Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-01-2015 Ran by Admin at 2015-01-31 15:10:41 Run:1 Running from F:\mozilla Loaded Profiles: Admin (Available profiles: Admin) Boot Mode: Safe Mode (with Networking) ============================================== Content of fixlist: ***************** CloseProcesses: (Microsoft Corporation) C:\Windows\explorer.exe HKLM\...\Run: [Bron-Spizaetus] => C:\WINDOWS\ShellNew\sempalong.exe [42713 2008-07-25] () HKLM\...\Winlogon: [Shell] Explorer.exe "C:\WINDOWS\eksplorasi.exe" [x ] () HKU\S-1-5-21-1935655697-2147138623-1417001333-1003\...\Run: [Tok-Cirrhatus] => C:\Documents and Settings\Admin\Local Settings\Application Data\smss.exe [42713 2008-07-25] () HKU\S-1-5-21-1935655697-2147138623-1417001333-1003\...\Policies\system: [DisableRegistryTools] 1 HKU\S-1-5-21-1935655697-2147138623-1417001333-1003\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-1935655697-2147138623-1417001333-1003\...\Policies\Explorer: [NoFolderOptions] 1 HKU\S-1-5-21-1935655697-2147138623-1417001333-1003\...\MountPoints2: {108a1d78-248a-11e4-a71f-0025d36e48a4} - G:\autorun.exe HKU\S-1-5-18\...\Run: [Tok-Cirrhatus] => C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe [42713 2008-07-25] () HKU\S-1-5-18\...\Policies\system: [DisableRegistryTools] 1 HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 1 SecurityProviders: schannel.dll, credssp.dll, digest.dll Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Empty.pif () Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MS .NET Framework 4 - WinXP Slow Boot Fix v3.1.vbs () Startup: C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup\Empty.pif () Task: C:\WINDOWS\Tasks\At1.job => ? HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1935655697-2147138623-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\Documents and Settings\All Users\Application Data\APN C:\Documents and Settings\Admin\Application Data\EurekaLog C:\Documents and Settings\Admin\Local Settings\Application Data\*.bat C:\Documents and Settings\Admin\Local Settings\Application Data\*.bin C:\Documents and Settings\Admin\Local Settings\Application Data\*.exe C:\Documents and Settings\Admin\Local Settings\Application Data\*.txt C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.bat C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.bin C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.exe C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.txt C:\WINDOWS\eksplorasi.exe C:\WINDOWS\ShellNew\sempalong.exe C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension CMD: for /d %f in ("C:\Documents and Settings\Admin\Local Settings\Application Data\*Bron*") do rd /s /q "%f" CMD: for /d %f in ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\*Bron*") do rd /s /q "%f" Hosts: EmptyTemp: ***************** Processes closed successfully. C:\Windows\explorer.exe => No running process found HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Bron-Spizaetus => value deleted successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully. HKU\S-1-5-21-1935655697-2147138623-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus => value deleted successfully. HKU\S-1-5-21-1935655697-2147138623-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => value deleted successfully. HKU\S-1-5-21-1935655697-2147138623-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value deleted successfully. HKU\S-1-5-21-1935655697-2147138623-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully. "HKU\S-1-5-21-1935655697-2147138623-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{108a1d78-248a-11e4-a71f-0025d36e48a4}" => Key deleted successfully. HKCR\CLSID\{108a1d78-248a-11e4-a71f-0025d36e48a4} => Key not found. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus => value deleted successfully. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => value deleted successfully. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value deleted successfully. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully. HKLM\System\CurrentControlSet\Control\SecurityProviders\\SecurityProviders => Value was restored successfully. C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Empty.pif => Moved successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MS .NET Framework 4 - WinXP Slow Boot Fix v3.1.vbs => Moved successfully. C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup\Empty.pif => Moved successfully. C:\WINDOWS\Tasks\At1.job => Moved successfully. "HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-1935655697-2147138623-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => value deleted successfully. C:\Documents and Settings\All Users\Application Data\APN => Moved successfully. C:\Documents and Settings\Admin\Application Data\EurekaLog => Moved successfully. C:\Documents and Settings\Admin\Local Settings\Application Data\*.bat => Moved successfully. C:\Documents and Settings\Admin\Local Settings\Application Data\*.bin => Moved successfully. C:\Documents and Settings\Admin\Local Settings\Application Data\*.exe => Moved successfully. C:\Documents and Settings\Admin\Local Settings\Application Data\*.txt => Moved successfully. "C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.bat" => File/Directory not found. C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.bin => Moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.exe => Moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.txt => Moved successfully. C:\WINDOWS\eksplorasi.exe => Moved successfully. C:\WINDOWS\ShellNew\sempalong.exe => Moved successfully. C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. ========= for /d %f in ("C:\Documents and Settings\Admin\Local Settings\Application Data\*Bron*") do rd /s /q "%f" ========= ========= End of CMD: ========= ========= for /d %f in ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\*Bron*") do rd /s /q "%f" ========= ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 1.8 GB temporary data. The system needed a reboot. ==== End of Fixlog 15:12:25 ====