Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help to remove jview.exe and shimgv.exe viruses [Solved]

Started by techgeek37 , Feb 06 2013 03:11 AM

  • This topic is locked This topic is locked

#1
techgeek37
Posted 06 February 2013 - 03:11 AM

techgeek37

    Member

  • Member
  • PipPip
  • 21 posts
hi ! good day guys,

first of all this is my 2nd time infected by this viruses, and i dont know specific way to remove this virus...

recently my pc have been infected by a viruses. all the picture on my computer has turn to .exe format and the virus use to hidden my original pictures. i already try to scan with avira free but no luck. already try malwarebyte and others free tools but also resulting the same. here i attach an image of the task manager where the said viruses appear. please help me everyone...
  • 0

Advertisements

#2
Essexboy
Posted 06 February 2013 - 08:24 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there first I will need to see what is on the system


Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
techgeek37
Posted 06 February 2013 - 08:45 PM

techgeek37

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
hi essexboy,

thanks for replying...

i have scan with otl and here is the log...

OTL logfile created on: 2/7/2013 9:54:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rony@\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.89 Mb Total Physical Memory | 425.98 Mb Available Physical Memory | 42.06% Memory free
2.37 Gb Paging File | 1.94 Gb Available in Paging File | 81.85% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 3.24 Gb Free Space | 11.07% Space Free | Partition Type: NTFS
Drive D: | 119.72 Gb Total Space | 30.36 Gb Free Space | 25.36% Space Free | Partition Type: NTFS

Computer Name: MJSSWKS11 | User Name: Rony@ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/07 09:24:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rony@\Desktop\OTL (1).exe
PRC - [2013/01/26 10:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/11/11 09:10:29 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe
PRC - [2012/04/18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2010/07/05 03:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] (1280 X 960) -- C:\Documents and Settings\Rony@\Application Data\Java\ϝshimgvwʅ.exe
PRC - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] (1280 X 960) -- C:\Documents and Settings\Rony@\Application Data\Java\ߙJviewʚ.exe
PRC - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/01/22 10:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008/01/22 10:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2004/10/27 15:40:24 | 000,102,400 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/26 10:35:06 | 000,460,240 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/26 10:35:04 | 004,012,496 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 10:34:19 | 000,597,968 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/26 10:34:18 | 000,124,368 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/26 10:34:16 | 001,552,848 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2010/07/05 05:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/05 03:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] () -- C:\Documents and Settings\Rony@\Application Data\Java\?shimgvw?.exe
MOD - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] () -- C:\Documents and Settings\Rony@\Application Data\Java\?Jview?.exe


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/01/09 13:19:38 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/02 14:26:22 | 000,124,632 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe -- (klnagent)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2002/02/04 05:20:00 | 000,053,296 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\CWBRXD.EXE -- (Cwbrxd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
DRV - [2012/08/09 03:00:23 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2011/09/20 01:12:06 | 000,023,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MP4ConverterAudio.sys -- (MP4ConverterAudio)
DRV - [2011/08/25 12:43:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/08/25 12:43:54 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/06/02 13:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/06/02 13:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/06/02 13:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/06/02 13:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/21 13:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/07/05 03:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008/06/19 18:52:30 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k)
DRV - [2008/03/28 10:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2007/01/29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {3E64CE41-AE01-4ADB-81C6-CC9C3BA97A46}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{3E64CE41-AE01-4ADB-81C6-CC9C3BA97A46}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-861567501-813497703-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-861567501-813497703-1801674531-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-861567501-813497703-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-861567501-813497703-1801674531-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000b8ac6f0df8da
IE - HKU\S-1-5-21-861567501-813497703-1801674531-1003\..\SearchScopes\{3E64CE41-AE01-4ADB-81C6-CC9C3BA97A46}: "URL" = http://www.google.co...1I7AURU_enMY500
IE - HKU\S-1-5-21-861567501-813497703-1801674531-1003\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit...q={searchTerms}
IE - HKU\S-1-5-21-861567501-813497703-1801674531-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKU\S-1-5-21-861567501-813497703-1801674531-1003\..\SearchScopes\{A5325974-F981-49B1-801A-3ADD7B3A5DA7}: "URL" = http://websearch.ask...54-65CA4BE5D5F2
IE - HKU\S-1-5-21-861567501-813497703-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/11 09:10:51 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com.my/
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylo...000b8ac6f0df8da
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com.my/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: I Want This = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.20.98_0\crossrider
CHR - Extension: I Want This = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.20.98_0\
CHR - Extension: Gmail = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/08/07 12:46:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WinToFlash Suggestor) - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-861567501-813497703-1801674531-1003\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Client Access Check Version] C:\Program Files\IBM\Client Access\cwbckver.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t File not found
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t File not found
O4 - HKU\S-1-5-21-861567501-813497703-1801674531-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-861567501-813497703-1801674531-1003..\Run: [jre͸] C:\Documents and Settings\Rony@\Application Data\Java\ߙJviewʚ.exe (1280 X 960)
O4 - HKU\S-1-5-21-861567501-813497703-1801674531-1003..\Run: [MJSSWKS11̉] C:\Documents and Settings\Rony@\Application Data\Java\ϝshimgvwʅ.exe (1280 X 960)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FTP Utility.lnk = C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-813497703-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-813497703-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O16 - DPF: {1FBDF235-C5A9-4F21-BD79-9EC0DCF8AC29} http://metrojayasuri.../AVC_AX_DVR.cab (CV781Object Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1317179352906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFD33790-568A-4DBC-8844-B19E995D33B4}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - File not found
O27 - HKLM IFEO\ansavgd: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\attrib.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\autorunme.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\blastclnn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\blastclnnn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\cscript.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\egui.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\EHttpSrv.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ise32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\Nbrowser.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\New Folder.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Njeeves.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32kui.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npc_login.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npc_tray.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npcsvc32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npflgutl.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfports.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfrules.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfsvc32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfuser.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfwiz.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nprosec.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nuaa.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Nvcoa.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvcsched.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvoy.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\reg32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\rtpsvc.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\scsaver.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\SSCVIHOST.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscript.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/28 09:05:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0f6f1303-ff98-11e1-9360-88c360526ab8}\Shell - "" = AutoRun
O33 - MountPoints2\{0f6f1303-ff98-11e1-9360-88c360526ab8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0f6f1303-ff98-11e1-9360-88c360526ab8}\Shell\AutoRun\command - "" = G:\MaxisBroadband.exe
O33 - MountPoints2\{23477c61-fa16-11e1-9353-f41eff5c524d}\Shell - "" = AutoRun
O33 - MountPoints2\{23477c61-fa16-11e1-9353-f41eff5c524d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{23477c61-fa16-11e1-9353-f41eff5c524d}\Shell\AutoRun\command - "" = G:\MaxisBroadband.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/07 09:23:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rony@\Desktop\OTL (1).exe
[2013/02/06 16:24:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/06 16:21:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rony@\Desktop\OTL.exe
[2013/02/06 15:21:16 | 000,287,566 | R--- | C] (1280 X 960) -- C:\Documents and Settings\All Users\Documents\255388_445049625528515_918610980_n.exe
[2013/02/06 12:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Desktop\mp3
[2013/02/06 12:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Desktop\lirik lagu w chord
[2013/02/06 12:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Desktop\SA MAU
[2013/01/16 16:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Start Menu\Programs\ExtractNow
[2013/01/16 16:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\ExtractNow
[2013/01/16 16:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Local Settings\Application Data\ExtractNow
[2013/01/16 16:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Systweak
[2013/01/16 16:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced File Optimizer
[2013/01/16 16:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced File Optimizer
[2013/01/10 15:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Local Settings\Application Data\PCHealth
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/07 10:03:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/02/07 10:00:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-813497703-1801674531-1003Core1cd654db4d2e17e.job
[2013/02/07 09:34:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-861567501-813497703-1801674531-1003.job
[2013/02/07 09:33:54 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-813497703-1801674531-1003.job
[2013/02/07 09:33:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/07 09:33:53 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/07 09:33:53 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\[email protected]
[2013/02/07 09:33:52 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-861567501-813497703-1801674531-500.job
[2013/02/07 09:33:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/07 09:24:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rony@\Desktop\OTL (1).exe
[2013/02/07 09:17:05 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/07 09:17:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-813497703-1801674531-500.job
[2013/02/07 09:06:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/07 08:59:23 | 000,011,631 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\735100_4711322494900_416534584_n.jpg
[2013/02/07 08:59:05 | 000,041,737 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\148307_581601898520710_1115325887_n.jpg
[2013/02/07 08:58:05 | 000,026,989 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\67082_10200301112468989_482596397_n.jpg
[2013/02/07 08:55:16 | 000,022,749 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\217580_589356914411875_1751090515_n.jpg
[2013/02/07 08:54:54 | 000,027,853 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\580451_590339884313578_9542554_n.jpg
[2013/02/07 08:37:31 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FA4D989F-E347-4307-9C3B-3C1A33CD1E2D}.job
[2013/02/06 16:55:27 | 000,132,676 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\jview n shimgvw viruses.JPG
[2013/02/06 16:48:05 | 000,023,367 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\xpost-363111-0-88995800-1343706770_thumb.jpg.pagespeed.ic.haAOPj7MLm.webp
[2013/02/06 16:21:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rony@\Desktop\OTL.exe
[2013/02/06 14:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-813497703-1801674531-1003Core1cd9499fd998ebe.job
[2013/02/01 11:59:45 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Rony@\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/01 11:59:44 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\Google Chrome.lnk
[2013/01/25 14:00:02 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/01/17 16:56:07 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/17 16:42:03 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Rony@\default.pls
[2013/01/16 16:30:52 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\ExtractNow.lnk
[2013/01/16 16:05:26 | 000,001,968 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced File Optimizer.lnk
[2013/01/16 16:05:26 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Rony@\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced File Optimizer.lnk
[2013/01/10 10:51:57 | 000,559,338 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/10 10:51:57 | 000,110,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/10 10:06:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/09 13:19:36 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/09 13:19:36 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/07 08:59:23 | 000,011,631 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\735100_4711322494900_416534584_n.jpg
[2013/02/07 08:59:04 | 000,041,737 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\148307_581601898520710_1115325887_n.jpg
[2013/02/07 08:58:05 | 000,026,989 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\67082_10200301112468989_482596397_n.jpg
[2013/02/07 08:55:16 | 000,022,749 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\217580_589356914411875_1751090515_n.jpg
[2013/02/07 08:54:47 | 000,027,853 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\580451_590339884313578_9542554_n.jpg
[2013/02/06 16:55:27 | 000,132,676 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\jview n shimgvw viruses.JPG
[2013/02/06 16:48:02 | 000,023,367 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\xpost-363111-0-88995800-1343706770_thumb.jpg.pagespeed.ic.haAOPj7MLm.webp
[2013/01/16 16:30:52 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\ExtractNow.lnk
[2013/01/16 16:05:26 | 000,001,968 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced File Optimizer.lnk
[2013/01/16 16:05:26 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Rony@\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced File Optimizer.lnk
[2013/01/06 11:56:24 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Rony@\default.pls
[2012/10/10 12:46:25 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/09/25 16:33:39 | 000,000,039 | ---- | C] () -- C:\WINDOWS\NetO32.INI
[2012/09/16 08:47:16 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2012/09/16 08:47:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2012/09/15 16:42:09 | 000,274,294 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-861567501-813497703-1801674531-501-0.dat
[2012/09/15 16:42:06 | 000,274,294 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-861567501-813497703-1801674531-1003-0.dat
[2012/09/13 17:30:41 | 000,274,294 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/07/09 16:03:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/07/04 16:01:16 | 000,034,308 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mazuki.dll
[2012/07/04 15:58:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2012/05/26 11:26:12 | 000,000,403 | ---- | C] () -- C:\WINDOWS\TopScan.INI
[2012/04/26 14:40:52 | 000,109,216 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2012/04/26 14:40:52 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2012/04/19 15:17:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/02/28 13:12:35 | 000,002,067 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2012/02/15 10:18:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/05 19:16:08 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2012/02/01 15:18:23 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2011/10/28 12:46:26 | 000,794,624 | ---- | C] () -- C:\WINDOWS\System32\AVC_AP_H264.dll
[2011/10/09 09:21:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/04 10:44:56 | 000,000,621 | ---- | C] () -- C:\WINDOWS\System32\hppapr09.dat
[2011/09/30 16:26:32 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/09/30 16:26:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/09/30 10:37:42 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/09/29 16:50:10 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 16:57:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/28 16:56:46 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/28 16:33:11 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2011/09/28 16:32:46 | 000,020,533 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe
[2011/09/28 16:32:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\qxdaedrs.dll
[2011/09/28 16:32:41 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2011/09/28 16:32:41 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2011/09/28 16:32:41 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2011/09/28 16:32:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2011/09/28 16:32:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2011/09/28 16:32:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2011/09/28 16:32:41 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2011/09/28 16:32:41 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2011/09/28 09:26:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2011/09/28 09:06:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/28 09:02:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

