[pika3pika]

well the problem here is start with ssl error cant open certain web but before that i install hot spot shield that contain conduit on its program i already uninstall it and already use malware bytes to scan it and no virus but still got ssl error and some network problem . so anyone can help me ??? 

 

 

this is otl log

 

OTL logfile created on: 6/19/2014 10:49:39 PM - Run 4

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\dd\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 28.94% Memory free

3.85 Gb Paging File | 2.19 Gb Available in Paging File | 56.83% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 39.06 Gb Total Space | 12.49 Gb Free Space | 31.98% Space Free | Partition Type: NTFS

Drive D: | 35.46 Gb Total Space | 22.50 Gb Free Space | 63.45% Space Free | Partition Type: NTFS

 

Computer Name: DD-K | User Name: dd | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/06/05 20:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2014/02/19 13:36:11 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2013/10/03 19:27:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dd\Desktop\OTL.exe

PRC - [2011/07/21 12:12:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009/08/14 17:50:38 | 003,210,240 | ---- | M] () -- C:\Program Files\CE100 Dialer\ICard.exe

PRC - [2009/08/14 10:34:16 | 001,058,816 | ---- | M] () -- C:\Program Files\CE100 Dialer\PcxSvr.exe

PRC - [2009/08/11 19:22:04 | 000,096,768 | ---- | M] () -- C:\Program Files\CE100 Dialer\Driver\HaierDcService.exe

PRC - [2008/10/31 16:03:50 | 000,516,608 | ---- | M] () -- C:\Program Files\CE100 Dialer\IdleMng.exe

PRC - [2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/06/05 20:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll

MOD - [2014/06/05 20:58:37 | 014,612,296 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

MOD - [2014/06/05 20:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll

MOD - [2014/06/05 20:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

MOD - [2011/07/21 15:12:31 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2009/08/14 17:50:38 | 003,210,240 | ---- | M] () -- C:\Program Files\CE100 Dialer\ICard.exe

MOD - [2009/08/14 10:34:16 | 001,058,816 | ---- | M] () -- C:\Program Files\CE100 Dialer\PcxSvr.exe

MOD - [2009/08/11 19:22:04 | 000,096,768 | ---- | M] () -- C:\Program Files\CE100 Dialer\Driver\HaierDcService.exe

MOD - [2009/06/26 10:56:24 | 000,122,880 | R--- | M] () -- C:\Program Files\CE100 Dialer\MsmPlugs\HiFlyCT.plug

MOD - [2009/06/26 10:56:22 | 000,065,536 | R--- | M] () -- C:\Program Files\CE100 Dialer\MsmPlugs\HiFlyCT.base

MOD - [2009/06/05 15:35:24 | 000,524,800 | ---- | M] () -- C:\Program Files\CE100 Dialer\SvrAdpt.dll

MOD - [2009/05/06 17:14:14 | 000,237,568 | ---- | M] () -- C:\Program Files\CE100 Dialer\SyncAdpt.dll

MOD - [2009/04/21 15:00:28 | 000,409,600 | ---- | M] () -- C:\Program Files\CE100 Dialer\BaseLib.dll

MOD - [2009/03/12 14:45:38 | 000,486,400 | ---- | M] () -- C:\Program Files\CE100 Dialer\UiMng.dll

MOD - [2008/12/19 10:47:52 | 000,583,168 | ---- | M] () -- C:\Program Files\CE100 Dialer\PcxCfg.dll

MOD - [2008/10/31 16:03:50 | 000,516,608 | ---- | M] () -- C:\Program Files\CE100 Dialer\IdleMng.exe

MOD - [2008/05/02 22:46:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll

MOD - [2004/08/03 23:56:44 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2004/08/03 23:56:44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2003/05/01 17:23:28 | 000,041,472 | ---- | M] () -- C:\Program Files\CE100 Dialer\CsCvt.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2014/06/13 00:04:17 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/02/19 13:36:11 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/07/21 12:12:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\RAAH73\ÉVé¦éóâtâHâïâ_\winio.sys -- (WINIO)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\taphss.sys -- (taphss)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CT_SpeedUp_U_3.5G_drv.sys -- (CT_SpeedUp_U_3.5G_SERM)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Unknown] --  -- (aca3xedl)

DRV - [2014/06/15 23:04:12 | 000,320,120 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2014/06/14 22:17:03 | 000,053,208 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV - [2014/01/05 23:28:32 | 000,030,248 | ---- | M] (HTC1124 Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)

DRV - [2011/07/21 12:15:21 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/07/21 12:15:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2010/04/27 11:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger)

DRV - [2010/04/24 15:40:48 | 002,134,256 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2009/04/07 18:07:42 | 000,102,656 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3GDatausbser.sys -- (wirelessusbser)

DRV - [2004/08/03 22:07:46 | 000,223,616 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..keyword.URL: "http://id.search.yah...type=800236&p="

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=800236"

FF - prefs.js..network.proxy.type: 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@leeuu.com/npgboxruner;version=: C:\Documents and Settings\dd\Application Data\gbox\npgboxruner.dll File not found

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\dd\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

 

[2013/10/05 10:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dd\Application Data\Mozilla\Firefox\Profiles\2kwwunmj.default\extensions

[2013/08/09 23:34:00 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\dd\Application Data\Mozilla\Firefox\Profiles\2kwwunmj.default\searchplugins\yahoo.xml

 

O1 HOSTS File: ([2014/06/16 12:39:28 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HaierDcService] C:\Program Files\CE100 Dialer\Driver\HaierDcService.exe ()

O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes Anti-Exploit] C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe File not found

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime File not found

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B71C9C06-5A9A-49F9-B40D-2738871E7044}: NameServer = 118.98.44.100 202.134.1.10

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/01/22 20:35:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{8b8e9c9b-262f-11e0-975c-8d162485062b}\Shell - "" = AutoRun

O33 - MountPoints2\{8b8e9c9b-262f-11e0-975c-8d162485062b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{8b8e9c9b-262f-11e0-975c-8d162485062b}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/06/19 13:13:39 | 000,102,656 | ---- | C] (QUALCOMM Incorporated) -- C:\WINDOWS\System32\drivers\3GDatausbser.sys

[2014/06/19 13:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CE100 Dialer

[2014/06/19 11:54:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2

[2014/06/16 12:21:22 | 000,000,000 | ---D | C] -- C:\Documents

[2014/06/16 12:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RogueKiller

[2014/06/15 23:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite

[2014/06/15 22:37:45 | 000,000,000 | ---D | C] -- C:\Extra.story.of.Lunatic.Princess

[2014/06/14 23:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2014/06/14 13:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\Hit Malware

[2014/06/13 21:51:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2014/06/12 00:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Hotspot Shield

[2014/06/11 20:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

[2014/06/11 19:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Google

 

========== Files - Modified Within 30 Days ==========

 

[2014/06/19 19:54:32 | 000,182,844 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2014/06/19 19:37:57 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\dd\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk

[2014/06/19 19:37:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/06/19 13:13:36 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\dd\Desktop\CE100 Dialer.lnk

[2014/06/19 12:53:16 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2014/06/18 00:32:05 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys

[2014/06/16 13:17:41 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2014/06/16 13:17:41 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2014/06/16 13:17:13 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\dd\My Documents\Default.rdp

[2014/06/16 12:21:22 | 000,026,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys

[2014/06/14 22:17:03 | 000,053,208 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2014/06/11 21:35:06 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\dd\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2014/06/11 20:54:26 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2014/06/10 20:14:44 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2014/06/09 13:30:50 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\dd\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2014/06/04 14:08:12 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2014/05/25 20:40:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

 

========== Files Created - No Company Name ==========

 

[2014/06/19 13:13:36 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\dd\Desktop\CE100 Dialer.lnk

[2014/06/16 13:17:13 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\dd\My Documents\Default.rdp

[2014/06/16 12:21:22 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys

[2014/06/11 20:54:26 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\dd\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2014/06/11 20:54:26 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2014/06/09 13:30:49 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\dd\Start Menu\Programs\Internet Explorer.lnk

[2014/06/04 14:08:12 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2014/04/20 13:42:44 | 000,010,498 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lpm.dat

[2014/02/24 13:19:50 | 000,004,360 | ---- | C] () -- C:\WINDOWS\SU-7000 3.5G CDMA Mobile Connect.INI

[2014/02/17 12:20:52 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini

[2013/10/08 20:47:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/08/05 17:55:07 | 000,000,248 | ---- | C] () -- C:\WINDOWS\_delis32.ini

[2012/04/26 21:34:15 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\dd\jagex_cl_runescape_LIVE.dat

[2012/04/26 21:34:15 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\dd\random.dat

[2011/01/25 23:38:46 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\dd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/22 20:45:03 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

 

========== ZeroAccess Check ==========

 

[2011/01/22 20:43:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2004/08/03 23:56:46 | 001,483,264 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/03 23:56:44 | 000,472,064 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/03 23:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2014/05/07 22:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search

[2011/02/15 11:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2013/12/24 23:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames

[2014/04/12 22:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit

[2013/12/24 23:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maximize Games

[2013/12/14 21:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NatGeoGames

[2014/01/10 20:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2012/12/09 21:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2014/06/16 12:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RogueKiller

[2014/02/17 13:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2014/02/17 12:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan

[2013/07/28 12:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}

[2013/12/24 23:51:53 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\dd\Application Data\.#

[2014/03/10 15:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dd\Application Data\AdbDriverInstaller

[2012/02/04 21:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dd\Application Data\DAEMON Tools Lite

[2011/03/11 14:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dd\Application Data\FALCOM

[2011/01/30 18:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dd\Application Data\Foxit Software

[2013/11/22 23:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dd\Application Data\Free MP3 WMA Cutter

[2013/06/09 23:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dd\Application Data\gbox

[2014/06/14 13:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dd\Application Data\IObit

[2013/12/24 23:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dd\Application Data\Maximize Games

[2013/12/14 21:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dd\Application Data\NatGeoGames

[2011/10/31 21:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dd\Application Data\OpenOffice.org

[2014/01/10 20:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dd\Application Data\PlayFirst

[2011/06/12 22:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dd\Application Data\Rovio

[2013/09/30 21:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dd\Application Data\splitscreen

