MSIAILEI.SRC and Trojan Virus [Closed] - Virus, Spyware, Malware Removal (2024)

Here is the OTL.txt:

OTL logfile created on: 3/28/2013 11:04:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user1\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19401)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 66.94% Memory free
5.73 Gb Paging File | 4.56 Gb Available in Paging File | 79.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

========== Processes (SafeList) ==========

PRC - [2013/03/28 09:38:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user1\Downloads\OTL.exe
PRC - [2013/02/19 17:47:38 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/02/19 17:47:38 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user1\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/01/27 09:24:22 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/13 19:20:40 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/12/13 19:20:33 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/12/13 07:53:40 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/12/13 07:53:37 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/12/13 07:53:36 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/12/13 07:48:09 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/26 16:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/19 17:47:38 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/02/19 17:47:38 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2008/06/12 13:17:08 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

========== Services (SafeList) ==========

SRV - [2013/03/13 20:03:00 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/19 17:47:38 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/10 21:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/05/17 15:41:56 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/12/13 07:53:40 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/26 16:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2013/02/19 17:47:38 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/01/16 09:20:41 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/13 09:59:41 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/08 19:34:24 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/12/13 07:53:36 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/10 03:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/28 02:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/25 06:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 08:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3D454AFF-6E01-437B-90B1-2D4F2B069DE3}: "URL" = http://ph.search.yah...h_fr_005&fr=chr
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pa&d=2011-12-02 19:34:53&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rm=1&toolbar=BT
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.c...pa&d=2011-12-02 19:34:53&v=14.2.0.1&pid=avg&sg=&sap=hp"
FF - prefs.js..extensions.enabledItems: [emailprotected]:3.2.3.3
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.18.1
FF - prefs.js..keyword.URL: "http://ph.search.yah...8&&fr=ytff-&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user1\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user1\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\user1\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[emailprotected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/05 02:35:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 10:00:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/19 17:48:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 20:18:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/20 14:22:48 | 000,000,000 | ---D | M]