========== ZeroAccess Check ==========

[2011/10/04 08:51:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\alg.exe -- (ALG)
SRV - [2008/04/14 07:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 07:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 21:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 07:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 07:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/21 01:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\services.exe -- (Eventlog)
SRV - [2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 07:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 07:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 07:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 07:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 07:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 07:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 07:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/21 00:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\services.exe -- (PlugPlay)
SRV - [2010/08/17 21:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 07:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 07:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 20:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 07:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 07:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\lsass.exe -- (SamSs)
SRV - [2008/04/14 07:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 13:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/28 07:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 07:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 07:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 07:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 07:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 07:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 07:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 07:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\vssvc.exe -- (VSS)
SRV - [2008/04/14 07:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 07:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 07:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 07:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 07:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 20:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 07:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
No service found with a name of WZCSVC
SRV - [2009/06/10 14:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SERVICES >
[2008/04/14 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/12/18 22:28:18 | 000,558,791 | ---- | M] () MD5=A9983CC532F9B3FB1E87918D2313731D -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.CNF >
[2012/04/19 15:19:36 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Documents and Settings\Rony@\My Documents\My Web Sites\_vti_pvt\services.cnf

< MD5 for: SERVICES.EXE >
[2009/02/06 19:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 07:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2011/09/28 09:05:14 | 000,001,602 | ---- | M] () MD5=91DBA8C22627FC3D131A4FBCFDB5666F -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2008/04/14 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2008/04/14 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2008/04/14 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:553CA6CA

< End of report >


and the extra log..


OTL Extras logfile created on: 2/7/2013 9:54:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rony@\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.89 Mb Total Physical Memory | 425.98 Mb Available Physical Memory | 42.06% Memory free
2.37 Gb Paging File | 1.94 Gb Available in Paging File | 81.85% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 3.24 Gb Free Space | 11.07% Space Free | Partition Type: NTFS
Drive D: | 119.72 Gb Total Space | 30.36 Gb Free Space | 25.36% Space Free | Partition Type: NTFS

Computer Name: MJSSWKS11 | User Name: Rony@ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizerManager.exe -scanunknown "%1" (Systweak)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusOverride " = 1
"AntiVirusDisableNotify " = 1
"FirewallDisableNotify " = 1
"FirewallOverride " = 1
"UpdatesDisableNotify " = 1
"UacDisableNotify " = 1
"FirstRunDisabled " = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride " = 1
"AntiVirusDisableNotify " = 1
"FirewallDisableNotify " = 1
"FirewallOverride " = 1
"UpdatesDisableNotify " = 1
"UacDisableNotify " = 1
"FirstRunDisabled " = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"15000:UDP" = 15000:UDP:*:Enabled:Kaspersky Administration Kit

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5800:TCP" = 5800:TCP:*:Enabled:5800
"5900:TCP" = 5900:TCP:*:Enabled:5900
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"15000:UDP" = 15000:UDP:*:Enabled:Kaspersky Administration Kit

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe" = C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe:*:Enabled:FTP Utility -- (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09404F93-8684-4401-ACEA-325BBB7EAA2C}_is1" = Videoplayer 1.1.1.5
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{246C9716-CB18-492E-8679-5A88B9F73C68}_is1" = Fast MP3 Cutter Joiner v3.2 build 1628
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 37
"{27263813-8BDE-4CD2-84D3-02536743428A}_is1" = Attribute Changer 6.20
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{847CAE64-4CD2-4B2D-AF00-978FF5431033}" = Nero 7 Ultra Edition
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5EC243A-AAB4-4AF0-85A5-07F9F4618353}" = FTP Utility
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}" = Kaspersky Security Center Network Agent
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AD MP3 Cutter_is1" = AD MP3 Cutter 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced File Optimizer_is1" = Advanced File Optimizer
"Allok Video to MP4 Converter_is1" = Allok Video to MP4 Converter 6.0.0520
"Audacity_is1" = Audacity 2.0.2
"CCleaner" = CCleaner
"ClientAccessExpress" = IBM iSeries Access for Windows
"ExtractNow" = ExtractNow
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{A5EC243A-AAB4-4AF0-85A5-07F9F4618353}" = FTP Utility
"InstallWIX_{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}" = Kaspersky Security Center Network Agent
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.6.0 (Full)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetO32" = NetO32 2.07
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"RealPlayer 15.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"SMALLBUSINESS" = Microsoft Office Small Business 2007
"SmartDraw 2012" = SmartDraw 2012
"Ultravnc2_is1" = UltraVNC 1.0.8.2
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 2.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinToFlash Suggestor" = WinToFlash Suggestor
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-861567501-813497703-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/31/2013 9:39:17 PM | Computer Name = MJSSWKS11 | Source = klnagent | ID = 1
Description =