[2012/08/07 00:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dd\Application Data\Unity

[2013/06/16 18:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dd\Application Data\Virtual City

 

========== Purity Check ==========

 

 

 

========== Files - Unicode (All) ==========

[2013/08/22 20:35:09 | 000,195,126 | ---- | M] ()(C:\Documents and Settings\dd\My Documents\?? P1020075.JPG) -- C:\Documents and Settings\dd\My Documents\旋转 P1020075.JPG

[2013/08/22 20:32:21 | 000,195,126 | ---- | C] ()(C:\Documents and Settings\dd\My Documents\?? P1020075.JPG) -- C:\Documents and Settings\dd\My Documents\旋转 P1020075.JPG

[2011/08/27 19:05:06 | 000,000,000 | ---D | M](C:\(C79)(??RPG) [???~?] ?????? C79???) -- C:\(C79)(同人RPG) [永久る～ぷ] 双子魔法組曲 C79体験版

[2011/05/05 16:05:40 | 381,379,152 | ---- | C] ()(C:\??????????~extra story of Lunatic Princess.CD.bin) -- C:\東方琳瑯抄えくすとら～extra story of Lunatic Princess.CD.bin

[2011/05/05 15:36:30 | 296,855,774 | ---- | C] ()(C:\[110422][697486][??????] ????????????? ????Disc (mdf+mds+????? rr3%).rar) -- C:\[110422][697486][エウシュリー] 神採りアルケミーマイスター 予約特典Disc (mdf+mds+ジャケット rr3%).rar

[2011/04/30 21:12:43 | 000,000,000 | ---D | C](C:\(C79)(??RPG) [???~?] ?????? C79???) -- C:\(C79)(同人RPG) [永久る～ぷ] 双子魔法組曲 C79体験版

[2011/04/20 23:00:07 | 296,855,774 | ---- | M] ()(C:\[110422][697486][??????] ????????????? ????Disc (mdf+mds+????? rr3%).rar) -- C:\[110422][697486][エウシュリー] 神採りアルケミーマイスター 予約特典Disc (mdf+mds+ジャケット rr3%).rar

[2010/09/20 19:24:47 | 381,379,152 | ---- | M] ()(C:\??????????~extra story of Lunatic Princess.CD.bin) -- C:\東方琳瑯抄えくすとら～extra story of Lunatic Princess.CD.bin

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:931BB48A

 

< End of report >

 

[Advertisements]

Welcome back,

Please post the Extras.txt located in the same folder as OTL.exe.

[Valinorum]

Welcome back,

Please post the Extras.txt located in the same folder as OTL.exe.

[pika3pika]

err wait i dont see any extra txt. i only see otl txt . i just run the otl like in main page using quick scan nothing else not changing any option at the otl program

[Valinorum]

Did you run any tools prior coming here? Also, did you create the following files --

[2013/08/22 20:35:09 | 000,195,126 | ---- | M] ()(C:\Documents and Settings\dd\My Documents\?? P1020075.JPG) -- C:\Documents and Settings\dd\My Documents\旋转 P1020075.JPG
[2013/08/22 20:32:21 | 000,195,126 | ---- | C] ()(C:\Documents and Settings\dd\My Documents\?? P1020075.JPG) -- C:\Documents and Settings\dd\My Documents\旋转 P1020075.JPG
[2011/08/27 19:05:06 | 000,000,000 | ---D | M](C:\(C79)(??RPG) [???~?] ?????? C79???) -- C:\(C79)(同人RPG) [永久る～ぷ] 双子魔法組曲 C79体験版
[2011/05/05 16:05:40 | 381,379,152 | ---- | C] ()(C:\??????????~extra story of Lunatic Princess.CD.bin) -- C:\東方琳瑯抄えくすとら～extra story of Lunatic Princess.CD.bin
[2011/05/05 15:36:30 | 296,855,774 | ---- | C] ()(C:\[110422][697486][??????] ????????????? ????Disc (mdf+mds+????? rr3%).rar) -- C:\[110422][697486][エウシュリー] 神採りアルケミーマイスター 予約特典Disc (mdf+mds+ジャケット rr3%).rar
[2011/04/30 21:12:43 | 000,000,000 | ---D | C](C:\(C79)(??RPG) [???~?] ?????? C79???) -- C:\(C79)(同人RPG) [永久る～ぷ] 双子魔法組曲 C79体験版
[2011/04/20 23:00:07 | 296,855,774 | ---- | M] ()(C:\[110422][697486][??????] ????????????? ????Disc (mdf+mds+????? rr3%).rar) -- C:\[110422][697486][エウシュリー] 神採りアルケミーマイスター 予約特典Disc (mdf+mds+ジャケット rr3%).rar
[2010/09/20 19:24:47 | 381,379,152 | ---- | M] ()(C:\??????????~extra story of Lunatic Princess.CD.bin) -- C:\東方琳瑯抄えくすとら～extra story of Lunatic Princess.CD.bin

[pika3pika]

wait i did not changed anything but i do run tools like eset online and other stuff that can flush dns to repair my ssl coz that time my internet connection so slow and i try few program to fixed it and nothing happened

[Valinorum]

Did you create/need the above files I listed?

[pika3pika]

why?? is it cause harm?? the jpg is a picture dont need it . the c 79 is a game file mds and mdf is also a game file japanese game file . well if it cause trouble well its okay. that's all both only game and picture.

[Valinorum]

Hi,

No they are fine. I wanted to make sure that they were created at your discretion.

• Step #1 Fix with AdwCleaner
  • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Download Link #1
    • Download Link #2
  • Right-click on AdwCleaner.exe and choose Run as administrator;
  • Click on Scan and let the program run unhindered;
  • When done, click on Clean and allow the system to reboot after it is done;
  • A log will be opened automatically after the restart;
  • Copy and Paste the contents of this log in your reply.

 

• Step #2 Fix with Junkware Removal Tool
  Download Junkware Removal Tool by thisisu to your Desktop from the link below.
  Download Link 1
  Download Link 2
  • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
  • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
  • Please be patient as the tool cleans your system;
  • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
  • Copy and Paste the contents of the log in your next reply.

 

• Step #3 Scan with Farbar Recovery Scan Tool
  • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
    Download link for 32 bit system
    Download link for 64 bit system
  • Right-click on the program and choose Run as administrator;
  • Put tick-mark on all boxes under Whitelist and Optional Scan;
  • Click on Scan;
  • After the scan two notepad files will be opened --
    • FRST.txt;
    • Addition.txt
  • Copy and Paste the contents of the logs in your next reply.

 

• Required Log(s):
  • AdwCleaner Log
  • Junwkare Removal Tool Log
  • FRST Log(s) --
    • FRST.txt
    • Addition.txt

Regards,
Valinorum

[pika3pika]

# AdwCleaner v3.213 - Report created 24/06/2014 at 19:18:49

# Updated 23/06/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)

# Username : dd - DD-K

# Running from : C:\Documents and Settings\dd\My Documents\Downloads\AdwCleaner (1).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search

Folder Deleted : C:\Program Files\VideoPerformer

Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\YourFileDownloader\Downloader.exe]

Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\YourFileDownloader\YourFile.exe]

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\hdcode

Key Deleted : HKLM\Software\winzipersvc

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v6.0.2900.2180

 

 

-\\ Mozilla Firefox v

 

[ File : C:\Documents and Settings\dd\Application Data\Mozilla\Firefox\Profiles\2kwwunmj.default\prefs.js ]

 

 

-\\ Google Chrome v35.0.1916.153

 

[ File : C:\Documents and Settings\dd\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R2].txt - [5365 octets] - [24/06/2014 19:15:24]

AdwCleaner[S1].txt - [5366 octets] - [24/06/2014 19:18:49]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5426 octets] ##########

[pika3pika]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Microsoft Windows XP x86

Ran by dd on Tue 06/24/2014 at 19:22:46.62

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 06/24/2014 at 19:28:08.50

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[pika3pika]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014

Ran by dd (administrator) on DD-K on 24-06-2014 19:29:58

Running from C:\Documents and Settings\dd\My Documents\Downloads

Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 6

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

() C:\Program Files\CE100 Dialer\Driver\HaierDcService.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

() C:\Program Files\CE100 Dialer\ICard.exe

() C:\Program Files\CE100 Dialer\PcxSvr.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33741424 2010-05-04] (VIA Technologies, Inc.)

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-03] (Microsoft Corporation)

HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-03] ()

HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)

HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)

HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k

HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13529088 2008-05-02] (NVIDIA Corporation)

HKLM\...\Run: [nwiz] => nwiz.exe /install

HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [86016 2008-05-02] (NVIDIA Corporation)

HKLM\...\Run: [ISUSPM Startup] => c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)

HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()

HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768 2011-04-21] (Avira GmbH)

HKLM\...\Run: [QuickTime Task] => "c:\program files\quicktime\qttask.exe" -atboottime

HKLM\...\Run: [NeroFilterCheck] => c:\windows\system32\nerocheck.exe [155648 2001-07-09] (Ahead Software Gmbh)

HKLM\...\Run: [ISUSScheduler] => c:\program files\common files\installshield\updateservice\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)

HKLM\...\Run: [HaierDcService] => C:\Program Files\CE100 Dialer\Driver\HaierDcService.exe [96768 2009-08-11] ()

HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0

HKLM\...\Policies\Explorer: [NoResolveSearch] 1

HKU\S-1-5-21-1482476501-1637723038-725345543-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

HKU\S-1-5-21-1482476501-1637723038-725345543-1003\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Documents and Settings\dd\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk

ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 

SearchScopes: HKLM - DefaultScope value is missing.

BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: 127.0.0.1 localhost

Tcpip\..\Interfaces\{B71C9C06-5A9A-49F9-B40D-2738871E7044}: [NameServer]118.98.44.100 202.134.1.10

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @leeuu.com/npgboxruner;version= - C:\Documents and Settings\dd\Application Data\gbox\npgboxruner.dll No File

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\dd\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-01-22]

 

Chrome: 

=======

CHR HomePage: 

CHR DefaultSearchKeyword: google.co.id

CHR Extension: (Google Docs) - C:\Documents and Settings\dd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-20]

CHR Extension: (Google Drive) - C:\Documents and Settings\dd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-20]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\dd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-20]

CHR Extension: (YouTube) - C:\Documents and Settings\dd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-20]

CHR Extension: (Google Search) - C:\Documents and Settings\dd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-20]

CHR Extension: (Google Wallet) - C:\Documents and Settings\dd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-20]

CHR Extension: (Gmail) - C:\Documents and Settings\dd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-20]

CHR HKLM\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Documents and Settings\dd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\serach.crx [2014-06-20]

CHR HKLM\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Documents and Settings\dd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx [2014-06-20]

 

========================== Services (Whitelisted) =================

 

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100352 2004-08-03] (Microsoft Corporation)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360 2011-04-21] (Avira GmbH)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-21] (Avira GmbH)

S3 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-02-19] (Oracle Corporation)

S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2005-05-04] (Microsoft Corporation) [File not signed]

S1684112708 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2004-08-03] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] ()

R1 avgio; C:\Program Files\Avira\AntiVir Desktop\avgio.sys [11608 2010-06-17] (Avira GmbH)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [66616 2011-07-21] (Avira GmbH)

R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [138192 2011-07-21] (Avira GmbH)

S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation)

R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows ® Server 2003 DDK provider) [File not signed]

S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-06-14] (Malwarebytes Corporation)

S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)

S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] ()

R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-06-15] (Duplex Secure Ltd.)

R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)

R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [223616 2004-08-03] (Microsoft Corporation)

R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2134256 2010-04-24] (VIA Technologies, Inc.)

R3 wirelessusbser; C:\WINDOWS\System32\DRIVERS\3GDatausbser.sys [102656 2009-04-07] (QUALCOMM Incorporated)

U3 a2ewum2x; C:\WINDOWS\system32\Drivers\a2ewum2x.sys [0 ] (Microsoft Corporation)

S3 CT_SpeedUp_U_3.5G_SERM; system32\DRIVERS\CT_SpeedUp_U_3.5G_drv.sys [X]

S4 IntelIde; No ImagePath

U5 P3; C:\Windows\System32\Drivers\P3.sys [42496 2004-08-04] (Microsoft Corporation)

S3 taphss; system32\DRIVERS\taphss.sys [X]

S3 WINIO; \??\C:\RAAH73\ÉVé¦éóâtâHâïâ_\winio.sys [X]

 

========================== Drivers MD5 =======================

 

C:\WINDOWS\System32\DRIVERS\ACPI.sys A10C7534F7223F4A73A948967D00E69B

C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5

C:\WINDOWS\System32\drivers\aec.sys 841F385C6CFAF66B58FBD898722BB4F0

C:\WINDOWS\System32\drivers\afd.sys 5AC495F4CB807B2B98AD2AD591E6D92E

C:\WINDOWS\System32\DRIVERS\AppleCharger.sys 75A8B998EB259DD512F01EA25BEC7F3B

C:\WINDOWS\System32\DRIVERS\asyncmac.sys 02000ABF34AF4C218C35D257024807D6

C:\WINDOWS\System32\DRIVERS\atapi.sys CDFE4411A69C224BD1D11B2DA92DAC51

C:\WINDOWS\System32\DRIVERS\atmarpc.sys EC88DA854AB7D7752EC8BE11A741BB7F

C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68

C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0B497C79824F8E1BF22FA6AACD3DE3A0

C:\WINDOWS\System32\DRIVERS\avgntflt.sys 1E4114685DE1FFA9675E09C6A1FB3F4B

C:\WINDOWS\System32\DRIVERS\avipbb.sys 0F78D3DAE6DEDD99AE54C9491C62ADF2

C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9

C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9

C:\WINDOWS\System32\DRIVERS\CCDECODE.sys 6163ED60B684BAB19D3352AB22FC48B2

C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B

C:\WINDOWS\system32\Drivers\Cdfs.sys CD7D5152DF32B47F4E36F710B35AAE02

C:\WINDOWS\System32\DRIVERS\cdrom.sys AF9C19B3100FE010496B1A27181FBF72

C:\WINDOWS\System32\DRIVERS\disk.sys 00CA44E4534865F8A3B64F7C0984BFF0

C:\WINDOWS\System32\drivers\dmboot.sys C0FBB516E06E243F0CF31F597E7EBF7D

C:\WINDOWS\System32\drivers\dmio.sys F5E7B358A732D09F4BCF2824B88B9E28

C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F

C:\WINDOWS\System32\drivers\DMusic.sys A6F881284AC1150E37D9AE47FF601267

C:\WINDOWS\System32\drivers\drmkaud.sys 1ED4DBBAE9F5D558DBBA4CC450E3EB2E

C:\WINDOWS\system32\Drivers\Fastfat.sys 3117F595E9615E04F05A54FC15A03B20

C:\WINDOWS\system32\Drivers\Fdc.sys CED2E8396A8838E59D8FD529C680E02C

C:\WINDOWS\system32\Drivers\Fips.sys E153AB8A11DE5452BCF5AC7652DBF3ED

C:\WINDOWS\system32\Drivers\Flpydisk.sys 0DD1DE43115B93F4D85E889D7A86F548

C:\WINDOWS\System32\DRIVERS\fltMgr.sys 157754F0DF355A9E0A6F54721914F9C6

C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A

C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D

C:\WINDOWS\System32\DRIVERS\msgpc.sys C0F1D4A21DE5A415DF8170616703DEBF

C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 3FCC124B6E08EE0E9351F717DD136939

C:\WINDOWS\System32\DRIVERS\hidusb.sys 1DE6783B918F540149AA69943BDFEBA8

C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys 06C01427CEAD2C285BB47608BFB9BF88

C:\WINDOWS\System32\Drivers\HTTP.sys C19B522A9AE0BBC3293397F3055E80A1

C:\WINDOWS\System32\DRIVERS\i8042prt.sys 5502B58EEF7486EE6F93F3F164DCB808

C:\WINDOWS\System32\DRIVERS\imapi.sys F8AA320C6A0409C0380E5D8A99D76EC6

C:\WINDOWS\System32\DRIVERS\intelppm.sys 279FB78702454DFF2BB445F238C048D2

C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys 4448006B6BC60E6C027932CFC38D6855

C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182

C:\WINDOWS\System32\DRIVERS\ipinip.sys E1EC7F5DA720B640CD8FB8424F1B14BB

C:\WINDOWS\System32\DRIVERS\ipnat.sys B5A8E215AC29D24D60B4D1250EF05ACE

C:\WINDOWS\System32\DRIVERS\ipsec.sys 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\System32\DRIVERS\irenum.sys 50708DAA1B1CBB7D6AC1CF8F56A24410

C:\WINDOWS\System32\DRIVERS\isapnp.sys E504F706CCB699C2596E9A3DA1596E87

C:\WINDOWS\System32\DRIVERS\kbdclass.sys EBDEE8A2EE5393890A1ACEE971C4C246

C:\WINDOWS\System32\DRIVERS\kbdhid.sys E182FA8E49E8EE41B4ADC53093F3C7E6

C:\WINDOWS\System32\drivers\kmixer.sys D93CAD07C5683DB066B0B2D2D3790EAD

C:\WINDOWS\system32\Drivers\KSecDD.sys EB7FFE87FD367EA8FCA0506F74A87FBB

C:\WINDOWS\system32\drivers\mbamchameleon.sys DC7E770CD68E91FB65B2D841741F43F6

C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6

C:\WINDOWS\system32\Drivers\Modem.sys 6FC6F9D7ACC36DCA9B914565A3AEDA05

C:\WINDOWS\System32\DRIVERS\mouclass.sys 34E1F0031153E491910E12551400192C

C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685

C:\WINDOWS\system32\Drivers\MountMgr.sys 65653F3B4477F3C63E68A9659F85EE2E

C:\WINDOWS\System32\DRIVERS\mrxdav.sys 46EDCC8F2DB2F322C24F48785CB46366

C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 1FD607FC67F7F7C633C3DA65BFC53D18

C:\WINDOWS\system32\Drivers\Msfs.sys 561B3A4333CA2DBDBA28B5B956822519

C:\WINDOWS\System32\drivers\MSKSSRV.sys AE431A8DD3C1D0D0610CDBAC16057AD0

C:\WINDOWS\System32\drivers\MSPCLOCK.sys 13E75FEF9DFEB08EEDED9D0246E1F448

C:\WINDOWS\System32\drivers\MSPQM.sys 1988A33FF19242576C3D0EF9CE785DA7

C:\WINDOWS\System32\DRIVERS\mssmbios.sys 469541F8BFD2B32659D5D463A6714BCE

C:\WINDOWS\System32\drivers\MSTEE.sys BF13612142995096AB084F2DB7F40F77

C:\WINDOWS\system32\Drivers\Mup.sys 82035E0F41C2DD05AE41D27FE6CF7DE1

C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys 5C8DC6429C43DC6177C1FA5B76290D1A

C:\WINDOWS\system32\Drivers\NDIS.sys 558635D3AF1C7546D26067D5D9B6959E

C:\WINDOWS\System32\DRIVERS\NdisIP.sys 520CE427A8B298F54112857BCF6BDE15

C:\WINDOWS\System32\DRIVERS\ndistapi.sys 08D43BBDACDF23F34D79E44ED35C1B4C

C:\WINDOWS\System32\DRIVERS\ndisuio.sys 34D6CD56409DA9A7ED573E1C90A308BF

C:\WINDOWS\System32\DRIVERS\ndiswan.sys 0B90E255A9490166AB368CD55A529893

C:\WINDOWS\system32\Drivers\NDProxy.sys 59FC3FB44D2669BC144FD87826BB571F

C:\WINDOWS\System32\DRIVERS\netbios.sys 3A2ACA8FC1D7786902CA434998D7CEB4

C:\WINDOWS\System32\DRIVERS\netbt.sys 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\Npfs.sys 4F601BCB8F64EA3AC0994F98FED03F8E

C:\WINDOWS\system32\Drivers\Ntfs.sys B78BE402C3F63DD55521F73876951CDD

C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD

C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 8E72E452B9CC1E455D19E3C9FA964D37