[2009/11/19 18:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\Extensions
[2012/10/20 15:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\5axg0byw.default\extensions
[2009/11/20 18:08:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\5axg0byw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/07 22:12:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\5axg0byw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/26 18:31:21 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\5axg0byw.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/11/26 18:31:21 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\5axg0byw.default\extensions\[emailprotected]
[2013/03/20 14:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/12 11:48:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/18 14:24:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2013/02/19 17:48:12 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.c...pa&d=2011-12-02 19:34:53&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://toolbar.avg.c...earchTerms}&o=1
CHR - homepage: http://isearch.avg.c...pa&d=2011-12-02 19:34:53&v=14.2.0.1&pid=avg&sg=&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user1\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user1\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user1\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\user1\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Troll Emoticons = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hndllphbhpadfpoikpaofkkkpkpnmjik\5.1.8_0\
CHR - Extension: Night Time In New York City = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek\1.2_0\
CHR - Extension: AVG Security Toolbar = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: Gmail = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user1\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
F3 - HKCU WinNT: Load - (C:\Users\user1\LOCALS~1\Temp\msiailei.scr) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E26D1994-3780-4DFE-9AED-5FCB34F7800F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\user1\Pictures\nba\Dwyane_Wade_21198.jpg
O24 - Desktop BackupWallPaper: C:\Users\user1\Pictures\nba\Dwyane_Wade_21198.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/14 08:55:32 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/08/05 02:03:40 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ac545c2-281b-11df-81a8-001d7277b757}\Shell\AutoRun\command - "" = F:\MAKSIMALNO///minimalno.exe
O33 - MountPoints2\{1ac545c2-281b-11df-81a8-001d7277b757}\Shell\open\command - "" = F:\MAKSIMALNO///minimalno.exe
O33 - MountPoints2\{22146e7f-154f-11df-9228-001d7277b757}\Shell\1\Command - "" = G:\Recycle.exe
O33 - MountPoints2\{22146e7f-154f-11df-9228-001d7277b757}\Shell\2\Command - "" = G:\Recycle.exe
O33 - MountPoints2\{22146e7f-154f-11df-9228-001d7277b757}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Recycle.exe
O33 - MountPoints2\{2c3d3017-a350-11de-8b4a-001d7277b757}\Shell\AutoRun\command - "" = F:\kasper/kasper32.exe
O33 - MountPoints2\{2c3d3017-a350-11de-8b4a-001d7277b757}\Shell\explore\command - "" = F:\.////////kasper/\\\\\kasper32.exe
O33 - MountPoints2\{2c3d3017-a350-11de-8b4a-001d7277b757}\Shell\open\command - "" = F:\kasper/////////kasper32.exe
O33 - MountPoints2\{4c362f38-77ec-11de-952a-001d7277b757}\Shell\auto\command - "" = Scrap
O33 - MountPoints2\{4c362f38-77ec-11de-952a-001d7277b757}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Scrap
O33 - MountPoints2\{4c362f38-77ec-11de-952a-001d7277b757}\Shell\explore\command - "" = Scrap
O33 - MountPoints2\{4c362f38-77ec-11de-952a-001d7277b757}\Shell\open\command - "" = Scrap
O33 - MountPoints2\{5f3a416a-0bdc-11df-bc8a-001d7277b757}\Shell\AutoRun\command - "" = H:\svchost.exe
O33 - MountPoints2\{725cd502-1458-11df-871c-001d7277b757}\Shell - "" = AutoRun
O33 - MountPoints2\{725cd502-1458-11df-871c-001d7277b757}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{790cc640-2b48-11df-8f0d-001d7277b757}\Shell\AutoRun\command - "" = G:\usecure/usecure32.exe
O33 - MountPoints2\{790cc640-2b48-11df-8f0d-001d7277b757}\Shell\explore\command - "" = G:\usecure/usecure32.exe
O33 - MountPoints2\{790cc640-2b48-11df-8f0d-001d7277b757}\Shell\open\command - "" = G:\usecure/usecure32.exe
O33 - MountPoints2\{a6e22e69-0a59-11df-b868-001d7277b757}\Shell\AutoRun\command - "" = bitdecoy/bitdecoy32.exe
O33 - MountPoints2\{a6e22e69-0a59-11df-b868-001d7277b757}\Shell\explore\command - "" = bitdecoy/bitdecoy32.exe
O33 - MountPoints2\{a6e22e69-0a59-11df-b868-001d7277b757}\Shell\open\command - "" = .\bitdecoy/bitdecoy32.exe
O33 - MountPoints2\{a762aee0-e51d-11de-ac60-001d7277b757}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\dirsystem.cmd
O33 - MountPoints2\{c2c29856-228a-11df-83ee-001d7277b757}\Shell - "" = AutoRun