Error - 1/31/2013 9:39:18 PM | Computer Name = MJSSWKS11 | Source = klnagent | ID = 1
Description =

Error - 1/31/2013 9:39:21 PM | Computer Name = MJSSWKS11 | Source = klnagent | ID = 1
Description =

Error - 1/31/2013 9:39:21 PM | Computer Name = MJSSWKS11 | Source = klnagent | ID = 1
Description =

Error - 1/31/2013 9:39:25 PM | Computer Name = MJSSWKS11 | Source = klnagent | ID = 1
Description =

Error - 1/31/2013 9:39:27 PM | Computer Name = MJSSWKS11 | Source = klnagent | ID = 1
Description =

Error - 1/31/2013 9:39:29 PM | Computer Name = MJSSWKS11 | Source = klnagent | ID = 1
Description =

Error - 1/31/2013 9:39:30 PM | Computer Name = MJSSWKS11 | Source = klnagent | ID = 1
Description =

Error - 2/1/2013 2:06:07 AM | Computer Name = MJSSWKS11 | Source = klnagent | ID = 1
Description =

Error - 2/1/2013 5:09:41 AM | Computer Name = MJSSWKS11 | Source = klnagent | ID = 1
Description =

[ System Events ]
Error - 1/31/2013 11:55:01 PM | Computer Name = MJSSWKS11 | Source = Service Control Manager | ID = 7031
Description = The Kaspersky Lab Network Agent service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 0
milliseconds: Restart the service.

Error - 1/31/2013 11:55:09 PM | Computer Name = MJSSWKS11 | Source = Service Control Manager | ID = 7031
Description = The Kaspersky Lab Network Agent service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 0
milliseconds: Restart the service.

Error - 1/31/2013 11:55:18 PM | Computer Name = MJSSWKS11 | Source = Service Control Manager | ID = 7031
Description = The Kaspersky Lab Network Agent service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 0
milliseconds: Restart the service.

Error - 1/31/2013 11:55:26 PM | Computer Name = MJSSWKS11 | Source = Service Control Manager | ID = 7031
Description = The Kaspersky Lab Network Agent service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 0
milliseconds: Restart the service.

Error - 1/31/2013 11:55:35 PM | Computer Name = MJSSWKS11 | Source = Service Control Manager | ID = 7031
Description = The Kaspersky Lab Network Agent service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 0
milliseconds: Restart the service.

Error - 1/31/2013 11:55:43 PM | Computer Name = MJSSWKS11 | Source = Service Control Manager | ID = 7031
Description = The Kaspersky Lab Network Agent service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 0
milliseconds: Restart the service.

Error - 1/31/2013 11:55:52 PM | Computer Name = MJSSWKS11 | Source = Service Control Manager | ID = 7031
Description = The Kaspersky Lab Network Agent service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 0
milliseconds: Restart the service.

Error - 1/31/2013 11:55:59 PM | Computer Name = MJSSWKS11 | Source = Service Control Manager | ID = 7031
Description = The Kaspersky Lab Network Agent service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 0
milliseconds: Restart the service.

Error - 1/31/2013 11:56:07 PM | Computer Name = MJSSWKS11 | Source = Service Control Manager | ID = 7031
Description = The Kaspersky Lab Network Agent service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 0
milliseconds: Restart the service.

Error - 1/31/2013 11:56:16 PM | Computer Name = MJSSWKS11 | Source = Service Control Manager | ID = 7031
Description = The Kaspersky Lab Network Agent service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 0
milliseconds: Restart the service.


< End of report >


and here is the aswMBR log...

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-07 10:34:19
-----------------------------
10:34:19.546 OS Version: Windows 5.1.2600 Service Pack 3
10:34:19.546 Number of processors: 2 586 0x170A
10:34:19.546 ComputerName: MJSSWKS11 UserName: Rony@
10:34:21.250 Initialize success
10:34:37.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
10:34:37.875 Disk 0 Vendor: ST3160318AS CC44 Size: 152587MB BusType: 3
10:34:37.890 Disk 0 MBR read successfully
10:34:37.890 Disk 0 MBR scan
10:34:37.890 Disk 0 Windows XP default MBR code
10:34:37.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63
10:34:37.890 Disk 0 Partition - 00 0F Extended LBA 122589 MB offset 61432560
10:34:37.906 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122589 MB offset 61432623
10:34:37.921 Disk 0 scanning sectors +312496380
10:34:37.984 Disk 0 scanning C:\WINDOWS\system32\drivers
10:34:55.156 Service scanning
10:35:31.609 Modules scanning
10:35:47.671 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
10:35:51.546 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
10:35:51.562 Disk 0 trace - called modules:
10:35:51.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
10:35:51.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8714eab8]
10:35:51.640 3 CLASSPNP.SYS[f75e6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x87178b00]
10:35:51.640 Scan finished successfully
10:37:54.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rony@\Desktop\MBR.dat"
10:37:54.281 The log file has been saved successfully to "C:\Documents and Settings\Rony@\Desktop\aswMBR.txt"

Attached Files


  • 0

#4
Essexboy
Posted 07 February 2013 - 07:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets get to work

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE - HKU\S-1-5-21-861567501-813497703-1801674531-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000b8ac6f0df8da
IE - HKU\S-1-5-21-861567501-813497703-1801674531-1003\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit...q={searchTerms}
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (WinToFlash Suggestor) - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O4 - HKU\S-1-5-21-861567501-813497703-1801674531-1003..\Run: [jre͸] C:\Documents and Settings\Rony@\Application Data\Java\ߙJviewʚ.exe (1280 X 960)
O4 - HKU\S-1-5-21-861567501-813497703-1801674531-1003..\Run: [MJSSWKS11̉] C:\Documents and Settings\Rony@\Application Data\Java\ϝshimgvwʅ.exe (1280 X 960)
O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - File not found
O27 - HKLM IFEO\ansavgd: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\attrib.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\autorunme.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\blastclnn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\blastclnnn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\cscript.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\egui.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\EHttpSrv.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ise32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\Nbrowser.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\New Folder.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Njeeves.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32kui.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npc_login.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npc_tray.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npcsvc32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npflgutl.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfports.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfrules.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfsvc32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfuser.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfwiz.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nprosec.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nuaa.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Nvcoa.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvcsched.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvoy.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\reg32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\rtpsvc.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\scsaver.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\SSCVIHOST.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscript.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)

:Files
C:\Documents and Settings\Rony@\Application Data\Java C:\Documents and Settings\All Users\Documents\255388_445049625528515_918610980_n.exe
C:\Documents and Settings\Rony@\Application Data\Java
C:\Program Files\WinToFlash Suggestor
C:\Program Files\I Want This

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
techgeek37
Posted 08 February 2013 - 12:42 AM

techgeek37

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
hi essexboy,

i already run the scanning and this is all the results...

OTL after restart..

OTL logfile created on: 2/8/2013 8:58:56 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rony@\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.89 Mb Total Physical Memory | 403.78 Mb Available Physical Memory | 39.86% Memory free
2.37 Gb Paging File | 1.85 Gb Available in Paging File | 77.86% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 3.30 Gb Free Space | 11.27% Space Free | Partition Type: NTFS
Drive D: | 119.72 Gb Total Space | 30.36 Gb Free Space | 25.36% Space Free | Partition Type: NTFS

Computer Name: MJSSWKS11 | User Name: Rony@ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/07 09:24:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rony@\Desktop\OTL (1).exe
PRC - [2013/01/26 10:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/11/11 09:10:29 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe
PRC - [2012/08/02 14:26:22 | 000,124,632 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
PRC - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2012/04/18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2010/07/05 03:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] (1280 X 960) -- C:\Documents and Settings\Rony@\Application Data\Java\ϝshimgvwʅ.exe
PRC - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] (1280 X 960) -- C:\Documents and Settings\Rony@\Application Data\Java\ߙJviewʚ.exe
PRC - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/01/22 10:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008/01/22 10:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2004/10/27 15:40:24 | 000,102,400 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/26 10:35:06 | 000,460,240 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/26 10:35:04 | 004,012,496 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 10:34:19 | 000,597,968 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/26 10:34:18 | 000,124,368 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/26 10:34:16 | 001,552,848 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2010/07/05 05:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/05 03:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] () -- C:\Documents and Settings\Rony@\Application Data\Java\?shimgvw?.exe
MOD - [2009/03/24 22:38:20 | 000,287,566 | RHS- | M] () -- C:\Documents and Settings\Rony@\Application Data\Java\?Jview?.exe


