:OTL FF - prefs.js…browser.search.defaultenginename: “Search the web (Babylon)” FF - prefs.js…browser.search.order.1: “Search the web (Babylon)” FF - prefs.js…browser.search.selectedEngine: “Search the web (Babylon)” FF - prefs.js…browser.startup.homepage: “http://search.babylon.com/?AF=108603&babsrc=HP_ss&mntrId=342567120000000000001c6f65bda390” FF - prefs.js…keyword.URL: “http://search.babylon.com/?AF=108603&babsrc=adbartrp&mntrId=342567120000000000001c6f65bda390&q=” [2011-12-24 15:19:50 | 000,002,503 | ---- | M] () – C:\Users\admin\AppData\Roaming\Mozilla\FireFox\Profiles\xtvufx6o.default\searchplugins\SearchResults.xml [2011-12-24 15:19:50 | 000,002,503 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found O3 - HKLM…\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found O3 - HKLM…\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM…\Run: [bron-Spizaetus] C:\Windows\ShellNew\sempalong.exe () O4 - HKU\S-1-5-21-1924813152-1128105443-2640504683-1000…\Run: [Tok-Cirrhatus] C:\Users\admin\AppData\Local\smss.exe () O4 - HKU\S-1-5-21-1924813152-1128105443-2640504683-1000…\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe File not found O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif () O20 - HKLM Winlogon: Shell - (“C:\Windows\eksplorasi.exe”) - C:\Windows\eksplorasi.exe () [2012-04-09 19:03:30 | 000,012,393 | ---- | C] () – C:\Users\admin\AppData\Local\Update.12.Bron.Tok.bin [2012-04-09 18:37:44 | 000,012,393 | ---- | C] () – C:\Users\admin\AppData\Local\Bron.tok.A12.em.bin [2012-03-31 11:46:28 | 000,000,000 | —D | C] – C:\Users\admin\AppData\Local\Bron.tok-12-31 [2012-03-30 15:49:17 | 000,000,000 | —D | C] – C:\Users\admin\AppData\Local\Bron.tok-12-30 [2012-03-14 16:38:05 | 000,000,000 | —D | C] – C:\Users\admin\AppData\Local\Bron.tok-12-14 [2012-03-13 16:23:28 | 000,000,000 | —D | C] – C:\Users\admin\AppData\Local\Bron.tok-12-13 [2012-03-12 14:28:23 | 000,000,000 | —D | C] – C:\Users\admin\AppData\Local\Bron.tok-12-12 [2012-03-11 01:48:29 | 000,000,000 | —D | C] – C:\Users\admin\AppData\Local\Bron.tok-12-11 [2012-02-15 22:42:53 | 000,000,051 | ---- | C] () – C:\Users\admin\AppData\Local\Kosong.Bron.Tok.txt [2012-01-19 17:56:10 | 000,000,002 | ---- | C] () – C:\ProgramData\timerxfile [2012-01-19 17:56:10 | 000,000,001 | ---- | C] () – C:\ProgramData\varsavefile [2012-01-19 17:56:10 | 000,000,001 | ---- | C] () – C:\ProgramData\datesavefile [2012-01-19 17:56:09 | 007,987,953 | ---- | C] (CCCP Project ) – C:\Users\admin\AppData\Local\Codecs.exe [2012-01-19 17:56:09 | 000,347,136 | RHS- | C] (NirSoft) – C:\ProgramData\nircmd.exe [2012-01-19 17:56:09 | 000,347,136 | ---- | C] (NirSoft) – C:\Users\admin\AppData\Local\nircmd.exe [2012-01-19 17:56:09 | 000,004,768 | ---- | C] () – C:\Users\admin\AppData\Local\operaprefs.ini [2012-01-19 17:56:09 | 000,004,768 | ---- | C] () – C:\ProgramData\operaprefs.ini [2012-01-17 17:33:21 | 000,460,624 | ---- | C] () – C:\Users\admin\AppData\Local\promo.exe [2011-07-03 15:05:58 | 000,042,713 | ---- | C] () – C:\Users\admin\AppData\Local\winlogon.exe [2011-07-03 15:05:58 | 000,042,713 | ---- | C] () – C:\Users\admin\AppData\Local\smss.exe [2011-07-03 15:05:58 | 000,042,713 | ---- | C] () – C:\Users\admin\AppData\Local\services.exe [2011-07-03 15:05:58 | 000,042,713 | ---- | C] () – C:\Users\admin\AppData\Local\lsass.exe [2011-07-03 15:05:58 | 000,042,713 | ---- | C] () – C:\Users\admin\AppData\Local\inetinfo.exe [2011-07-03 15:05:58 | 000,042,713 | ---- | C] () – C:\Users\admin\AppData\Local\csrss.exe [2012-04-09 18:53:34 | 000,000,624 | ---- | M] () – C:\Windows\tasks\SymInstallStub.job :Commands [emptytemp]