O33 - MountPoints2\{c2c29856-228a-11df-83ee-001d7277b757}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d1f02a2b-b9fc-11de-896a-001d7277b757}\Shell\AutoRun\command - "" = k1d.exe
O33 - MountPoints2\{d1f02a2b-b9fc-11de-896a-001d7277b757}\Shell\open\Command - "" = k1d.exe
O33 - MountPoints2\{d98baa68-b929-11de-b715-001d7277b757}\Shell - "" = AutoRun
O33 - MountPoints2\{d98baa68-b929-11de-b715-001d7277b757}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{da77ce07-0d63-11df-969c-001d7277b757}\Shell\AutoRun\command - "" = F:\kasper/kasper32.exe
O33 - MountPoints2\{da77ce07-0d63-11df-969c-001d7277b757}\Shell\explore\command - "" = F:\.////////kasper/\\\\\kasper32.exe
O33 - MountPoints2\{da77ce07-0d63-11df-969c-001d7277b757}\Shell\open\command - "" = F:\kasper/////////kasper32.exe
O33 - MountPoints2\{dae8c2b8-5c5b-11de-93e6-001d7277b757}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL LAQig.eXe
O33 - MountPoints2\{e4a6b499-b222-11de-b88e-001d7277b757}\Shell\AutoRun\command - "" = ucure/ucure32.exe
O33 - MountPoints2\{e4a6b499-b222-11de-b88e-001d7277b757}\Shell\explore\command - "" = ucure/ucure32.exe
O33 - MountPoints2\{e4a6b499-b222-11de-b88e-001d7277b757}\Shell\open\command - "" = ucure/ucure32.exe
O33 - MountPoints2\{e8279ed4-6590-11de-b3bd-001d7277b757}\Shell\AuTopLaY\cOmmAnD - "" = I:\xmagx.pif
O33 - MountPoints2\{e8279ed4-6590-11de-b3bd-001d7277b757}\Shell\AutoRun\command - "" = I:\xmagx.pif
O33 - MountPoints2\{e8279ed4-6590-11de-b3bd-001d7277b757}\Shell\EXpLorE\CoMmAnD - "" = I:\xmagx.pif
O33 - MountPoints2\{e8279ed4-6590-11de-b3bd-001d7277b757}\Shell\opeN\ComMaND - "" = I:\xmagx.pif
O33 - MountPoints2\{e8279ed9-6590-11de-b3bd-001d7277b757}\Shell - "" = AutoRun
O33 - MountPoints2\{e8279ed9-6590-11de-b3bd-001d7277b757}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{fc900ec8-df15-11de-95d8-001d7277b757}\Shell - "" = AutoRun
O33 - MountPoints2\{fc900ec8-df15-11de-95d8-001d7277b757}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fc900ed4-df15-11de-95d8-001d7277b757}\Shell - "" = AutoRun
O33 - MountPoints2\{fc900ed4-df15-11de-95d8-001d7277b757}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/28 09:12:45 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Roaming\Malwarebytes
[2013/03/28 09:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/28 09:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/28 09:12:34 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/03/28 09:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/03/14 03:07:18 | 000,000,000 | ---D | C] -- C:\04df8eaf191cfaf31908aceb4d
[2013/03/13 22:50:07 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/13 09:45:03 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/13 09:45:03 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/03/13 09:45:02 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/13 09:45:02 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/03/13 09:45:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/03/13 09:45:02 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/03/13 09:45:02 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/03/13 09:45:01 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/13 09:45:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/03/13 09:44:56 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/03/13 09:44:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/03/13 09:44:55 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/03/13 09:44:55 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/03/13 09:44:54 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/13 09:44:53 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/03/13 09:44:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/13 09:44:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/13 09:44:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/11 09:03:00 | 027,215,683 | ---- | C] (Computers and Structures, Inc.) -- C:\Users\user1\Desktop\CSI ETABS 9.7 Portable.exe
[2013/03/11 08:45:21 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/11 08:44:44 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/03/11 08:44:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/11 08:44:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/03/09 18:48:20 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\Xenocode
[2013/03/04 12:07:31 | 000,000,000 | ---D | C] -- C:\FRST
[2013/03/02 15:11:58 | 000,000,000 | ---D | C] -- C:\TEMP
[2013/03/02 12:43:41 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Roaming\{C64C782F-F116-458F-971F-3CFEC4CD44CF}
[2013/02/28 19:54:02 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Roaming\{35DE4F28-A4BE-4F10-A49C-975D40B597D0}
[2013/02/28 19:53:05 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Roaming\{E0F63152-C24E-4A21-83E2-41B815A52919}
[2013/02/28 17:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/02/28 17:52:40 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