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/01/09 13:19:38 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/02 14:26:22 | 000,124,632 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe -- (klnagent)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2002/02/04 05:20:00 | 000,053,296 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\CWBRXD.EXE -- (Cwbrxd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
DRV - [2012/08/09 03:00:23 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2011/09/20 01:12:06 | 000,023,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MP4ConverterAudio.sys -- (MP4ConverterAudio)
DRV - [2011/08/25 12:43:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/08/25 12:43:54 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/06/02 13:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/06/02 13:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/06/02 13:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/06/02 13:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/21 13:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/07/05 03:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008/06/19 18:52:30 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k)
DRV - [2008/03/28 10:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2007/01/29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {3E64CE41-AE01-4ADB-81C6-CC9C3BA97A46}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{3E64CE41-AE01-4ADB-81C6-CC9C3BA97A46}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000b8ac6f0df8da
IE - HKCU\..\SearchScopes\{3E64CE41-AE01-4ADB-81C6-CC9C3BA97A46}: "URL" = http://www.google.co...1I7AURU_enMY500
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKCU\..\SearchScopes\{A5325974-F981-49B1-801A-3ADD7B3A5DA7}: "URL" = http://websearch.ask...54-65CA4BE5D5F2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/11 09:10:51 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com.my/
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylo...000b8ac6f0df8da
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com.my/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Allow Right-Click = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo\1.2.14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: I Want This = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.20.98_0\crossrider
CHR - Extension: I Want This = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.20.98_0\
CHR - Extension: Gmail = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/08/07 12:46:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WinToFlash Suggestor) - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Client Access Check Version] C:\Program Files\IBM\Client Access\cwbckver.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [jre͸] C:\Documents and Settings\Rony@\Application Data\Java\ߙJviewʚ.exe (1280 X 960)
O4 - HKCU..\Run: [MJSSWKS11̉] C:\Documents and Settings\Rony@\Application Data\Java\ϝshimgvwʅ.exe (1280 X 960)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FTP Utility.lnk = C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O16 - DPF: {1FBDF235-C5A9-4F21-BD79-9EC0DCF8AC29} http://metrojayasuri.../AVC_AX_DVR.cab (CV781Object Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1317179352906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFD33790-568A-4DBC-8844-B19E995D33B4}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - File not found
O27 - HKLM IFEO\ansavgd: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\attrib.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\autorunme.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\blastclnn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\blastclnnn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\cscript.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\egui.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\EHttpSrv.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ise32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\Nbrowser.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\New Folder.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Njeeves.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32kui.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npc_login.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npc_tray.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npcsvc32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npflgutl.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfports.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfrules.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfsvc32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfuser.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfwiz.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nprosec.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nuaa.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Nvcoa.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvcsched.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvoy.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\reg32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\rtpsvc.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\scsaver.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\SSCVIHOST.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscript.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/28 09:05:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0f6f1303-ff98-11e1-9360-88c360526ab8}\Shell - "" = AutoRun
O33 - MountPoints2\{0f6f1303-ff98-11e1-9360-88c360526ab8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0f6f1303-ff98-11e1-9360-88c360526ab8}\Shell\AutoRun\command - "" = G:\MaxisBroadband.exe
O33 - MountPoints2\{23477c61-fa16-11e1-9353-f41eff5c524d}\Shell - "" = AutoRun
O33 - MountPoints2\{23477c61-fa16-11e1-9353-f41eff5c524d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{23477c61-fa16-11e1-9353-f41eff5c524d}\Shell\AutoRun\command - "" = G:\MaxisBroadband.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/07 17:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Desktop\Panduan lengkap pendaftaran perniagaan di SSM (Suruhanjaya Syarikat Malaysia) Blog Hairul_files
[2013/02/07 10:32:03 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Rony@\Desktop\aswMBR.exe
[2013/02/07 09:23:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rony@\Desktop\OTL (1).exe
[2013/02/06 16:24:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/06 16:21:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rony@\Desktop\OTL.exe
[2013/02/06 15:21:16 | 000,287,566 | R--- | C] (1280 X 960) -- C:\Documents and Settings\All Users\Documents\255388_445049625528515_918610980_n.exe
[2013/02/06 12:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Desktop\mp3
[2013/02/06 12:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Desktop\lirik lagu w chord
[2013/02/06 12:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Desktop\SA MAU
[2013/01/16 16:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Start Menu\Programs\ExtractNow
[2013/01/16 16:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\ExtractNow
[2013/01/16 16:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Local Settings\Application Data\ExtractNow
[2013/01/16 16:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Systweak
[2013/01/16 16:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced File Optimizer
[2013/01/16 16:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced File Optimizer
[2013/01/10 15:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Local Settings\Application Data\PCHealth
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/08 09:06:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/08 09:03:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/02/08 08:57:14 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-861567501-813497703-1801674531-1003.job
[2013/02/08 08:57:11 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-813497703-1801674531-1003.job
[2013/02/08 08:57:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/08 08:57:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/08 08:57:06 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\[email protected]
[2013/02/08 08:57:05 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-861567501-813497703-1801674531-500.job
[2013/02/08 08:56:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/08 08:30:22 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FA4D989F-E347-4307-9C3B-3C1A33CD1E2D}.job
[2013/02/07 17:17:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/07 17:11:30 | 000,354,651 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\Panduan lengkap pendaftaran perniagaan di SSM (Suruhanjaya Syarikat Malaysia) Blog Hairul.htm
[2013/02/07 17:11:28 | 000,046,075 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\ssm0.jpg
[2013/02/07 17:11:28 | 000,036,535 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\ssm4.jpg
[2013/02/07 17:11:28 | 000,035,880 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\ssm5.jpg
[2013/02/07 17:11:28 | 000,035,739 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\ssm2.jpg
[2013/02/07 17:11:28 | 000,032,145 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\ssm1.jpg
[2013/02/07 17:11:28 | 000,027,770 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\ssm3.jpg
[2013/02/07 17:11:28 | 000,022,526 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\ssm7.jpg
[2013/02/07 14:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-813497703-1801674531-1003Core1cd9499fd998ebe.job
[2013/02/07 10:37:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\MBR.dat
[2013/02/07 10:34:01 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Rony@\Desktop\aswMBR.exe
[2013/02/07 10:00:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-813497703-1801674531-1003Core1cd654db4d2e17e.job
[2013/02/07 09:24:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rony@\Desktop\OTL (1).exe
[2013/02/07 09:17:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-813497703-1801674531-500.job
[2013/02/07 08:59:23 | 000,011,631 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\735100_4711322494900_416534584_n.jpg
[2013/02/07 08:59:05 | 000,041,737 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\148307_581601898520710_1115325887_n.jpg
[2013/02/07 08:58:05 | 000,026,989 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\67082_10200301112468989_482596397_n.jpg
[2013/02/07 08:55:16 | 000,022,749 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\217580_589356914411875_1751090515_n.jpg
[2013/02/07 08:54:54 | 000,027,853 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\580451_590339884313578_9542554_n.jpg
[2013/02/06 16:55:27 | 000,132,676 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\jview n shimgvw viruses.JPG
[2013/02/06 16:48:05 | 000,023,367 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\xpost-363111-0-88995800-1343706770_thumb.jpg.pagespeed.ic.haAOPj7MLm.webp
[2013/02/06 16:21:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rony@\Desktop\OTL.exe
[2013/02/01 11:59:45 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Rony@\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/01 11:59:44 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\Google Chrome.lnk
[2013/01/25 14:00:02 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/01/17 16:56:07 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/17 16:42:03 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Rony@\default.pls
[2013/01/16 16:30:52 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\ExtractNow.lnk
[2013/01/16 16:05:26 | 000,001,968 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced File Optimizer.lnk
[2013/01/16 16:05:26 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Rony@\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced File Optimizer.lnk
[2013/01/10 10:51:57 | 000,559,338 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/10 10:51:57 | 000,110,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/10 10:06:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/07 17:22:22 | 000,022,526 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\ssm7.jpg
[2013/02/07 17:21:12 | 000,035,880 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\ssm5.jpg
[2013/02/07 17:19:45 | 000,036,535 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\ssm4.jpg
[2013/02/07 17:19:11 | 000,027,770 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\ssm3.jpg
[2013/02/07 17:18:43 | 000,035,739 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\ssm2.jpg
[2013/02/07 17:17:56 | 000,032,145 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\ssm1.jpg
[2013/02/07 17:16:52 | 000,046,075 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\ssm0.jpg
[2013/02/07 17:11:28 | 000,354,651 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\Panduan lengkap pendaftaran perniagaan di SSM (Suruhanjaya Syarikat Malaysia) Blog Hairul.htm
[2013/02/07 10:37:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\MBR.dat
[2013/02/07 08:59:23 | 000,011,631 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\735100_4711322494900_416534584_n.jpg
[2013/02/07 08:59:04 | 000,041,737 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\148307_581601898520710_1115325887_n.jpg
[2013/02/07 08:58:05 | 000,026,989 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\67082_10200301112468989_482596397_n.jpg
[2013/02/07 08:55:16 | 000,022,749 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\217580_589356914411875_1751090515_n.jpg
[2013/02/07 08:54:47 | 000,027,853 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\580451_590339884313578_9542554_n.jpg
[2013/02/06 16:55:27 | 000,132,676 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\jview n shimgvw viruses.JPG
[2013/02/06 16:48:02 | 000,023,367 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\xpost-363111-0-88995800-1343706770_thumb.jpg.pagespeed.ic.haAOPj7MLm.webp
[2013/01/16 16:30:52 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\ExtractNow.lnk
[2013/01/16 16:05:26 | 000,001,968 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced File Optimizer.lnk
[2013/01/16 16:05:26 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Rony@\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced File Optimizer.lnk
[2013/01/06 11:56:24 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Rony@\default.pls
[2012/10/10 12:46:25 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/09/25 16:33:39 | 000,000,039 | ---- | C] () -- C:\WINDOWS\NetO32.INI
[2012/09/16 08:47:16 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2012/09/16 08:47:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2012/09/15 16:42:09 | 000,274,294 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-861567501-813497703-1801674531-501-0.dat
[2012/09/15 16:42:06 | 000,274,294 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-861567501-813497703-1801674531-1003-0.dat
[2012/09/13 17:30:41 | 000,274,294 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/07/09 16:03:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/07/04 16:01:16 | 000,034,308 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mazuki.dll
[2012/07/04 15:58:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2012/05/26 11:26:12 | 000,000,403 | ---- | C] () -- C:\WINDOWS\TopScan.INI
[2012/04/26 14:40:52 | 000,109,216 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2012/04/26 14:40:52 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2012/04/19 15:17:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/02/28 13:12:35 | 000,002,067 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2012/02/15 10:18:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/05 19:16:08 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2012/02/01 15:18:23 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2011/10/28 12:46:26 | 000,794,624 | ---- | C] () -- C:\WINDOWS\System32\AVC_AP_H264.dll
[2011/10/09 09:21:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/04 10:44:56 | 000,000,621 | ---- | C] () -- C:\WINDOWS\System32\hppapr09.dat
[2011/09/30 16:26:32 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/09/30 16:26:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/09/30 10:37:42 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/09/29 16:50:10 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 16:57:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/28 16:56:46 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/28 16:33:11 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2011/09/28 16:32:46 | 000,020,533 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe
[2011/09/28 16:32:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\qxdaedrs.dll
[2011/09/28 16:32:41 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2011/09/28 16:32:41 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2011/09/28 16:32:41 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2011/09/28 16:32:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2011/09/28 16:32:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2011/09/28 16:32:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2011/09/28 16:32:41 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2011/09/28 16:32:41 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2011/09/28 09:26:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2011/09/28 09:06:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/28 09:02:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