C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57

C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9

C:\WINDOWS\System32\DRIVERS\parport.sys 29744EB4CE659DFE3B4122DEB45BC478

C:\WINDOWS\system32\Drivers\PartMgr.sys 3334430C29DC338092F79C38EF7B4CD0

C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1

C:\WINDOWS\System32\DRIVERS\pci.sys 8086D9979234B603AD5BC2F5D890B234

C:\WINDOWS\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0

C:\WINDOWS\system32\Drivers\Pcmcia.sys 82A087207DECEC8456FBE8537947D579

C:\WINDOWS\System32\DRIVERS\raspptp.sys 1C5CC65AAC0783C344F16353E60B72AC

C:\WINDOWS\System32\DRIVERS\psched.sys 48671F327553DCF1D27F6197F622A668

C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD

C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C

C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 98FAEB4A4DCF812BA1C6FCA4AA3E115C

C:\WINDOWS\System32\DRIVERS\raspppoe.sys 7306EEED8895454CBED4669BE9F79FAA

C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242

C:\WINDOWS\System32\DRIVERS\rdbss.sys 29D66245ADBA878FFF574CD66ABD2884

C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332

C:\WINDOWS\System32\DRIVERS\rdpdr.sys A2CAE2C60BC37E0751EF9DDA7CEAF4AD

C:\WINDOWS\system32\Drivers\RDPWD.sys D4F5643D7714EF499AE9527FDCD50894

C:\WINDOWS\System32\DRIVERS\redbook.sys B31B4588E4086D8D84ADBF9845C2402B

C:\WINDOWS\System32\DRIVERS\secdrv.sys D26E26EA516450AF9D072635C60387F4

C:\WINDOWS\System32\DRIVERS\serenum.sys A2D868AEEFF612E70E213C451A70CAFB

C:\WINDOWS\System32\DRIVERS\serial.sys CD9404D115A00D249F70A371B46D5A26

C:\WINDOWS\system32\Drivers\Sfloppy.sys 0D13B6DF6E9E101013A7AFB0CE629FE0

C:\WINDOWS\System32\DRIVERS\SLIP.sys 5CAEED86821FA2C6139E32E9E05CCDC9

C:\WINDOWS\System32\drivers\splitter.sys 8E186B8F23295D1E42C573B82B80D548

C:\WINDOWS\System32\Drivers\sptd.sys CBEAEA2729985BFB260641AB424E0166

C:\WINDOWS\System32\DRIVERS\sr.sys E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\System32\DRIVERS\srv.sys 20B7E396720353E4117D64D9DCB926CA

C:\WINDOWS\System32\DRIVERS\ssmdrv.sys A36EE93698802CD899F98BFD553D8185

C:\WINDOWS\System32\DRIVERS\StreamIP.sys 284C57DF5DC7ABCA656BC2B96A667AFB

C:\WINDOWS\System32\DRIVERS\swenum.sys 03C1BAE4766E2450219D20B993D6E046

C:\WINDOWS\System32\drivers\swmidi.sys 94ABC808FC4B6D7D2BBF42B85E25BB4D

C:\WINDOWS\System32\drivers\sysaudio.sys 650AD082D46BAC0E64C9C0E0928492FD

C:\WINDOWS\System32\DRIVERS\tcpip.sys 9F4B36614A0FC234525BA224957DE55C

C:\WINDOWS\System32\DRIVERS\tcpip6.sys 4D58BB1AE8841AAFD8790AD7E1E3B8EA

C:\WINDOWS\system32\Drivers\TDPIPE.sys 38D437CF2D98965F239B0ABCD66DCB0F

C:\WINDOWS\system32\Drivers\TDTCP.sys ED0580AF02502D00AD8C4C066B156BE9

C:\WINDOWS\System32\DRIVERS\termdd.sys A540A99C281D933F3D69D55E48727F47

C:\WINDOWS\System32\DRIVERS\tunmp.sys 87A0E9E18C10A9E454238E3330E2A26D

C:\WINDOWS\system32\Drivers\Udfs.sys 12F70256F140CD7D52C58C7048FDE657

C:\WINDOWS\System32\DRIVERS\update.sys AFF2E5045961BBC0A602BB6F95EB1345

C:\WINDOWS\System32\DRIVERS\usbccgp.sys BFFD9F120CC63BCBAA3D840F3EEF9F79

C:\WINDOWS\System32\DRIVERS\usbehci.sys 15E993BA2F6946B2BFBBFCD30398621E

C:\WINDOWS\System32\DRIVERS\usbhub.sys C72F40947F92CEA56A8FB532EDF025F1

C:\WINDOWS\System32\DRIVERS\usbprint.sys A42369B7CD8886CD7C70F33DA6FCBCF5

C:\WINDOWS\System32\DRIVERS\usbscan.sys A6BC71402F4F7DD5B77FD7F4A8DDBA85

C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 6CD7B22193718F1D17A47A1CD6D37E75

C:\WINDOWS\System32\DRIVERS\usbuhci.sys F8FD1400092E23C8F2F31406EF06167B

C:\WINDOWS\System32\Drivers\usbvideo.sys 8968FF3973A883C49E8B564200F565B9

C:\WINDOWS\System32\drivers\vga.sys 8A60EDD72B4EA5AEA8202DAF0E427925

C:\WINDOWS\System32\drivers\viahduaa.sys 029E0B9574D872582B4ADFB69EE82F0E

C:\WINDOWS\system32\Drivers\VolSnap.sys EE4660083DEBA849FF6C485D944B379B

C:\WINDOWS\System32\DRIVERS\wanarp.sys 984EF0B9788ABF89974CFED4BFBAACBC

C:\WINDOWS\System32\Drivers\wdf01000.sys 4769596D7CC0F5FA447D2BABC239672A

C:\WINDOWS\System32\drivers\wdmaud.sys 2797F33EBF50466020C430EE4F037933

C:\WINDOWS\System32\DRIVERS\3GDatausbser.sys CCAEC5175F1EBC6EB0DBD607EEA791C1

C:\WINDOWS\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8

C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS D5842484F05E12121C511AA93F6439EC

C:\WINDOWS\system32\Drivers\a2ewum2x.sys 

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-06-24 19:29 - 2014-06-24 19:30 - 00000000 ____D () C:\FRST

2014-06-24 19:28 - 2014-06-24 19:28 - 00000586 _____ () C:\Documents and Settings\dd\Desktop\JRT.txt

2014-06-24 19:15 - 2014-06-24 19:28 - 00000000 ____D () C:\AdwCleaner

2014-06-22 22:39 - 2014-06-22 22:39 - 00000691 _____ () C:\Documents and Settings\dd\Desktop\CE100 Dialer.lnk

2014-06-22 22:39 - 2014-06-22 22:39 - 00000000 ____D () C:\Program Files\CE100 Dialer

2014-06-22 22:39 - 2014-06-22 22:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CE100 Dialer

2014-06-22 22:39 - 2009-04-07 18:07 - 00102656 _____ (QUALCOMM Incorporated) C:\WINDOWS\system32\Drivers\3GDatausbser.sys

2014-06-19 11:59 - 2014-06-19 11:59 - 00001880 _____ () C:\WINDOWS\bitssetup.log

2014-06-16 13:17 - 2014-06-16 13:17 - 00000000 ____H () C:\Documents and Settings\dd\My Documents\Default.rdp

2014-06-16 12:21 - 2014-06-16 12:21 - 00026624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys

2014-06-16 12:21 - 2014-06-16 12:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller

2014-06-15 23:04 - 2014-06-15 23:04 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite

2014-06-15 22:37 - 2014-06-15 22:38 - 00000000 ____D () C:\Extra.story.of.Lunatic.Princess

2014-06-15 10:38 - 2014-06-15 10:38 - 00010207 _____ () C:\Documents and Settings\dd\Desktop\WMIC COMMAND.txt

2014-06-15 10:38 - 2014-06-15 10:38 - 00000000 _____ () C:\Documents and Settings\dd\Desktop\New Text Document.txt

2014-06-15 10:24 - 2014-06-15 10:24 - 00010673 _____ () C:\Documents and Settings\dd\Desktop\cmd command.txt

2014-06-14 23:00 - 2014-06-14 23:00 - 00000000 ____D () C:\Program Files\ESET

2014-06-14 13:48 - 2014-06-14 14:51 - 00000000 ____D () C:\Program Files\Hit Malware

2014-06-13 21:51 - 2014-06-13 21:51 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-06-12 00:40 - 2014-06-12 00:40 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Hotspot Shield

2014-06-11 20:54 - 2014-06-11 20:54 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2014-06-11 20:54 - 2014-06-11 20:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

2014-06-11 19:51 - 2014-06-11 20:54 - 00000000 ____D () C:\Program Files\Google

2014-06-09 13:30 - 2014-06-09 13:30 - 00000767 _____ () C:\Documents and Settings\dd\Start Menu\Programs\Internet Explorer.lnk

2014-06-04 14:08 - 2014-06-04 14:08 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-02 22:36 - 2014-06-02 22:36 - 00001257 _____ () C:\Documents and Settings\dd\Desktop\plastic smile canvas.txt

2014-06-02 22:28 - 2014-06-02 22:28 - 00001196 _____ () C:\Documents and Settings\dd\Desktop\kimi ni gohoushi.txt

 

==================== One Month Modified Files and Folders =======

 

2014-06-24 19:30 - 2014-06-24 19:29 - 00000000 ____D () C:\FRST

2014-06-24 19:30 - 2011-01-22 20:39 - 00000000 ____D () C:\Documents and Settings\dd\Local Settings\Temp

2014-06-24 19:28 - 2014-06-24 19:28 - 00000586 _____ () C:\Documents and Settings\dd\Desktop\JRT.txt

2014-06-24 19:28 - 2014-06-24 19:15 - 00000000 ____D () C:\AdwCleaner

2014-06-24 19:25 - 2011-01-22 20:34 - 00320595 _____ () C:\WINDOWS\WindowsUpdate.log

2014-06-24 19:20 - 2013-10-08 21:03 - 00182844 _____ () C:\WINDOWS\system32\nvapps.xml

2014-06-24 19:20 - 2012-05-08 20:46 - 00000159 _____ () C:\WINDOWS\wiadebug.log

2014-06-24 19:20 - 2012-05-08 20:46 - 00000049 _____ () C:\WINDOWS\wiaservc.log

2014-06-24 19:20 - 2011-01-22 20:39 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-06-24 19:19 - 2011-01-22 20:39 - 00032468 _____ () C:\WINDOWS\SchedLgU.Txt