========== Files - Modified Within 30 Days ==========

[2013/03/28 11:00:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/28 10:41:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3340730019-3293077109-2200735973-1000UA.job
[2013/03/28 10:08:25 | 000,401,540 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/03/28 10:05:20 | 000,401,540 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/03/28 10:05:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/28 10:05:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/28 10:04:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/28 10:04:36 | 2951,073,792 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/28 09:53:48 | 114,850,794 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2013/03/28 09:12:38 | 000,000,890 | ---- | M] () -- C:\Users\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/03/27 19:41:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3340730019-3293077109-2200735973-1000Core.job
[2013/03/27 16:39:28 | 000,097,298 | ---- | M] () -- C:\Users\user1\Desktop\Untitled.jpg
[2013/03/26 13:08:58 | 000,655,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/26 13:08:58 | 000,137,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/23 23:57:22 | 000,206,848 | ---- | M] () -- C:\Users\user1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/14 21:26:27 | 000,000,114 | ---- | M] () -- C:\Windows\System32\prsgrc.tgz
[2013/03/14 21:26:26 | 000,000,218 | ---- | M] () -- C:\Windows\System32\svat0iq.tgz
[2013/03/14 21:26:26 | 000,000,204 | ---- | M] () -- C:\Windows\System32\svat0iq.dll
[2013/03/14 21:26:26 | 000,000,100 | ---- | M] () -- C:\Windows\System32\prsgrc.dll
[2013/03/14 00:52:56 | 000,002,084 | ---- | M] () -- C:\Users\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/14 00:52:56 | 000,002,082 | ---- | M] () -- C:\Users\user1\Desktop\Google Chrome.lnk
[2013/03/13 20:02:51 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/13 20:02:51 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/11 08:44:30 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/03/11 08:44:29 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/11 08:44:29 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/11 08:44:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/03/11 08:44:27 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/03/11 08:44:27 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/03/05 18:21:45 | 000,008,523 | -H-- | M] () -- C:\Users\user1\Documents\acaddoc.lsp
[2013/02/28 10:49:23 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files Created - No Company Name ==========

[2013/03/28 09:12:38 | 000,000,890 | ---- | C] () -- C:\Users\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/03/27 16:39:27 | 000,097,298 | ---- | C] () -- C:\Users\user1\Desktop\Untitled.jpg
[2013/03/05 18:21:45 | 000,008,523 | -H-- | C] () -- C:\Users\user1\Documents\acaddoc.lsp
[2013/02/28 17:52:42 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/08/18 11:10:33 | 000,144,540 | ---- | C] () -- C:\Windows\hpwins16.dat
[2011/05/12 13:42:31 | 000,000,327 | ---- | C] () -- C:\Windows\SAFEv8.ini
[2011/05/12 13:37:29 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\u3rpij6.dll
[2011/05/12 13:37:28 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\hpdlnno.dll
[2011/05/12 13:37:28 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\fdcuoct.dll
[2011/05/12 13:37:26 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\hycc0i8.dll
[2011/05/12 13:37:23 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\l0ebt1m.dll
[2011/05/12 13:37:19 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\ls3v6ks.dll
[2011/05/12 13:00:21 | 000,000,271 | ---- | C] () -- C:\Windows\ETABS.ini
[2011/04/17 09:29:52 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2011/04/16 14:24:44 | 000,026,840 | ---- | C] () -- C:\Users\user1\AppData\Roaming\UserTile.png
[2010/12/20 12:47:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/03 07:21:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/08 16:40:01 | 000,197,632 | ---- | C] () -- C:\Program Files\patchw32.dll
[2009/10/08 16:40:01 | 000,168,029 | ---- | C] () -- C:\Program Files\std2004patch.exe
[2009/08/25 06:06:34 | 000,000,680 | ---- | C] () -- C:\Users\user1\AppData\Local\d3d9caps.dat
[2008/11/14 22:56:38 | 000,002,060 | ---- | C] () -- C:\Users\user1\AppData\Roaming\wklnhst.dat
[2008/11/12 21:56:03 | 000,401,540 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/11/12 21:55:01 | 000,401,540 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/11/12 20:23:18 | 000,206,848 | ---- | C] () -- C:\Users\user1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 20:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 14:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 14:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:679ABA25
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1

< End of report >

MSIAILEI.SRC and Trojan Virus [Closed] - Virus, Spyware, Malware Removal (2024)

FAQs

Can trojan virus be removed by Windows Defender? ›

To make sure that you detect all possible Trojan infections, in addition to at least two virus scanners on a Windows computer, it's also recommended to run a full scan with Windows Defender Offline. This can help to detect and remove particularly stubborn Trojans using the latest threat definitions.

Learn More ›

How to remove trojan agent virus? ›

Removing Trojans Pretending To Be Programs

Click Apps. Go to Apps & Features. Click the name of the Trojan program. Select Uninstall.

View Details ›

What is a Trojan horse spyware and computer viruses are all examples of? ›

Malware, or malicious software, is any program or file that's intentionally harmful to a computer, network or server. Types of malware include computer viruses, worms, Trojan horses, ransomware and spyware.