========== ZeroAccess Check ==========

[2011/10/04 08:51:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/05/18 11:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\323C8
[2012/07/03 12:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/09/15 16:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataCardService
[2012/11/06 09:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KasperskyLab
[2012/07/29 13:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/07/17 10:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/05/03 12:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2012/05/03 12:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/23 11:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\AD MP3 Cutter
[2011/09/30 16:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\AnvSoft
[2012/05/25 16:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\AskToolbar
[2012/11/30 18:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Audacity
[2012/07/03 12:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Babylon
[2012/05/26 08:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\bearsharemediabartb
[2012/09/13 10:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Edraw Max
[2011/10/15 15:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Haenlein-Software
[2013/02/07 17:32:52 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Rony@\Application Data\Java
[2012/09/15 16:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Maxis Broadband
[2011/10/04 10:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Minolta
[2012/07/17 10:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Samsung
[2012/09/13 12:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\SmartDraw
[2012/11/20 09:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Thinstall
[2011/10/11 15:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Xilisoft

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:553CA6CA

< End of report >

AdwCleaner[S1] log..

# AdwCleaner v2.111 - Logfile created 02/08/2013 at 09:31:13
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Rony@ - MJSSWKS11
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Rony@\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Rony@\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Rony@\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Rony@\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\Rony@\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Rony@\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Documents and Settings\Rony@\Local Settings\Application Data\I Want This
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\I Want This
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\I Want This
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A89A7E3-6ADD-4EF9-8EE7-A3C3B7D83BB0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022222258}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033223358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer
Key Deleted : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044224458}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=113480&tt=010712_2&babsrc=NT_ss&mntrId=6cda32b6000000000000b8ac6f0df8da --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.62] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Deleted [l.65] : keyword = "babylon.com",
Deleted [l.68] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_2&babsrc=SP_s[...]

*************************

AdwCleaner[R1].txt - [10236 octets] - [08/02/2013 09:20:35]
AdwCleaner[S1].txt - [9839 octets] - [08/02/2013 09:31:13]

########## EOF - C:\AdwCleaner[S1].txt - [9899 octets] ##########

AdwCleaner[R1] log..

# AdwCleaner v2.111 - Logfile created 02/08/2013 at 09:20:35
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Rony@ - MJSSWKS11
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Rony@\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Found : C:\Documents and Settings\Administrator\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\Rony@\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Rony@\Application Data\Babylon
Folder Found : C:\Documents and Settings\Rony@\Local Settings\Application Data\APN
Folder Found : C:\Documents and Settings\Rony@\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Rony@\Local Settings\Application Data\Babylon
Folder Found : C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Found : C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Folder Found : C:\Documents and Settings\Rony@\Local Settings\Application Data\I Want This
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\I Want This
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Crossrider
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\I Want This
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A89A7E3-6ADD-4EF9-8EE7-A3C3B7D83BB0}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011221158}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022222258}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033223358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Found : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer
Key Found : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044224458}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKU\S-1-5-21-861567501-813497703-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=113480&tt=010712_2&babsrc=NT_ss&mntrId=6cda32b6000000000000b8ac6f0df8da

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.62] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Found [l.65] : keyword = "babylon.com",
Found [l.68] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_2&babsrc=SP_ss&mntrId=6cda32b6000000000000b8ac6f0df8da",

*************************

AdwCleaner[R1].txt - [10105 octets] - [08/02/2013 09:20:35]

########## EOF - C:\AdwCleaner[R1].txt - [10166 octets] ##########

and combofix log..