2014-06-24 19:19 - 2011-01-22 20:39 - 00000178 ___SH () C:\Documents and Settings\dd\ntuser.ini

2014-06-23 00:29 - 2011-01-23 03:18 - 00000000 ____D () C:\WINDOWS\security

2014-06-23 00:20 - 2014-04-07 12:33 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-06-22 22:41 - 2012-03-17 06:05 - 01272963 _____ () C:\WINDOWS\setupapi.log

2014-06-22 22:41 - 2011-01-22 20:46 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups

2014-06-22 22:39 - 2014-06-22 22:39 - 00000691 _____ () C:\Documents and Settings\dd\Desktop\CE100 Dialer.lnk

2014-06-22 22:39 - 2014-06-22 22:39 - 00000000 ____D () C:\Program Files\CE100 Dialer

2014-06-22 22:39 - 2014-06-22 22:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CE100 Dialer

2014-06-21 23:19 - 2011-01-22 20:39 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini

2014-06-21 23:19 - 2011-01-22 20:38 - 00000178 ___SH () C:\Documents and Settings\NetworkService\ntuser.ini

2014-06-20 22:45 - 2011-01-24 14:43 - 00000000 ____D () C:\WINDOWS\system32\NtmsData

2014-06-20 22:44 - 2011-01-22 20:31 - 00000000 ____D () C:\WINDOWS\Registration

2014-06-19 23:01 - 2013-10-03 19:42 - 00055380 _____ () C:\Documents and Settings\dd\Desktop\OTL.Txt

2014-06-19 12:53 - 2011-01-23 03:23 - 00000211 ___SH () C:\boot.ini

2014-06-19 12:53 - 2001-08-23 19:00 - 00000827 _____ () C:\WINDOWS\system.ini

2014-06-19 12:53 - 2001-08-23 19:00 - 00000495 _____ () C:\WINDOWS\win.ini

2014-06-19 12:49 - 2011-01-28 18:29 - 00000000 ____D () C:\WINDOWS\pss

2014-06-19 12:49 - 2011-01-22 20:32 - 00000000 ____D () C:\WINDOWS\system32\Restore

2014-06-19 11:59 - 2014-06-19 11:59 - 00001880 _____ () C:\WINDOWS\bitssetup.log

2014-06-17 00:26 - 2011-01-22 20:34 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages

2014-06-16 13:17 - 2014-06-16 13:17 - 00000000 ____H () C:\Documents and Settings\dd\My Documents\Default.rdp

2014-06-16 13:17 - 2011-01-23 03:25 - 00508956 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-06-16 12:21 - 2014-06-16 12:21 - 00026624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys

2014-06-16 12:21 - 2014-06-16 12:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller

2014-06-16 00:26 - 2014-04-02 21:27 - 00000091 _____ () C:\Documents and Settings\dd\Desktop\anime hrs ntn.txt

2014-06-15 23:04 - 2014-06-15 23:04 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite

2014-06-15 23:04 - 2011-02-15 11:52 - 00320120 _____ (Duplex Secure Ltd.) C:\WINDOWS\system32\Drivers\sptd.sys

2014-06-15 22:38 - 2014-06-15 22:37 - 00000000 ____D () C:\Extra.story.of.Lunatic.Princess

2014-06-15 10:38 - 2014-06-15 10:38 - 00010207 _____ () C:\Documents and Settings\dd\Desktop\WMIC COMMAND.txt

2014-06-15 10:38 - 2014-06-15 10:38 - 00000000 _____ () C:\Documents and Settings\dd\Desktop\New Text Document.txt

2014-06-15 10:24 - 2014-06-15 10:24 - 00010673 _____ () C:\Documents and Settings\dd\Desktop\cmd command.txt

2014-06-14 23:00 - 2014-06-14 23:00 - 00000000 ____D () C:\Program Files\ESET

2014-06-14 22:17 - 2014-04-07 12:44 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-06-14 14:51 - 2014-06-14 13:48 - 00000000 ____D () C:\Program Files\Hit Malware

2014-06-14 13:29 - 2013-10-04 22:41 - 00000000 ____D () C:\Documents and Settings\dd\Application Data\IObit

2014-06-13 21:51 - 2014-06-13 21:51 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-06-13 21:35 - 2013-04-08 21:18 - 00004267 _____ () C:\WINDOWS\netfxocm.log

2014-06-13 21:35 - 2013-04-08 21:18 - 00001863 _____ () C:\WINDOWS\MedCtrOC.log

2014-06-13 21:35 - 2013-04-08 21:18 - 00001280 _____ () C:\WINDOWS\ocmsn.log

2014-06-13 21:35 - 2013-04-08 21:18 - 00000933 _____ () C:\WINDOWS\tabletoc.log

2014-06-13 21:35 - 2013-04-08 21:17 - 00019940 _____ () C:\WINDOWS\iis6.log

2014-06-13 21:35 - 2013-04-08 21:17 - 00019763 _____ () C:\WINDOWS\FaxSetup.log

2014-06-13 21:35 - 2013-04-08 21:17 - 00014468 _____ () C:\WINDOWS\ocgen.log

2014-06-13 21:35 - 2013-04-08 21:17 - 00012003 _____ () C:\WINDOWS\tsoc.log

2014-06-13 21:35 - 2013-04-08 21:17 - 00007076 _____ () C:\WINDOWS\comsetup.log

2014-06-13 21:35 - 2013-04-08 21:17 - 00005616 _____ () C:\WINDOWS\msmqinst.log

2014-06-13 21:35 - 2013-04-08 21:17 - 00004867 _____ () C:\WINDOWS\ntdtcsetup.log

2014-06-13 21:35 - 2013-04-08 21:17 - 00001917 _____ () C:\WINDOWS\imsins.log

2014-06-13 21:35 - 2013-04-08 21:17 - 00001267 _____ () C:\WINDOWS\msgsocm.log

2014-06-13 00:04 - 2012-08-07 12:48 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2014-06-13 00:04 - 2012-08-07 12:48 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2014-06-12 00:41 - 2011-01-22 20:38 - 00000000 __SHD () C:\Documents and Settings\LocalService

2014-06-12 00:40 - 2014-06-12 00:40 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Hotspot Shield

2014-06-11 21:26 - 2011-09-10 20:34 - 00000000 ____D () C:\Documents and Settings\dd\Local Settings\Application Data\Google

2014-06-11 20:54 - 2014-06-11 20:54 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2014-06-11 20:54 - 2014-06-11 20:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

2014-06-11 20:54 - 2014-06-11 19:51 - 00000000 ____D () C:\Program Files\Google

2014-06-11 19:10 - 2011-01-23 03:18 - 00000000 ____D () C:\WINDOWS\Driver Cache

2014-06-10 20:19 - 2012-02-18 21:10 - 00000000 ____D () C:\Documents and Settings\dd\Application Data\Skype

2014-06-10 20:14 - 2013-10-06 20:22 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk

2014-06-09 13:30 - 2014-06-09 13:30 - 00000767 _____ () C:\Documents and Settings\dd\Start Menu\Programs\Internet Explorer.lnk

2014-06-04 14:08 - 2014-06-04 14:08 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-04 14:08 - 2014-04-07 12:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-06-04 14:08 - 2014-04-07 12:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-02 22:36 - 2014-06-02 22:36 - 00001257 _____ () C:\Documents and Settings\dd\Desktop\plastic smile canvas.txt

2014-06-02 22:28 - 2014-06-02 22:28 - 00001196 _____ () C:\Documents and Settings\dd\Desktop\kimi ni gohoushi.txt

2014-06-02 20:31 - 2011-01-23 03:18 - 00000000 ____D () C:\WINDOWS\Provisioning

2014-05-30 23:13 - 2014-02-12 22:03 - 00000109 _____ () C:\Documents and Settings\dd\Desktop\web game android.txt

2014-05-25 20:40 - 2001-08-23 19:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

 

Files to move or delete:

====================

C:\Documents and Settings\dd\jagex_cl_runescape_LIVE.dat

C:\Documents and Settings\dd\random.dat

 

 

Some content of TEMP:

====================

C:\Documents and Settings\dd\Local Settings\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

==================== End Of Log ============================

[pika3pika]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-06-2014

Ran by dd at 2014-06-24 19:31:07

Running from C:\Documents and Settings\dd\My Documents\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: PC Cleaner Pro (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB}

AV: AntiVir Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

 

==================== Installed Programs ======================

 

7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)

Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)

Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avira AntiVir Personal - Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 10.2.0.2100 - Avira GmbH)

BeautyStrike1.6 Uninstall (HKLM\...\BeautyStrike1.6) (Version: 1.6 - www.BeautyStrike.com)

Combined Community Codec Pack BETA 2009-01-21 22:39 (HKLM\...\Combined Community Codec Pack BETA_is1) (Version: 2009.01.21.0 - CCCP Project)

DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)

DataCard v2.0.0 (HKLM\...\{84D238DD-CC71-47A2-B210-CE100_TATA}_is1) (Version:  - Singularity Software Ltd.)

DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)

DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.2 - DivX,Inc.)

Enable S3 for USB Device (HKLM\...\Enable S3 for USB Device) (Version:  - )

ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )

FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)

Free MP3 WMA Cutter 5.2.2 (HKLM\...\Free MP3 WMA Cutter_is1) (Version:  - FreeAudioVideoSoftTech, Inc.)

Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )

High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)

HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{AB4DDFCF-6CCB-4539-920B-74AD7CFB043D}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

HP Deskjet 1000 J110 series Help (HKLM\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)

HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{BBA8F374-46CC-4C97-A630-30DB52BB93F9}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)

Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

K-Lite Codec Pack 6.5.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.5.0 - )

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Matroska Pack (HKLM\...\Matroska Pack) (Version:  - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft AppLocale (HKLM\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )

MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)

Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)

ON_OFF Charge B10.0427.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)

OpenOffice.org 3.0 (HKLM\...\{F44DA61E-720D-4E79-871F-F6E628B33242}) (Version: 3.0.9358 - OpenOffice.org)

Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden

QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)

Skype・6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)

Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden

VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)

Virtual City (HKLM\...\{8867E31E-33BA-4DDD-A347-E4AF3F2232A1}) (Version: 1.0.0 - LeeGTs Games)

VLC media player 0.9.8a (HKLM\...\VLC media player) (Version: 0.9.8a - VideoLAN Team)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)

Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation)

Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

 

==================== Restore Points  =========================

 

19-06-2014 05:49:25 System Checkpoint

20-06-2014 06:51:16 System Checkpoint

22-06-2014 08:22:28 System Checkpoint

 

==================== Hosts content: ==========================

 

2001-08-23 19:00 - 2014-06-16 12:39 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

 

==================== Loaded Modules (whitelisted) =============

 

2014-03-19 22:45 - 2011-07-21 15:12 - 00355688 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

2014-06-22 22:39 - 2009-08-11 19:22 - 00096768 _____ () C:\Program Files\CE100 Dialer\Driver\HaierDcService.exe

2014-06-22 22:39 - 2009-08-14 17:50 - 03210240 _____ () C:\Program Files\CE100 Dialer\ICard.exe

2014-06-22 22:39 - 2009-04-21 15:00 - 00409600 _____ () C:\Program Files\CE100 Dialer\BaseLib.dll

2014-06-22 22:39 - 2008-12-19 10:47 - 00583168 _____ () C:\Program Files\CE100 Dialer\PcxCfg.dll

2014-06-22 22:39 - 2009-03-12 14:45 - 00486400 _____ () C:\Program Files\CE100 Dialer\UiMng.dll

2014-06-22 22:39 - 2009-06-05 15:35 - 00524800 _____ () C:\Program Files\CE100 Dialer\SvrAdpt.dll

2014-06-22 22:39 - 2003-05-01 17:23 - 00041472 _____ () C:\Program Files\CE100 Dialer\cscvt.dll

2014-06-22 22:39 - 2009-08-14 10:34 - 01058816 _____ () C:\Program Files\CE100 Dialer\PcxSvr.exe

2014-06-22 22:39 - 2009-05-06 17:14 - 00237568 _____ () C:\Program Files\CE100 Dialer\SyncAdpt.dll

2014-06-22 22:39 - 2009-06-26 10:56 - 00065536 ____R () C:\Program Files\CE100 Dialer\MsmPlugs\HiFlyCT.base

2014-06-22 22:39 - 2009-06-26 10:56 - 00122880 ____R () C:\Program Files\CE100 Dialer\MsmPlugs\HiFlyCT.plug

2004-08-03 23:56 - 2004-08-03 23:56 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

2004-08-03 23:56 - 2004-08-03 23:56 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

2014-06-11 20:54 - 2014-06-05 20:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll

2014-06-11 20:54 - 2014-06-05 20:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll

2014-06-11 20:54 - 2014-06-05 20:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

2014-06-11 20:54 - 2014-06-05 20:58 - 14612296 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:931BB48A

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/21/2014 11:19:57 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

 

Error: (06/21/2014 11:19:57 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

 

Error: (06/18/2014 01:12:43 AM) (Source: ESENT) (EventID: 490) (User: )

Description: svchost (836) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

Error: (06/12/2014 11:39:48 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The specified server cannot perform the requested operation.

 

Error: (06/12/2014 11:39:48 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.

 

Error: (06/12/2014 11:37:54 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The specified server cannot perform the requested operation.

 

Error: (06/12/2014 11:37:54 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The specified server cannot perform the requested operation.

 

Error: (06/12/2014 11:37:54 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.

 

Error: (06/11/2014 09:44:23 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application chrome.exe, version 35.0.1916.153, faulting module unknown, version 0.0.0.0, fault address 0xf50a14f6.

Processing media-specific event for [chrome.exe!ws!]

 

Error: (06/09/2014 02:17:58 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application hsscp.exe, version 3.37.0.23935, faulting module mshtml.dll, version 6.0.2900.2180, fault address 0x0005d45f.

Processing media-specific event for [hsscp.exe!ws!]

 

 

System errors:

=============

Error: (06/20/2014 00:51:19 PM) (Source: 0) (EventID: 2000) (User: )

Description: \Device\LanmanServer

 

Error: (06/20/2014 00:51:19 PM) (Source: 0) (EventID: 2000) (User: )

Description: \Device\LanmanServer

 

Error: (06/20/2014 00:51:11 PM) (Source: 0) (EventID: 2000) (User: )

Description: \Device\LanmanServer

 

Error: (06/20/2014 00:51:11 PM) (Source: 0) (EventID: 2000) (User: )

Description: \Device\LanmanServer

 

Error: (06/19/2014 10:53:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The System Restore Service service terminated with the following error: 

%%2

 

Error: (06/19/2014 10:53:06 AM) (Source: SRService) (EventID: 104) (User: )

Description: The System Restore initialization process failed.

 

Error: (06/18/2014 08:05:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The System Restore Service service terminated with the following error: 

%%2

 

Error: (06/18/2014 08:05:27 PM) (Source: SRService) (EventID: 104) (User: )

Description: The System Restore initialization process failed.

 

Error: (06/18/2014 02:47:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (06/18/2014 02:47:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).

 

 

Microsoft Office Sessions:

=========================

Error: (06/21/2014 11:19:57 PM) (Source: VSS) (EventID: 8193) (User: )

Description: CoCreateInstance0x80040206

 

Error: (06/21/2014 11:19:57 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp44800706BA

 

Error: (06/18/2014 01:12:43 AM) (Source: ESENT) (EventID: 490) (User: )

Description: svchost836C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

 

Error: (06/12/2014 11:39:48 PM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download....hrootseq.txtThe specified server cannot perform the requested operation.

 

Error: (06/12/2014 11:39:48 PM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download....rootseq.txtThis operation returned because the timeout period expired.

 

Error: (06/12/2014 11:37:54 PM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download....hrootseq.txtThe specified server cannot perform the requested operation.

 

Error: (06/12/2014 11:37:54 PM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download....hrootseq.txtThe specified server cannot perform the requested operation.

 

Error: (06/12/2014 11:37:54 PM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download....rootseq.txtThis operation returned because the timeout period expired.

 

Error: (06/11/2014 09:44:23 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe35.0.1916.153unknown0.0.0.0f50a14f6

 

Error: (06/09/2014 02:17:58 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: hsscp.exe3.37.0.23935mshtml.dll6.0.2900.21800005d45f

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 46%

Total physical RAM: 2046.42 MB

Available physical RAM: 1096.5 MB

Total Pagefile: 3939.12 MB

Available Pagefile: 3010.43 MB

Total Virtual: 2047.88 MB

Available Virtual: 1956.51 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:39.06 GB) (Free:12.28 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: () (Fixed) (Total:35.46 GB) (Free:22.5 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: A118A118)

Partition 1: (Active) - (Size=39 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=35 GB) - (Type=OF Extended)

 

==================== End Of Log ============================

[pika3pika]

Users shortcut scan result (x86) Version:22-06-2014

Ran by dd at 2014-06-24 19:31:44

Running from C:\Documents and Settings\dd\My Documents\Downloads

Boot Mode: Normal

==================== Shortcuts =============================

 

Shortcut: C:\Documents and Settings\All Users\Start Menu\Program Updates.lnk -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk -> C:\WINDOWS\system32\wupdmgr.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady 7.0.lnk -> C:\Program Files\Adobe\Photoshop 7.0\ImageReady.exe (Adobe Systems Incorporated)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop 7.0.lnk -> C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (Adobe Systems, Incorporated)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk -> C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HD ADeck.lnk -> C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk -> C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk -> C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk -> C:\Program Files\Movie Maker\moviemk.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger\Yahoo! Messenger.lnk -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Virtual City\Virtual City.lnk -> C:\Program Files\LeeGTs Games\Virtual City\VirtualCity.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Virtual City\Visit LeeGT-Games.lnk -> C:\Program Files\LeeGTs Games\Virtual City\LeeGT-Games.url ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\WINDOWS\Installer\{57752979-A1C9-4C02-856B-FBB27AC4E02C}\RichText.ico ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\PictureViewer.lnk -> C:\WINDOWS\Installer\{57752979-A1C9-4C02-856B-FBB27AC4E02C}\PictureViewer.ico ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\WINDOWS\Installer\{57752979-A1C9-4C02-856B-FBB27AC4E02C}\QTPlayer.ico ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.0\OpenOffice.org Base.lnk -> C:\Program Files\OpenOffice.org 3\program\sbase.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.0\OpenOffice.org Calc.lnk -> C:\Program Files\OpenOffice.org 3\program\scalc.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.0\OpenOffice.org Draw.lnk -> C:\Program Files\OpenOffice.org 3\program\sdraw.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.0\OpenOffice.org Impress.lnk -> C:\Program Files\OpenOffice.org 3\program\simpress.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.0\OpenOffice.org Math.lnk -> C:\Program Files\OpenOffice.org 3\program\smath.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.0\OpenOffice.org Writer.lnk -> C:\Program Files\OpenOffice.org 3\program\swriter.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.0\OpenOffice.org.lnk -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero StartSmart.lnk -> C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe (Ahead Software AG)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero Toolkit\Nero CD-DVD Speed.lnk -> C:\Program Files\Ahead\Nero Toolkit\CDSpeed.exe (Ahead Software AG)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero Toolkit\Nero DriveSpeed.lnk -> C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe (Ahead Software AG)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero Toolkit\Nero InfoTool.lnk -> C:\Program Files\Ahead\Nero Toolkit\InfoTool.exe (Ahead Software AG)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero 6 Ultra Edition\Nero BackItUp.lnk -> C:\Program Files\Ahead\Nero BackItUp\BackItUp.exe (Ahead Software AG)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero 6 Ultra Edition\Nero Burning ROM.lnk -> C:\Program Files\Ahead\Nero\nero.exe (Ahead Software AG)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero 6 Ultra Edition\Nero Cover Designer.lnk -> C:\Program Files\Ahead\CoverDesigner\CoverDes.exe (Ahead Software AG)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero 6 Ultra Edition\Nero ImageDrive.lnk -> C:\Program Files\Ahead\ImageDrive\ImageDrive.exe (Ahead Software AG)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero 6 Ultra Edition\Nero SoundTrax.lnk -> C:\Program Files\Ahead\Nero SoundTrax\SoundTrax.exe (Ahead Software AG)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero 6 Ultra Edition\Nero Wave Editor.lnk -> C:\Program Files\Ahead\Nero Wave Editor\WaveEdit.exe (Ahead Software AG)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\unins000.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk -> C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (MPC-HC Team)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk -> C:\Program Files\K-Lite Codec Pack\unins000.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Tools\Bitrate Calculator.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\minicalc.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Tools\Codec Tweak Tool.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudio.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\graphstudio.exe (MONOGRAM Mutimedia s.r.o.)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk -> C:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\VobSubStrip.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Tools\Xvid StatsReader.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\StatsReader.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk -> C:\Program Files\K-Lite Codec Pack\Info\faq.htm ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\All options.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files\HP\HP Software Update\hpwucli.exe (Hewlett-Packard)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk -> C:\Program Files\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Photo Creations\Uninstall HP Photo Creations.lnk -> C:\Program Files\HP Photo Creations\uninst.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Help.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HelpViewer\hpqlpvwr.exe (Hewlett-Packard Co.)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Printer Setup & Software.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetupLauncher.exe (Hewlett-Packard Co.)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Product Support Website.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\ProductSupportShortcut.url ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Shop for Supplies.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\hpqDTSS.exe (Hewlett-Packard Co.)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Freecell.lnk -> C:\WINDOWS\system32\freecell.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Hearts.lnk -> C:\WINDOWS\system32\mshearts.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Hearts.lnk -> C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Reversi.lnk -> C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Minesweeper.lnk -> C:\WINDOWS\system32\winmine.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Pinball.lnk -> C:\Program Files\Windows NT\Pinball\PINBALL.EXE (Cinematronics)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Solitaire.lnk -> C:\WINDOWS\system32\sol.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\WINDOWS\system32\spider.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Free MP3 WMA Cutter\Free MP3 WMA Cutter.lnk -> C:\Program Files\Free MP3 WMA Cutter\FreeMP3WMACutter.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Free MP3 WMA Cutter\Uninstall.lnk -> C:\Program Files\Free MP3 WMA Cutter\unins000.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN\FileASSASSIN.lnk -> C:\Program Files\FileASSASSIN\FileASSASSIN.exe (Malwarebytes)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN\Uninstall.lnk -> C:\Program Files\FileASSASSIN\uninst.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Player.lnk -> C:\Program Files\DivX\DivX Player\DivX Player.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack\Settings.lnk -> C:\Program Files\Combined Community Codec Pack\Settings.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack\Uninstall.lnk -> C:\Program Files\Combined Community Codec Pack\unins000.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\CE100 Dialer\CE100 Dialer.lnk -> C:\Program Files\CE100 Dialer\ICard.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\CE100 Dialer\DataCard Help.lnk -> C:\Program Files\CE100 Dialer\Help\English.chm ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\CE100 Dialer\Uninstall.lnk -> C:\Program Files\CE100 Dialer\unins000.exe ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Avira\AntiVir Desktop\AntiVir Help.lnk -> C:\Program Files\Avira\AntiVir Desktop\avwin.chm ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Avira\AntiVir Desktop\AntiVir on the Internet.lnk -> C:\Program Files\Avira\AntiVir Desktop\weblink.url ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Avira\AntiVir Desktop\Display readme.lnk -> C:\Program Files\Avira\AntiVir Desktop\readme.txt ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Avira\AntiVir Desktop\Start AntiVir.lnk -> C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\WINDOWS\system32\Com\comexp.msc ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\WINDOWS\system32\odbcad32.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Calculator.lnk -> C:\WINDOWS\system32\calc.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Paint.lnk -> C:\WINDOWS\system32\mspaint.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\WordPad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Backup.lnk -> C:\WINDOWS\system32\ntbackup.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\WINDOWS\system32\charmap.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\WINDOWS\system32\cleanmgr.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk -> C:\WINDOWS\system32\dfrg.msc ()

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk -> C:\WINDOWS\system32\usmt\migwiz.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Security Center.lnk -> C:\WINDOWS\system32\wscui.cpl (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\WINDOWS\system32\Restore\rstrui.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Sound Recorder.lnk -> C:\WINDOWS\system32\sndrec32.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Volume Control.lnk -> C:\WINDOWS\system32\sndvol32.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\HyperTerminal.lnk -> C:\Program Files\Windows NT\hypertrm.exe (Hilgraeve, Inc.)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Remote Desktop Connection.lnk -> C:\WINDOWS\system32\mstsc.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\Accessibility Wizard.lnk -> C:\WINDOWS\system32\accwiz.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)

Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()

Shortcut: C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk -> C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)

Shortcut: C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk -> C:\Program Files\FileASSASSIN\FileASSASSIN.exe (Malwarebytes)

Shortcut: C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Documents and Settings\All Users\Desktop\HD ADeck.lnk -> C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)

Shortcut: C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk -> C:\Program Files\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)

Shortcut: C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)

Shortcut: C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

Shortcut: C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\hpqDTSS.exe (Hewlett-Packard Co.)

Shortcut: C:\Documents and Settings\All Users\Desktop\Skype.lnk -> C:\WINDOWS\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe ()

Shortcut: C:\Documents and Settings\All Users\Desktop\Virtual City.lnk -> C:\Program Files\LeeGTs Games\Virtual City\VirtualCity.exe ()

Shortcut: C:\Documents and Settings\All Users\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe ()

Shortcut: C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\Microsoft AppLocale\AppLocale.lnk -> C:\Documents and Settings\dd\Application Data\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe ()

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\Microsoft AppLocale\readme.lnk -> C:\Documents and Settings\dd\Application Data\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe ()

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\Matroska Pack\MatroskaDiag.lnk -> C:\Program Files\Matroska Pack\MatroskaDiag\MatroskaDiag.exe ()

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\Matroska Pack\Read Me.lnk -> C:\Program Files\Matroska Pack\ReadMe_Full.html ()

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\Matroska Pack\Uninstall the Matroska Pack.lnk -> C:\Program Files\Matroska Pack\uninstall.exe (Matroska.org)

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\BeautyStrike1.6\BeautyStrike CS1.6.lnk -> C:\Program Files\BeautyStrike1.6\BeautyStrike\bs01cs.exe (www.beautystrike.com                                                                        )

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\BeautyStrike1.6\BeautyStrike CZ1.2.lnk -> C:\Program Files\BeautyStrike1.6\BeautyStrike\bs01cz.exe (www.beautystrike.com                                                                        )

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\BeautyStrike1.6\BeautyStrike.com.lnk -> C:\Program Files\BeautyStrike1.6\BeautyStrike\BeautyStrike.com.url ()

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\BeautyStrike1.6\CS1.6.lnk -> C:\Program Files\BeautyStrike1.6\BeautyStrike\cs00cs.exe (www.beautystrike.com                                                                        )

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\BeautyStrike1.6\CZ1.2.lnk -> C:\Program Files\BeautyStrike1.6\BeautyStrike\cs00cz.exe (www.beautystrike.com                                                                        )

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\BeautyStrike1.6\PlayBS.com.lnk -> C:\Program Files\BeautyStrike1.6\BeautyStrike\PlayBS.com.url ()

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\BeautyStrike1.6\Readme.lnk -> C:\Program Files\BeautyStrike1.6\BeautyStrike\readme.txt ()

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\Accessories\Address Book.lnk -> C:\Program Files\Outlook Express\wab.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\dd\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\dd\My Documents\My Pictures\Sample Pictures.lnk -> C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures ()

Shortcut: C:\Documents and Settings\dd\My Documents\My Music\Sample Music.lnk -> C:\Documents and Settings\All Users\Documents\My Music\Sample Music ()

Shortcut: C:\Documents and Settings\dd\Desktop\BeautyStrike CS1.6.lnk -> C:\Program Files\BeautyStrike1.6\BeautyStrike\bs01cs.exe (www.beautystrike.com                                                                        )

Shortcut: C:\Documents and Settings\dd\Desktop\BeautyStrike CZ1.2.lnk -> C:\Program Files\BeautyStrike1.6\BeautyStrike\bs01cz.exe (www.beautystrike.com                                                                        )

Shortcut: C:\Documents and Settings\dd\Desktop\CE100 Dialer.lnk -> C:\Program Files\CE100 Dialer\ICard.exe ()

Shortcut: C:\Documents and Settings\dd\Desktop\DivX Movies.lnk -> C:\Documents and Settings\dd\My Documents\My Videos\DivX Movies ()

Shortcut: C:\Documents and Settings\dd\Desktop\Shortcut to AngryBirds.exe.lnk -> C:\Documents and Settings\dd\My Documents\Downloads\Angry Birds by SphinX\Angry Birds by SphinX\AngryBirds.exe ()

Shortcut: C:\Documents and Settings\dd\Desktop\Shortcut to IEXPLORE.EXE.lnk -> C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

Shortcut: C:\Documents and Settings\dd\Desktop\Shortcut to System40.exe.lnk -> D:\AliceSoft\Rance6\System40.exe (アリスソフト)

Shortcut: C:\Documents and Settings\dd\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Documents and Settings\dd\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

Shortcut: C:\Documents and Settings\dd\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)

Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)

 

 

 

 

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk -> C:\WINDOWS\system32\control.exe (Microsoft Corporation) -> appwiz.cpl,,3

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN\Quick Settings\Reset VLC media player preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe () -> --reset-config --reset-plugins-cache vlc://quit

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to Direct3D (no hardware acceleration).lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe () -> --vout direct3d --overlay --no-directx-hw-yuv --save-config vlc://quit

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to Direct3D.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe () -> --vout direct3d --overlay --directx-hw-yuv --save-config vlc://quit

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to DirectX (no hardware acceleration).lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe () -> --vout directx --no-overlay --no-directx-hw-yuv --save-config vlc://quit

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to DirectX (no video overlay).lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe () -> --vout directx --no-overlay --directx-hw-yuv --save-config vlc://quit

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to DirectX.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe () -> --vout directx --overlay --directx-hw-yuv --save-config vlc://quit

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to OpenGL.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe () -> --vout opengl --overlay --save-config vlc://quit

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN\Quick Settings\Interface\Set Main Interface to Qt (default).lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe () -> -I qt --save-config vlc://quit

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN\Quick Settings\Interface\Set Main Interface to Skinnable.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe () -> -I skins --save-config vlc://quit

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN\Quick Settings\Audio\Set Audio mode to DirectX (default).lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe () -> --aout aout_directx --save-config vlc://quit

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN\Quick Settings\Audio\Set Audio mode to Waveout.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe () -> --aout waveout --save-config vlc://quit

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation) -> /i {57752979-A1C9-4C02-856B-FBB27AC4E02C} /qf

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Nero\Nero 6 Ultra Edition\Nero Express.lnk -> C:\Program Files\Ahead\Nero\nero.exe (Ahead Software AG) -> /w

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Quick Codec Config.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe () -> /showsections=intro,audio_config,various_tweaks,filter_config,dsfilter_management,sourcefilters

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Configuration\Cyberlink MPEG-2 decoder.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe (MONOGRAM Multimedia, s.r.o.) -> {516F1EFA-42F4-436E-801C-B752EB9343EB}

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll",DirectVobSub

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax",configureAudio

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow DXVA video decoder.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax",configureDXVA

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> "C:\WINDOWS\system32\ff_vfw.dll",configureVFW

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax",configure

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali Media Splitter.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\K-Lite Codec Pack\Filters\Haali\splitter.ax",Configure

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali video renderer.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe (MONOGRAM Multimedia, s.r.o.) -> {760A8F35-97E7-479D-AAF5-DA9EFF95D751}

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Configuration\madFLAC.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe (MONOGRAM Multimedia, s.r.o.) -> {6B257121-CBB6-46B3-ABFA-B14DFA98C4A6}

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe () -> /showsections=reset_settings

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Configuration\VP7 decoder.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe (MONOGRAM Multimedia, s.r.o.) -> {C204438D-6E1A-4309-B09C-0C0F749863AF}

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid encoder.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> "C:\WINDOWS\system32\xvidvfw.dll",Configure

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\Generate log with system information.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe () -> /showsections=generate_log

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\Manage ACM and VFW codecs.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe () -> /showsections=codec_management

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\Manage DirectShow filters.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe () -> /showsections=dsfilter_management

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\Manage preferred DirectShow source filters.lnk -> C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe () -> /showsections=sourcefilters

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HP Deskjet 1000 J110 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\HP Product Improvement Study.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe (Hewlett-Packard Co.) -> /changesettings /UA 9.5 /DDV 0x0805

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Uninstall.lnk -> C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation) -> /qb /x {AB4DDFCF-6CCB-4539-920B-74AD7CFB043D}

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DivX\Check for Updates.lnk -> C:\Program Files\DivX\DivX Control Panel\DivXControlPanelLauncher.exe (DivX, Inc.) -> /start=update

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DivX\Codec Settings.lnk -> C:\Program Files\DivX\DivX Control Panel\DivXControlPanelLauncher.exe (DivX, Inc.) -> /start=decoder

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\DivX\Register.lnk -> C:\Program Files\DivX\DivX Control Panel\DivXControlPanelLauncher.exe (DivX, Inc.) -> /start=registration

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack\Filters\FFDShow Audio Decoder Configuration.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ffdshow.ax",configureAudio

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack\Filters\FFDShow VFW Codec Configuration.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll",configureVFW

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack\Filters\FFDShow Video Decoder Configuration.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ffdshow.ax",configure

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack\Filters\Haali Media Splitter Settings.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\Combined Community Codec Pack\Filters\Haali\Splitter.ax",Configure

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack\Filters\VSFilter Configuration.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\Combined Community Codec Pack\Filters\vsfilter.dll",DirectVobSub

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc () -> /s

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.msc () -> /s

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Local Security Policy.lnk -> C:\WINDOWS\system32\secpol.msc () -> /s

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Performance.lnk -> C:\WINDOWS\system32\perfmon.msc () -> /s

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk -> C:\WINDOWS\system32\services.msc () -> /s

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Scanner and Camera Wizard.lnk -> C:\WINDOWS\system32\wiaacmgr.exe (Microsoft Corporation) -> -SelectDevice

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{D6277990-4C6A-11CF-8D87-00AA0060F5BF}

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Connections.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007acc7-3202-11d1-aad2-00805fc1270e}

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Setup Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> hnetwiz.dll,HomeNetWizardRunDll

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\New Connection Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> netshell.dll,StartNCW

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> shell32.dll,Control_RunDLL NetSetup.cpl,@0,WNSW

ShortcutWithArgument: C:\Documents and Settings\All Users\Desktop\HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HP Deskjet 1000 J110 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage

ShortcutWithArgument: C:\Documents and Settings\dd\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA

ShortcutWithArgument: C:\Documents and Settings\dd\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\Documents and Settings\dd\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\HP\HP Deskjet 1000 J110 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN36K19MJS05YD;CONNECTION=USB;MONITOR=1;

ShortcutWithArgument: C:\Documents and Settings\dd\Start Menu\Programs\Microsoft AppLocale\king.lnk -> C:\WINDOWS\AppPatch\AppLoc.exe (Microsoft Corporation) -> "D:\Program Files\king\king.exe" "/L0411"

ShortcutWithArgument: C:\Documents and Settings\dd\Start Menu\Programs\Matroska Pack\FFdshow Audio.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> ffdshow.ax,configureAudio

ShortcutWithArgument: C:\Documents and Settings\dd\Start Menu\Programs\Matroska Pack\FFdshow.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> ffdshow.ax,configure

ShortcutWithArgument: C:\Documents and Settings\dd\Start Menu\Programs\Matroska Pack\Haali Media Splitter.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> splitter.ax,Configure

ShortcutWithArgument: C:\Documents and Settings\dd\Start Menu\Programs\Matroska Pack\VSFilter.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> vsfilter.dll,DirectVobSub

ShortcutWithArgument: C:\Documents and Settings\dd\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\Documents and Settings\dd\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start

ShortcutWithArgument: C:\Documents and Settings\dd\SendTo\Skype.lnk -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:

ShortcutWithArgument: C:\Documents and Settings\dd\Application Data\Yahoo!\Messenger\Shortcut\Auky.lnk -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) ->  ymsgr:sendim?dreams_of_the_dragons

ShortcutWithArgument: C:\Documents and Settings\dd\Application Data\Yahoo!\Messenger\Shortcut\baobelee.lnk -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) ->  ymsgr:sendim?baobelee

ShortcutWithArgument: C:\Documents and Settings\dd\Application Data\Yahoo!\Messenger\Shortcut\Fransiska Febriani.lnk -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) ->  ymsgr:sendim?fransiska_ffk

ShortcutWithArgument: C:\Documents and Settings\dd\Application Data\Yahoo!\Messenger\Shortcut\haryanto setiawan.lnk -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) ->  ymsgr:sendim?yanto_setiawan2002

ShortcutWithArgument: C:\Documents and Settings\dd\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA

ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start

 

 

InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\Free MP3 WMA Cutter\Free MP3 WMA Cutter on the Web.url -> hxxp://www.freeaudiovideosoft.com/

InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\Free MP3 WMA Cutter\More Free Tools.url -> hxxp://www.freeaudiovideosoft.com/

InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack\CCCP Website.url -> hxxp://www.cccp-project.net/

InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack\Playback FAQ.url -> hxxp://www.cccp-project.net/wiki/index.php?title=Main_Page

InternetURL: C:\Documents and Settings\dd\My Documents\Downloads\AIRFIGHTERS-PRO-APK-Andropalace.net\LIKE US ON FACEBOOK.URL -> hxxp://www.facebook.com/Andropalace

InternetURL: C:\Documents and Settings\dd\Favorites\Download IObit Freeware.url -> hxxp://www.iobit.com/

InternetURL: C:\Documents and Settings\dd\Favorites\MSN.com.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart

InternetURL: C:\Documents and Settings\dd\Favorites\Radio Station Guide.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=

InternetURL: C:\Documents and Settings\dd\Favorites\Links\Customize Links.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=CLinks

InternetURL: C:\Documents and Settings\dd\Favorites\Links\Free Hotmail.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail

InternetURL: C:\Documents and Settings\dd\Favorites\Links\Windows Marketplace.url -> hxxp://go.microsoft.com/fwlink/?LinkId=30857&clcid=0x409

InternetURL: C:\Documents and Settings\dd\Favorites\Links\Windows Media.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windowsmedia

InternetURL: C:\Documents and Settings\dd\Favorites\Links\Windows.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windows

 

==================== End of log =============================

[pika3pika]

ohh i also used jrt before i post malware topic that's why nothing shown in there

[Valinorum]

Hi,

Please note that support for Windows XP has been terminated and you are vulnerable to security threats should to choose to use this product. Also you do not have Service Pack 3 installed. I implore you to upgrade Vista or above to keep yourself secured.

• Step #4 Uninstall Programs
  I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
  • PC Cleaner Pro
  • Java 7 Update 51 (Update it)
  • VLC media player 0.9.8a (Update it)

 

• Step #5 Fix with FRST
  Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
  • Open Notepad.exe. Do not use any other text editor software;
  • Copy and Paste the contents inside the code-box to your Notepad --
    

    Start
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:931BB48A
    C:\Documents and Settings\dd\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\dd\jagex_cl_runescape_LIVE.dat
    C:\Documents and Settings\dd\random.dat
    2014-06-12 00:40 - 2014-06-12 00:40 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Hotspot Shield
    2014-06-14 13:29 - 2013-10-04 22:41 - 00000000 ____D () C:\Documents and Settings\dd\Application Data\IObit
    File: C:\WINDOWS\System32\msiexec.exe
    C:\Documents and Settings\dd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx
    CHR HKLM\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Documents and Settings\dd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\serach.crx [2014-06-20]
    C:\Documents and Settings\dd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\serach.crx
    SearchScopes: HKLM - DefaultScope value is missing.
    HKLM\...\Run: [] => [X]
    End

  • Click on File > Save as...
    • Inside the File Name box type fixlist.txt;
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;
    • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • After the completion, a log will be produced;
  • Copy and Paste the contents of the log in your next reply.

 

• Required Log(s):
  • FRST Fix Log

Regards,
Valinorum