Keep Reading ›

What are viruses spyware Trojan horses known as types of? ›

1. Different Virus Expressions

Virus. A computer virus is a piece of software that can 'infect' a computer, install itself and copy itself to other computers, without the users knowledge or permission. ...
Malware. Malware is short for malicious software. ...
Trojan horse. ...
Worm. ...
Spyware. ...
Adware.

Discover More ›

Will resetting a PC remove Trojan? ›

It's the nuclear option, but it works, except in some very rare cases. Each year, viruses become more sophisticated, and cybercriminals are finding new ways to infect unsuspecting devices. So, you may encounter trojans and rootkits that can survive a factory reset, but it's relatively rare.

Read On ›

How to get rid of a Trojan virus for free? ›

The best way to clean up a Trojan infection is to use Malwarebytes' free trojan scanner, and then consider Malwarebytes Premium for proactive protection against future Trojan infections. Malwarebytes Premium will initiate a scan for Trojans and then remove Trojans so they can't cause further damage.

Get More Info Here ›

What is the best app to get rid of Trojan virus? ›

Bitdefender is the best antivirus for Trojan detection and removal. It has a well-rounded security system to protect your device from Trojan malware.

Discover More Details ›

How to get rid of Trojan spyware? ›

Often, closing your browser or deleting a suspicious app should be enough to resolve the problem. And if this doesn't work, you may need to run an antivirus scan to detect and remove the threat. Overall, it's important to use reputable antivirus software to help you avoid malware.

Learn More ›

What to do if your computer has a Trojan virus? ›

Unfortunately your other choices are limited, but the following steps may help save your computer and your files.

Call IT support. ...
Disconnect your computer from the Internet. ...
Back up your important files. ...
Scan your machine. ...
Reinstall your operating system. ...
Restore your files. ...
Protect your computer.

Know More ›

What is a logical bomb? ›

A logic bomb is a type of malicious code embedded in software that remains dormant until specific conditions are met. When triggered, a logic bomb virus executes a destructive action, such as deleting files or disrupting critical systems.

Find Out More ›

What is a Trojan backdoor? ›

A backdoor Trojan gives malicious users remote control over the infected computer. They enable the author to do anything they wish on the infected computer - including sending, receiving, launching, and deleting files, displaying data, and rebooting the computer.

Get More Info ›

What are the four 4 examples of Trojan horses virus? ›

Here are some of the most common types.

Downloader Trojan. A downloader trojan downloads and deploy other malicious code, such as rootkits, ransomware or keyloggers. ...
Backdoor Trojan. ...
Spyware. ...
Rootkit Trojans. ...
DDoS Attack Trojan (Botnet) ...
Zeus. ...
ILOVEYOU. ...
Cryptolocker.

More items...

Find Out More ›

Can a Trojan virus be removed? ›

You can remove some Trojans by disabling startup items on your computer which don't come from trusted sources. For the best results, first reboot your device into safe mode so that the virus can't stop you from removing it.

Find Out More ›

What type of malware is disguised as legitimate code? ›

Trojans. A Trojan (or Trojan Horse) disguises itself as legitimate software to trick you into executing malicious software on your computer. Because it looks trustworthy, users download it, inadvertently allowing malware onto their device. Trojans themselves are a doorway.

Explore More ›

Is Windows Defender good at removing viruses? ›

Microsoft Defender Antivirus is a powerful tool that finds and removes malware from your PC.

Know More ›

Can malware get past Windows Defender? ›

Yes, malware can hide itself and antivirus and other protection programs may not catch it. Check out this undetected malware map.

Discover More ›

Can Trojans hide from antivirus? ›

Rootkit technologies – that are generally employed by Trojans – can intercept and substitute system functions to make the infected file invisible to the operating system and antivirus programs. Sometimes even the registry branches – where the Trojan is registered – and other system files are hidden.

Learn More Now ›

Do I need antivirus software if I have Windows Defender? ›

Do you need additional antivirus software? With built-in coverage, you may wonder if you should invest in paid antivirus software. The answer is, of course, yes! It can be a good idea to get another antivirus solution because blocking malware and viruses should just be one part of your threat protection.

See Details ›