ComboFix 13-02-07.02 - Rony@ 02/08/2013 12:19:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.551 [GMT 8:00]
Running from: c:\documents and settings\Rony@\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Desktop\Setup.exe
c:\documents and settings\All Users\Application Data\mazuki.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\blue hills.exe
c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\sunset.exe
c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\water lilies.exe
c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\winter.exe
c:\documents and settings\Rony@\Application Data\Java\Desktop.ini
c:\documents and settings\Rony@\Local Settings\Application Data\Microsoft\CD Burning\AUTORUN.inF
c:\documents and settings\Rony@\System
c:\documents and settings\Rony@\System\win_qs8.jqx
C:\khq
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\muzapp.exe
c:\windows\XSxS
c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\Blue hills.exe . . . . Failed to delete
c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\Sunset.exe . . . . Failed to delete
c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\Water lilies.exe . . . . Failed to delete
c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\Winter.exe . . . . Failed to delete
c:\documents and settings\Rony@\Application Data\Java\?Jview?.exe . . . . Failed to delete
c:\documents and settings\Rony@\Application Data\Java\?shimgvw?.exe . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2013-01-08 to 2013-02-08 )))))))))))))))))))))))))))))))
.
.
2013-02-06 08:24 . 2013-02-06 08:24 -------- d-----w- C:\_OTL
2013-01-16 08:30 . 2013-01-16 08:31 -------- d-----w- c:\documents and settings\Rony@\Local Settings\Application Data\ExtractNow
2013-01-16 08:30 . 2013-01-16 08:30 -------- d-----w- c:\program files\ExtractNow
2013-01-16 08:05 . 2013-01-16 08:05 -------- d-----w- c:\documents and settings\Rony@\Local Settings\Application Data\Systweak
2013-01-16 08:05 . 2013-01-16 08:05 -------- d-----w- c:\program files\Advanced File Optimizer
2013-01-16 05:35 . 2013-01-16 05:36 -------- d-----w- C:\kleaner.tmp
2013-01-10 07:54 . 2013-01-10 07:54 -------- d-----w- c:\documents and settings\Rony@\Local Settings\Application Data\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 03:19 . 2012-08-03 04:15 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-08 03:19 . 2011-09-28 03:13 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2008-04-13 23:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2008-04-13 23:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-11 01:10 . 2003-03-18 12:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-11-11 01:10 . 2003-02-20 20:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2008-04-13 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2008-04-13 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2008-04-13 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2008-04-13 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
.
[-] 2008-04-13 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-13 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2008-04-13 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-13 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2008-04-13 23:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-13 23:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2008-04-13 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-13 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
.
[-] 2008-04-13 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-13 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-13 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-04-13 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2008-04-13 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-13 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-13 23:00 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
.
[-] 2008-04-13 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-13 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2008-04-13 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-13 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2008-04-13 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-13 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2008-04-13 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-13 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2008-04-13 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2008-04-13 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
.
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
.
[-] 2008-04-13 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-13 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2008-04-13 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-13 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2008-04-13 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-13 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2008-04-13 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-13 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2008-04-13 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-13 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2008-04-13 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-13 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2008-04-13 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-13 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2008-04-13 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-13 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2008-04-13 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-13 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2008-04-13 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-13 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2008-04-13 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-13 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-04-13 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-13 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
.
[-] 2008-04-13 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-13 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
.
[-] 2008-04-13 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-13 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
.
[-] 2008-04-13 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2008-04-13 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msimg32.dll
.
[-] 2008-04-13 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-13 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-13 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-13 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2008-04-13 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-13 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll
[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[-] 2008-04-13 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll
.
[-] 2008-04-13 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\MSCTFIME.IME
[-] 2008-04-13 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msctfime.ime
.
[-] 2008-04-13 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-13 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2008-04-13 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-13 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-13 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-13 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2008-04-13 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-13 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2008-04-13 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-13 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2008-04-13 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-13 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2008-04-13 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-04-13 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2008-04-13 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-13 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
.
[-] 2008-04-13 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 14:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 14:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-13 23:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
.
[-] 2008-04-13 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-13 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2008-04-13 23:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-18 13:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 13:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2008-04-13 23:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-13 23:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2008-04-13 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-13 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2008-04-13 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-13 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-13 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-13 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2008-04-13 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-13 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-13 23:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-13 23:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2008-04-13 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-13 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2008-04-13 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-13 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
[-] 2008-04-13 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-13 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-13 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2008-04-13 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2008-04-13 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2008-04-13 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2008-04-13 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2008-04-13 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2008-04-13 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2008-04-13 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
[-] 2008-04-13 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2008-04-13 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wshtcpip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MJSSWKS11?"="c:\documents and settings\Rony@\Application Data\Java\?shimgvw?.exe" [?]
"jre?"="c:\documents and settings\Rony@\Application Data\Java\?Jview?.exe" [?]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-08 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-06-19 1044480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-07 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-07 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-07 141848]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-05-06 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-05-06 24626]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-05-06 45056]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-05-06 20530]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-27 570664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-11-11 296096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-26 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
FTP Utility.lnk - c:\program files\KONICA MINOLTA\FTP Utility\KMFtp.exe [2004-10-27 102400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ansavgd]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\attrib.exe]
"Debugger"=rundll32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorunme.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\blastclnn.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\blastclnnn.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cscript.exe]
"Debugger"=rundll32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\egui.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EHttpSrv.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ekrn.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ise32.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MSASCui.exe]
"Debugger"=rundll32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nbrowser.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\New Folder.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Njeeves.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32kui.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npcsvc32.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npc_login.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npc_tray.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npflgutl.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npfports.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npfrules.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npfsvc32.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npfuser.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npfwiz.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nprosec.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nuaa.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcoa.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nvcsched.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nvoy.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\reg32.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rtpsvc.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scsaver.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SSCVIHOST.exe]
"Debugger"=cmd.exe /c del /f /q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wscript.exe]
"Debugger"=rundll32.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"AntiVirusDisableNotify "=dword:00000001
"FirewallDisableNotify "=dword:00000001
"FirewallOverride "=dword:00000001
"UpdatesDisableNotify "=dword:00000001
"UacDisableNotify "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride "=dword:00000001
"AntiVirusDisableNotify "=dword:00000001
"FirewallDisableNotify "=dword:00000001
"FirewallOverride "=dword:00000001
"UpdatesDisableNotify "=dword:00000001
"UacDisableNotify "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KONICA MINOLTA\\FTP Utility\\KMFtp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5800:TCP"= 5800:TCP:5800
"5900:TCP"= 5900:TCP:5900
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"15000:UDP"= 15000:UDP:Kaspersky Administration Kit
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [9/28/2011 9:12 AM 24064]
R2 klnagent;Kaspersky Lab Network Agent;c:\program files\Kaspersky Lab\NetworkAgent\klnagent.exe [3/28/2012 5:44 PM 124632]
R3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [9/28/2011 9:15 AM 176640]
S0 cerc6;cerc6; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [7/17/2012 10:47 AM 30312]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [7/17/2012 10:47 AM 77624]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys --> c:\windows\system32\DRIVERS\massfilter.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 MP4ConverterAudio;MP4ConverterAudio;c:\windows\system32\drivers\MP4ConverterAudio.sys [9/30/2011 6:24 PM 23608]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [7/17/2012 10:47 AM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [7/17/2012 10:47 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [7/17/2012 10:47 AM 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [7/17/2012 10:47 AM 114280]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [7/17/2012 10:47 AM 181432]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 03:19]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-08 02:50]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-08 02:50]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-813497703-1801674531-1003Core1cd654db4d2e17e.job
- c:\documents and settings\Rony@\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-30 04:10]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-813497703-1801674531-1003Core1cd9499fd998ebe.job
- c:\documents and settings\Rony@\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-30 04:10]
.
2013-02-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-813497703-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 06:27]
.
2013-02-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-813497703-1801674531-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 06:27]
.
2013-02-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-813497703-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 06:27]
.
2013-02-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-813497703-1801674531-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 06:27]
.
2013-01-02 c:\windows\Tasks\[email protected]
- c:\documents and settings\Rony@\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-22 03:37]
.
2013-01-01 c:\windows\Tasks\[email protected]
- c:\documents and settings\Rony@\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-22 03:37]
.
2013-02-08 c:\windows\Tasks\[email protected]
- c:\documents and settings\Rony@\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-22 03:37]
.
2013-02-08 c:\windows\Tasks\User_Feed_Synchronization-{FA4D989F-E347-4307-9C3B-3C1A33CD1E2D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{EFD33790-568A-4DBC-8844-B19E995D33B4}: NameServer = 202.188.0.133,202.188.1.5
DPF: {1FBDF235-C5A9-4F21-BD79-9EC0DCF8AC29} - hxxp://metrojayasuria.dyndns.org:81/AVC_AX_DVR.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-08 12:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\kladminkit\aac17f97-7121-4da8-963c-2a561105c7c7.tmp 355 bytes
c:\windows\TEMP\Perflib_Perfdata_e58.dat 16384 bytes
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-861567501-813497703-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pahpjcpdjladbnpclaechbfdopiccmef"=hex:61,61,00,00
.
[HKEY_USERS\S-1-5-21-861567501-813497703-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D4405E71-A3A5-9F12-3946-859A11A7714F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pajcdafcamnfaamiappaanlacmodffdm"=hex:61,62,61,6e,65,6c,70,70,64,6a,70,63,6c,
69,69,66,6b,6b,6e,67,6e,64,65,70,6a,63,66,6d,66,69,63,6e,6a,6c,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3376)
c:\windows\system32\WININET.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\documents and settings\Rony@\Application Data\Java\c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\documents and settings\Rony@\Application Data\Java\c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\logonui.exe
c:\program files\Kaspersky Lab\NetworkAgent\kldumper.exe
.
**************************************************************************
.
Completion time: 2013-02-08 12:46:07 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-08 04:46
.
Pre-Run: 3,355,291,648 bytes free
Post-Run: 4,522,934,272 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=P3P076
.
- - End Of File - - 968E7BBBBA32C16DE27183AB36F453BD

Attached Files


  • 0

#6
Essexboy
Posted 08 February 2013 - 06:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that did not want to play.. So time to change tactics.

When you reboot you may get an error about unable to find two files, OK that and we will remove them with OTL

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Posted Image
Begin copying here: 
Files to delete:
c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\Blue hills.exe
c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\Sunset.exe 
c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\Water lilies.exe
c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\Winter.exe

Folders to delete:
c:\documents and settings\Rony@\Application Data\Java
c:\windows\TEMP\kladminkit


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a freshOTL log .

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O4 - HKCU..\Run: [jre͸] C:\Documents and Settings\Rony@\Application Data\Java\ߙJviewʚ.exe (1280 X 960)
O4 - HKCU..\Run: [MJSSWKS11̉] C:\Documents and Settings\Rony@\Application Data\Java\ϝshimgvwʅ.exe (1280 X 960)

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
techgeek37
Posted 12 February 2013 - 10:54 PM

techgeek37

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
hi essexboy,

sorry for the late reply...this is the results

otl results,

OTL logfile created on: 2/13/2013 12:28:16 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rony@\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.89 Mb Total Physical Memory | 493.86 Mb Available Physical Memory | 48.76% Memory free
2.37 Gb Paging File | 1.96 Gb Available in Paging File | 82.70% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 4.26 Gb Free Space | 14.54% Space Free | Partition Type: NTFS
Drive D: | 119.72 Gb Total Space | 30.36 Gb Free Space | 25.36% Space Free | Partition Type: NTFS

Computer Name: MJSSWKS11 | User Name: Rony@ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/13 08:56:42 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\program files\real\realplayer\update\realsched.exe
PRC - [2013/02/06 16:21:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rony@\Desktop\OTL.exe
PRC - [2013/01/26 10:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/11/29 20:33:04 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/09/17 12:41:58 | 000,508,336 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/08/02 14:26:22 | 000,124,632 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
PRC - [2010/07/05 03:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/01/22 10:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008/01/22 10:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2004/10/27 15:40:24 | 000,102,400 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/26 10:35:06 | 000,460,240 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/26 10:35:04 | 004,012,496 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 10:34:19 | 000,597,968 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/26 10:34:18 | 000,124,368 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/26 10:34:16 | 001,552,848 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2010/07/05 05:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/05 03:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/02/08 13:21:15 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/08/02 14:26:22 | 000,124,632 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe -- (klnagent)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2002/02/04 05:20:00 | 000,053,296 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\CWBRXD.EXE -- (Cwbrxd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rony@\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
DRV - [2012/08/09 03:00:23 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2011/09/20 01:12:06 | 000,023,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MP4ConverterAudio.sys -- (MP4ConverterAudio)
DRV - [2011/08/25 12:43:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/08/25 12:43:54 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/06/02 13:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/06/02 13:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/06/02 13:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/06/02 13:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/21 13:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2008/06/19 18:52:30 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k)
DRV - [2008/03/28 10:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2007/01/29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{3E64CE41-AE01-4ADB-81C6-CC9C3BA97A46}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3E64CE41-AE01-4ADB-81C6-CC9C3BA97A46}: "URL" = http://www.google.co...1I7AURU_enMY500
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKCU\..\SearchScopes\{A5325974-F981-49B1-801A-3ADD7B3A5DA7}: "URL" = http://websearch.ask...54-65CA4BE5D5F2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/02/13 08:57:58 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com.my/
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylo...000b8ac6f0df8da
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com.my/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Allow Right-Click = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo\1.2.15_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Rony@\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/13 11:52:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Client Access Check Version] C:\Program Files\IBM\Client Access\cwbckver.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FTP Utility.lnk = C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - Reg Error: Key error. File not found
O16 - DPF: {1FBDF235-C5A9-4F21-BD79-9EC0DCF8AC29} http://metrojayasuri.../AVC_AX_DVR.cab (CV781Object Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1317179352906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFD33790-568A-4DBC-8844-B19E995D33B4}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - File not found
O27 - HKLM IFEO\ansavgd: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\attrib.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\autorunme.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\blastclnn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\blastclnnn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\cscript.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\egui.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\EHttpSrv.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ise32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O27 - HKLM IFEO\Nbrowser.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\New Folder.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Njeeves.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32kui.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npc_login.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npc_tray.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npcsvc32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npflgutl.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfports.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfrules.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfsvc32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfuser.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfwiz.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nprosec.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nuaa.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Nvcoa.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvcsched.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvoy.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\reg32.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\rtpsvc.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\scsaver.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\SSCVIHOST.exe: Debugger - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\wscript.exe: Debugger - C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/28 09:05:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/13 11:27:16 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/02/13 08:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/02/13 08:57:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks
[2013/02/13 08:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/02/13 08:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2013/02/08 14:38:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/02/08 12:18:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/02/08 12:14:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/02/08 12:14:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/02/08 12:14:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/02/08 12:14:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/02/08 12:14:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/08 12:13:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/02/08 09:37:25 | 005,030,592 | R--- | C] (Swearware) -- C:\Documents and Settings\Rony@\Desktop\ComboFix.exe
[2013/02/07 17:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Desktop\Panduan lengkap pendaftaran perniagaan di SSM (Suruhanjaya Syarikat Malaysia) Blog Hairul_files
[2013/02/07 10:32:03 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Rony@\Desktop\aswMBR.exe
[2013/02/07 09:23:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rony@\Desktop\OTL (1).exe
[2013/02/06 16:24:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/06 16:21:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rony@\Desktop\OTL.exe
[2013/02/06 15:21:16 | 000,287,566 | R--- | C] (1280 X 960) -- C:\Documents and Settings\All Users\Documents\255388_445049625528515_918610980_n.exe
[2013/02/06 12:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Desktop\mp3
[2013/02/06 12:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Desktop\lirik lagu w chord
[2013/02/06 12:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Desktop\SA MAU
[2013/01/16 16:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Start Menu\Programs\ExtractNow
[2013/01/16 16:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\ExtractNow
[2013/01/16 16:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Local Settings\Application Data\ExtractNow
[2013/01/16 16:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rony@\Local Settings\Application Data\Systweak
[2013/01/16 16:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced File Optimizer
[2013/01/16 16:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced File Optimizer

========== Files - Modified Within 30 Days ==========

[2013/02/13 12:35:43 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FA4D989F-E347-4307-9C3B-3C1A33CD1E2D}.job
[2013/02/13 12:17:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/13 12:06:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/13 12:04:50 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-861567501-813497703-1801674531-1003.job
[2013/02/13 12:04:49 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-861567501-813497703-1801674531-1003.job
[2013/02/13 12:04:48 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-861567501-813497703-1801674531-1003.job
[2013/02/13 12:04:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/13 12:04:45 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/13 12:04:42 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-861567501-813497703-1801674531-500.job
[2013/02/13 11:57:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/13 11:52:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/02/13 11:24:19 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\avenger.zip
[2013/02/13 10:00:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-813497703-1801674531-1003Core1cd654db4d2e17e.job
[2013/02/13 08:58:18 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlay.url
[2013/02/13 08:58:17 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/02/13 08:56:44 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/02/13 08:45:37 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-813497703-1801674531-1003.job
[2013/02/08 15:13:28 | 000,065,900 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\34193_1417929819749_675479_n.jpg
[2013/02/08 15:11:55 | 000,081,818 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\34193_1417929859750_2713885_n.jpg
[2013/02/08 14:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-813497703-1801674531-1003Core1cd9499fd998ebe.job
[2013/02/08 12:18:39 | 000,000,451 | RHS- | M] () -- C:\boot.ini
[2013/02/08 12:02:35 | 005,030,592 | R--- | M] (Swearware) -- C:\Documents and Settings\Rony@\Desktop\ComboFix.exe
[2013/02/08 09:19:12 | 000,582,209 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\adwcleaner.exe
[2013/02/07 17:11:30 | 000,354,651 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\Panduan lengkap pendaftaran perniagaan di SSM (Suruhanjaya Syarikat Malaysia) Blog Hairul.htm
[2013/02/07 17:11:28 | 000,046,075 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\ssm0.jpg
[2013/02/07 17:11:28 | 000,036,535 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\ssm4.jpg
[2013/02/07 17:11:28 | 000,035,880 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\ssm5.jpg
[2013/02/07 17:11:28 | 000,035,739 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\ssm2.jpg
[2013/02/07 17:11:28 | 000,032,145 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\ssm1.jpg
[2013/02/07 17:11:28 | 000,027,770 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\ssm3.jpg
[2013/02/07 17:11:28 | 000,022,526 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\ssm7.jpg
[2013/02/07 10:37:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\MBR.dat
[2013/02/07 10:34:01 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Rony@\Desktop\aswMBR.exe
[2013/02/07 09:24:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rony@\Desktop\OTL (1).exe
[2013/02/07 09:17:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-813497703-1801674531-500.job
[2013/02/07 08:59:23 | 000,011,631 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\735100_4711322494900_416534584_n.jpg
[2013/02/07 08:59:05 | 000,041,737 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\148307_581601898520710_1115325887_n.jpg
[2013/02/07 08:58:05 | 000,026,989 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\67082_10200301112468989_482596397_n.jpg
[2013/02/07 08:55:16 | 000,022,749 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\217580_589356914411875_1751090515_n.jpg
[2013/02/07 08:54:54 | 000,027,853 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\580451_590339884313578_9542554_n.jpg
[2013/02/06 16:55:27 | 000,132,676 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\jview n shimgvw viruses.JPG
[2013/02/06 16:48:05 | 000,023,367 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\xpost-363111-0-88995800-1343706770_thumb.jpg.pagespeed.ic.haAOPj7MLm.webp
[2013/02/06 16:21:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rony@\Desktop\OTL.exe
[2013/02/01 11:59:45 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Rony@\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/01 11:59:44 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\Google Chrome.lnk
[2013/01/25 14:00:02 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/01/17 16:56:07 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/17 16:42:03 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Rony@\default.pls
[2013/01/16 16:30:52 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Rony@\Desktop\ExtractNow.lnk
[2013/01/16 16:05:26 | 000,001,968 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced File Optimizer.lnk
[2013/01/16 16:05:26 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Rony@\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced File Optimizer.lnk

========== Files Created - No Company Name ==========

[2013/02/13 11:26:19 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\avenger.exe
[2013/02/13 11:26:16 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\avenger.zip
[2013/02/13 08:59:24 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-861567501-813497703-1801674531-1003.job
[2013/02/13 08:59:23 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-861567501-813497703-1801674531-1003.job
[2013/02/13 08:58:17 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/02/13 08:58:17 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlay.url
[2013/02/08 15:13:28 | 000,065,900 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\34193_1417929819749_675479_n.jpg
[2013/02/08 15:11:54 | 000,081,818 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\34193_1417929859750_2713885_n.jpg
[2013/02/08 12:18:39 | 000,000,334 | ---- | C] () -- C:\Boot.bak
[2013/02/08 12:18:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/02/08 12:14:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/02/08 12:14:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/02/08 12:14:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/02/08 12:14:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/02/08 12:14:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/02/08 09:19:05 | 000,582,209 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\adwcleaner.exe
[2013/02/07 17:22:22 | 000,022,526 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\ssm7.jpg
[2013/02/07 17:21:12 | 000,035,880 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\ssm5.jpg
[2013/02/07 17:19:45 | 000,036,535 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\ssm4.jpg
[2013/02/07 17:19:11 | 000,027,770 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\ssm3.jpg
[2013/02/07 17:18:43 | 000,035,739 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\ssm2.jpg
[2013/02/07 17:17:56 | 000,032,145 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\ssm1.jpg
[2013/02/07 17:16:52 | 000,046,075 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\ssm0.jpg
[2013/02/07 17:11:28 | 000,354,651 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\Panduan lengkap pendaftaran perniagaan di SSM (Suruhanjaya Syarikat Malaysia) Blog Hairul.htm
[2013/02/07 10:37:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\MBR.dat
[2013/02/07 08:59:23 | 000,011,631 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\735100_4711322494900_416534584_n.jpg
[2013/02/07 08:59:04 | 000,041,737 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\148307_581601898520710_1115325887_n.jpg
[2013/02/07 08:58:05 | 000,026,989 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\67082_10200301112468989_482596397_n.jpg
[2013/02/07 08:55:16 | 000,022,749 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\217580_589356914411875_1751090515_n.jpg
[2013/02/07 08:54:47 | 000,027,853 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\580451_590339884313578_9542554_n.jpg
[2013/02/06 16:55:27 | 000,132,676 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\jview n shimgvw viruses.JPG
[2013/02/06 16:48:02 | 000,023,367 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\xpost-363111-0-88995800-1343706770_thumb.jpg.pagespeed.ic.haAOPj7MLm.webp
[2013/01/16 16:30:52 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Rony@\Desktop\ExtractNow.lnk
[2013/01/16 16:05:26 | 000,001,968 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced File Optimizer.lnk
[2013/01/16 16:05:26 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Rony@\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced File Optimizer.lnk
[2013/01/06 11:56:24 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Rony@\default.pls
[2012/10/10 12:46:25 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/09/25 16:33:39 | 000,000,039 | ---- | C] () -- C:\WINDOWS\NetO32.INI
[2012/09/16 08:47:16 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2012/09/16 08:47:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2012/09/15 16:42:09 | 000,274,294 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-861567501-813497703-1801674531-501-0.dat
[2012/09/15 16:42:06 | 000,274,294 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-861567501-813497703-1801674531-1003-0.dat
[2012/09/13 17:30:41 | 000,274,294 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/07/09 16:03:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/07/04 15:58:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2012/05/26 11:26:12 | 000,000,403 | ---- | C] () -- C:\WINDOWS\TopScan.INI
[2012/04/26 14:40:52 | 000,109,216 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2012/04/26 14:40:52 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2012/04/19 15:17:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/02/28 13:12:35 | 000,002,067 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2012/02/15 10:18:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/05 19:16:08 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2012/02/01 15:18:23 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2011/10/28 12:46:26 | 000,794,624 | ---- | C] () -- C:\WINDOWS\System32\AVC_AP_H264.dll
[2011/10/09 09:21:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/04 10:44:56 | 000,000,621 | ---- | C] () -- C:\WINDOWS\System32\hppapr09.dat
[2011/09/30 16:26:32 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/09/30 16:26:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/09/30 10:37:42 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/09/29 16:50:10 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Rony@\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 16:57:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/28 16:56:46 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/28 16:33:11 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2011/09/28 16:32:46 | 000,020,533 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe
[2011/09/28 16:32:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\qxdaedrs.dll
[2011/09/28 16:32:41 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2011/09/28 16:32:41 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2011/09/28 16:32:41 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2011/09/28 16:32:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2011/09/28 16:32:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2011/09/28 16:32:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2011/09/28 16:32:41 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2011/09/28 16:32:41 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2011/09/28 09:26:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2011/09/28 09:06:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/28 09:02:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

========== ZeroAccess Check ==========

[2011/10/04 08:51:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/05/18 11:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\323C8
[2012/09/15 16:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataCardService
[2012/11/06 09:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KasperskyLab
[2012/07/29 13:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/07/17 10:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/05/03 12:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2012/11/23 11:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\AD MP3 Cutter
[2011/09/30 16:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\AnvSoft
[2012/11/30 18:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Audacity
[2012/05/26 08:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\bearsharemediabartb
[2012/09/13 10:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Edraw Max
[2011/10/15 15:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Haenlein-Software
[2012/09/15 16:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Maxis Broadband
[2011/10/04 10:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Minolta
[2012/07/17 10:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Samsung
[2012/09/13 12:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\SmartDraw
[2012/11/20 09:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Thinstall
[2011/10/11 15:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rony@\Application Data\Xilisoft

========== Purity Check ==========



< End of report >

the avenger results

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\Blue hills.exe"
Deletion of file "c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\Blue hills.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\Sunset.exe"
Deletion of file "c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\Sunset.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\Water lilies.exe"
Deletion of file "c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\Water lilies.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\Winter.exe"
Deletion of file "c:\documents and settings\All Users\Documents\My Pictures.\Sample Pictures\Winter.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Folder "c:\documents and settings\Rony@\Application Data\Java" deleted successfully.
Folder "c:\windows\TEMP\kladminkit" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Attached Files


  • 0

#8
Essexboy
Posted 13 February 2013 - 04:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#9
techgeek37
Posted 13 February 2013 - 10:51 PM

techgeek37

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
hi essexboy,

my computer seem to be okay right now..im not seeing the virus jview.exe and shimgv.exe in my task manager anymore..anyways here is the malwarebytes log reports;




Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.14.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rony@ :: MJSSWKS11 [administrator]

2/14/2013 11:51:04 AM
mbam-log-2013-02-14 (11-51-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245329
Time elapsed: 12 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 22
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorunme.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHttpSrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nbrowser.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\New Folder.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Njeeves.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npcsvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npc_login.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npc_tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npflgutl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfports.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfrules.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfsvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfuser.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprosec.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvcsched.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKCR\exefile|NeverShowExt (Risk.HiddenExt) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cscript.exe|Debugger (Security.Hijack) -> Data: rundll32.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe|Debugger (Security.Hijack) -> Data: cmd.exe /c del /f /q -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe|Debugger (Security.Hijack) -> Data: cmd.exe /c del /f /q -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe|Debugger (Security.Hijack) -> Data: rundll32.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Documents and Settings\Rony@\My Documents\Downloads\rpc412_setup.exe (PAssword.Tool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rony@\My Documents\Downloads\DownloadSetup.exe (PUP.Offerware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.exe (Trojan.Xanib) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.exe (Trojan.Xanib) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.exe (Trojan.Xanib) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.exe (Trojan.Xanib) -> Quarantined and deleted successfully.

(end)
  • 0

#10
Essexboy
Posted 14 February 2013 - 06:20 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK MBAM got the ones I couldn't :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected Keep safe :wave:
  • 0

#11
Essexboy
Posted 16 February 2013 - 06:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP