJ brands.JPG
[2012/07/09 12:10:21 | 000,063,996 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\MJ Gift Voucher.JPG
[2012/07/09 11:59:06 | 003,038,701 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\MJPC4.jpg
[2012/07/09 11:10:06 | 000,061,985 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\MJPC2.JPG
[2012/07/09 11:09:10 | 000,174,358 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\MJPC.jpg
[2012/07/09 11:09:10 | 000,039,201 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\MJPCT.JPG
[2012/07/09 10:54:47 | 000,170,806 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\MJPC.png
[2012/07/09 10:43:19 | 000,148,687 | ---- | C] () -- C:\Documents and Settings\[email protected]\Desktop\Metrojaya Kuching Sarawak OPENING SOON!!!.jpg
[2012/07/04 16:01:36 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc
[2012/07/04 16:01:16 | 000,034,308 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mazuki.dll
[2012/07/04 16:01:04 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2012/07/04 15:58:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2012/05/26 11:26:12 | 000,000,403 | ---- | C] () -- C:\WINDOWS\TopScan.INI
[2012/04/26 14:40:52 | 000,109,216 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2012/04/26 14:40:52 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2012/04/19 15:17:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/02/28 13:12:35 | 000,002,067 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2012/02/15 10:18:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/05 19:16:08 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2012/02/01 15:18:23 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2011/10/28 12:46:26 | 000,794,624 | ---- | C] () -- C:\WINDOWS\System32\AVC_AP_H264.dll
[2011/10/09 09:21:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/04 10:44:56 | 000,000,621 | ---- | C] () -- C:\WINDOWS\System32\hppapr09.dat
[2011/09/30 16:26:32 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/09/30 16:26:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/09/30 10:37:42 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/09/29 16:50:10 | 000,119,296 | ---- | C] () -- C:\Documents and Settings\[email protected]\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 16:57:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/28 16:56:46 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/28 16:33:11 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2011/09/28 16:32:46 | 000,020,533 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe
[2011/09/28 16:32:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\qxdaedrs.dll
[2011/09/28 16:32:41 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2011/09/28 16:32:41 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2011/09/28 16:32:41 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2011/09/28 16:32:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2011/09/28 16:32:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2011/09/28 16:32:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2011/09/28 16:32:41 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2011/09/28 16:32:41 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2011/09/28 09:26:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2011/09/28 09:06:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/28 09:02:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

========== LOP Check ==========

[2012/05/18 11:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\323C8
[2012/07/03 12:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/07/29 13:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/07/17 10:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/05/03 12:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2012/05/03 12:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/30 16:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[email protected]\Application Data\AnvSoft
[2012/05/25 16:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[email protected]\Application Data\AskToolbar
[2012/07/03 12:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[email protected]\Application Data\Babylon
[2012/05/26 08:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[email protected]\Application Data\bearsharemediabartb
[2011/10/15 15:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[email protected]\Application Data\Haenlein-Software
[2012/07/31 15:09:48 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\[email protected]\Application Data\Java
[2011/10/04 10:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[email protected]\Application Data\Minolta
[2012/07/17 10:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[email protected]\Application Data\Samsung
[2011/10/11 15:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[email protected]\Application Data\Xilisoft
[2012/07/31 15:08:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012/07/31 14:56:47 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FA4D989F-E347-4307-9C3B-3C1A33CD1E2D}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:553CA6CA

< End of report >
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, techgeek37! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.



Step 1.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    PRC - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] (1280 X 960) -- C:\Documents and Settings\[email protected]\Application Data\Java\ϝshimgvwʅ.exe
    PRC - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] (1280 X 960) -- C:\Documents and Settings\[email protected]\Application Data\Java\ߙJviewʚ.exe
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mesjeiqp.sys -- (mesjeiqp)
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000b8ac6f0df8da
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000b8ac6f0df8da
    IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit...q={searchTerms}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
    IE - HKCU\..\SearchScopes\{A5325974-F981-49B1-801A-3ADD7B3A5DA7}: "URL" = http://websearch.ask...54-65CA4BE5D5F2
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll (215 Apps)
    O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKCU..\Run: [jre͸] C:\Documents and Settings\[email protected]\Application Data\Java\ߙJviewʚ.exe (1280 X 960)
    O4 - HKCU..\Run: [METROJAY-832BEB̉] C:\Documents and Settings\[email protected]\Application Data\Java\ϝshimgvwʅ.exe (1280 X 960)
    O4 - HKCU..\Run: [POS40̉] C:\Documents and Settings\[email protected]\Application Data\Java\ϝshimgvwʅ.exe (1280 X 960)
    O27 - HKLM IFEO\ansavgd: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\attrib.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
    O27 - HKLM IFEO\autorunme.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\blastclnn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\blastclnnn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\cscript.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
    O27 - HKLM IFEO\egui.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\EHttpSrv.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\ekrn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\ise32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
    O27 - HKLM IFEO\Nbrowser.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\New Folder.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\Njeeves.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\nod32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\nod32krn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\nod32kui.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\npc_login.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\npc_tray.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\npcsvc32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\npflgutl.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\npfports.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\npfrules.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\npfsvc32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\npfuser.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\npfwiz.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\nprosec.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\nuaa.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\Nvcoa.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\nvcsched.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\nvoy.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\reg32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\rtpsvc.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\scsaver.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\SSCVIHOST.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O27 - HKLM IFEO\wscript.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
    [2012/07/31 15:08:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2012/05/18 11:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\323C8
    [2012/07/03 12:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2012/07/29 13:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
    [2012/05/25 16:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[email protected]\Application Data\AskToolbar
    [2012/07/03 12:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[email protected]\Application Data\Babylon
    [2012/05/26 08:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[email protected]\Application Data\bearsharemediabartb
    [2012/07/31 15:09:48 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\[email protected]\Application Data\Java
    [2012/07/31 15:08:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    
    
    
    :files
    ipconfig /flushdns /c
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 2.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 3.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 4.

Please post:

OTL fix log
aswMBR log
OTL.txt
Extras.txt


Give me an update on your computer's issues.
  • 0

#3
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Duplicate so will be closed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP