API tools faq
paste
Advertisement
missing_love

eror

missing_love
Oct 31st, 2014
144
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 62.48 KB | None | 0 0
raw download clone embed print report
  1. OTL logfile created on: 10/31/2014 10:38:25 PM - Run 1
  2. OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Reza Arta Bagaskoro\Downloads
  3. Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
  4. Internet Explorer (Version = 8.0.7600.16385)
  5. Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
  6.  
  7. 2.93 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 48.67% Memory free
  8. 5.86 Gb Paging File | 4.06 Gb Available in Paging File | 69.24% Paging File free
  9. Paging file location(s): ?:\pagefile.sys [binary data]
  10.  
  11. %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
  12. Drive C: | 172.69 Gb Total Space | 69.31 Gb Free Space | 40.14% Space Free | Partition Type: NTFS
  13. Drive E: | 466.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
  14. Drive G: | 146.48 Gb Total Space | 124.06 Gb Free Space | 84.69% Space Free | Partition Type: NTFS
  15. Drive H: | 146.48 Gb Total Space | 58.27 Gb Free Space | 39.78% Space Free | Partition Type: NTFS
  16.  
  17. Computer Name: COMPAQPRESARIO | User Name: Reza Arta Bagaskoro | Logged in as Administrator.
  18. Boot Mode: Normal | Scan Mode: Current user
  19. Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
  20.  
  21. [color=#E56717]========== Processes (SafeList) ==========[/color]
  22.  
  23. PRC - [2014/10/31 22:36:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Reza Arta Bagaskoro\Downloads\OTL.exe
  24. PRC - [2014/10/31 14:18:36 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
  25. PRC - [2014/10/31 11:15:09 | 000,793,584 | ---- | M] (Baidu Inc.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
  26. PRC - [2014/10/17 18:17:44 | 000,208,928 | ---- | M] (Baidu, Inc.) -- C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\bassvc.exe
  27. PRC - [2014/10/17 18:17:42 | 002,183,200 | ---- | M] (Baidu, Inc.) -- C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\bas_helper.exe
  28. PRC - [2014/10/13 16:28:33 | 001,355,456 | ---- | M] (Baidu.com, Inc.) -- C:\Program Files\baidu\Spark\sparkupdate.exe
  29. PRC - [2014/10/13 16:28:33 | 000,080,576 | ---- | M] (Baidu Inc.) -- C:\Program Files\baidu\Spark\sparkservice.exe
  30. PRC - [2014/10/08 12:28:40 | 001,443,008 | ---- | M] (Baidu Inc.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe
  31. PRC - [2014/09/22 15:19:46 | 000,571,424 | ---- | M] (Baidu Inc.) -- C:\Program Files\PC App Store\4.9.1.7303\PCAppStoreSvc.exe
  32. PRC - [2014/09/20 20:24:04 | 001,870,000 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
  33. PRC - [2014/06/16 20:07:10 | 001,704,296 | ---- | M] (Baidu, Inc.) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe
  34. PRC - [2014/06/16 20:07:06 | 000,481,432 | ---- | M] (Baidu, Inc.) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BHipsSvc.exe
  35. PRC - [2014/06/16 20:07:00 | 002,038,248 | ---- | M] (Baidu, Inc.) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavSvc.exe
  36. PRC - [2014/02/07 19:14:28 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
  37. PRC - [2014/02/07 19:14:22 | 001,564,992 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
  38. PRC - [2014/02/05 00:10:32 | 000,107,520 | ---- | M] () -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
  39. PRC - [2013/05/21 12:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
  40. PRC - [2013/05/19 00:10:16 | 001,568,768 | ---- | M] (Smadsoft) -- C:\Program Files\Smadav\SMΔRTP.exe
  41. PRC - [2013/05/08 11:35:45 | 001,398,680 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
  42. PRC - [2013/02/26 10:26:03 | 003,565,432 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
  43. PRC - [2012/10/23 16:25:06 | 002,744,960 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
  44. PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
  45. PRC - [2012/06/28 23:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
  46. PRC - [2011/12/20 10:53:16 | 000,267,776 | ---- | M] () -- C:\Program Files\Smartfren Connex CE682 UI\HEject.exe
  47. PRC - [2011/11/28 20:47:42 | 002,589,832 | ---- | M] () -- C:\Program Files\Hear\Hear.exe
  48. PRC - [2011/10/29 06:41:24 | 000,512,000 | ---- | M] () -- C:\Program Files\PROLiNK PCM100 UI\bin\MonServiceUDisk.exe
  49. PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
  50. PRC - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
  51. PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
  52. PRC - [2009/07/14 09:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
  53. PRC - [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
  54.  
  55.  
  56. [color=#E56717]========== Modules (No Company Name) ==========[/color]
  57.  
  58. MOD - [2014/10/31 15:52:21 | 000,923,136 | ---- | M] () -- C:\Users\Reza Arta Bagaskoro\AppData\Local\YVPack\AmR.dll
  59. MOD - [2014/10/31 14:18:32 | 003,649,648 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
  60. MOD - [2014/10/19 23:39:12 | 000,888,832 | ---- | M] () -- C:\Users\Reza Arta Bagaskoro\AppData\Local\Imsoft\ep0lvr1r.dll
  61. MOD - [2014/10/19 23:21:59 | 001,828,352 | ---- | M] () -- C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
  62. MOD - [2014/10/19 23:21:52 | 002,416,128 | ---- | M] () -- C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
  63. MOD - [2014/10/17 18:18:14 | 000,141,856 | ---- | M] () -- C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\zlib1.dll
  64. MOD - [2014/10/17 18:18:06 | 002,257,952 | ---- | M] () -- C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\skiax.dll
  65. MOD - [2014/10/13 16:28:31 | 001,005,248 | ---- | M] () -- C:\Program Files\baidu\Spark\bdxui.dll
  66. MOD - [2014/09/20 20:24:04 | 016,825,520 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_15_0_0_152.dll
  67. MOD - [2014/02/07 19:12:58 | 014,950,400 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
  68. MOD - [2014/02/07 19:12:44 | 000,594,944 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
  69. MOD - [2014/02/07 19:12:42 | 000,036,864 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
  70. MOD - [2014/02/07 19:12:20 | 000,023,040 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
  71. MOD - [2014/02/07 16:34:00 | 000,057,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
  72. MOD - [2013/05/19 00:10:16 | 001,568,768 | ---- | M] () -- C:\Program Files\Smadav\SM?RTP.exe
  73. MOD - [2012/11/17 16:30:01 | 000,107,520 | ---- | M] () -- C:\Program Files\DAEMON Tools Pro\BRD.dll
  74. MOD - [2012/05/30 22:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Internet Security\Engine\20.5.0.28\wincfi39.dll
  75. MOD - [2011/11/28 20:47:42 | 002,589,832 | ---- | M] () -- C:\Program Files\Hear\Hear.exe
  76. MOD - [2009/07/14 12:43:48 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1762137638019a091020b3baf52f6de3\System.Core.ni.dll
  77. MOD - [2009/07/14 12:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
  78. MOD - [2009/07/14 12:43:20 | 014,318,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\68e5eeb3c6ef18ba2dc1ad70eb74aeee\PresentationFramework.ni.dll
  79. MOD - [2009/07/14 12:43:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e71959f4ec6eb386889050ac139835c7\System.ServiceProcess.ni.dll
  80. MOD - [2009/07/14 12:42:55 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b459c5815af8123e4bf30d4e05bba65\PresentationCore.ni.dll
  81. MOD - [2009/07/14 12:42:45 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll
  82. MOD - [2009/07/14 12:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
  83. MOD - [2009/07/14 12:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
  84. MOD - [2009/07/14 12:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
  85. MOD - [2009/07/14 12:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
  86.  
  87.  
  88. [color=#E56717]========== Services (SafeList) ==========[/color]
  89.  
  90. SRV - [2014/10/31 14:18:32 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
  91. SRV - [2014/10/31 11:15:09 | 000,793,584 | ---- | M] (Baidu Inc.) [Auto | Running] -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe -- (PCFasterSvc_{PCFaster_4.0.0.0})
  92. SRV - [2014/10/17 18:17:44 | 000,208,928 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Program Files\Baidu Security\MoboMarket\1.2.8.3351\bassvc.exe -- (BASSVC)
  93. SRV - [2014/10/13 16:28:33 | 000,080,576 | ---- | M] (Baidu Inc.) [Auto | Running] -- C:\Program Files\baidu\Spark\sparkservice.exe -- (SparkSvc)
  94. SRV - [2014/10/12 14:40:40 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
  95. SRV - [2014/09/22 15:19:46 | 000,571,424 | ---- | M] (Baidu Inc.) [Auto | Running] -- C:\Program Files\PC App Store\4.9.1.7303\PCAppStoreSvc.exe -- (PCAppStoreSvc_{PCAppStore_4.9.1.7303})
  96. SRV - [2014/08/29 20:20:29 | 001,350,848 | ---- | M] (Baidu.com, Inc.) [On_Demand | Stopped] -- C:\Program Files\baidu\SparkUpdate\Sparkupdate.exe -- (SparkUpdater)
  97. SRV - [2014/06/16 20:07:06 | 000,481,432 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BHipsSvc.exe -- (BHipsSvc)
  98. SRV - [2014/06/16 20:07:00 | 002,038,248 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavSvc.exe -- (BAVSvc)
  99. SRV - [2014/02/05 00:10:32 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
  100. SRV - [2014/01/07 16:37:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
  101. SRV - [2013/12/20 11:24:44 | 000,574,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
  102. SRV - [2013/05/21 12:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe -- (NIS)
  103. SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
  104. SRV - [2011/12/20 10:53:16 | 000,267,776 | ---- | M] () [Auto | Running] -- C:\Program Files\Smartfren Connex CE682 UI\HEject.exe -- (CDROM_Eject_H)
  105. SRV - [2011/10/29 06:41:24 | 000,512,000 | ---- | M] () [Auto | Running] -- C:\Program Files\PROLiNK PCM100 UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)
  106. SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
  107. SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
  108. SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
  109. SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
  110. SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
  111.  
  112.  
  113. [color=#E56717]========== Driver Services (SafeList) ==========[/color]
  114.  
  115. DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
  116. DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
  117. DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbwwan.sys -- (ewusbmbb)
  118. DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\BHipsEx.sys -- (BHipsEx)
  119. DRV - [2014/08/27 19:16:50 | 000,111,424 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\BProtectEx.sys -- (BprotectEx)
  120. DRV - [2014/06/30 19:33:40 | 000,119,168 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys -- (PCFApiUtil)
  121. DRV - [2014/06/16 20:08:17 | 000,121,184 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BdApiUtil.sys -- (BdApiUtil)
  122. DRV - [2014/06/16 20:08:16 | 000,094,976 | ---- | M] (Baidu, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Bhbase.sys -- (Bhbase)
  123. DRV - [2014/06/13 18:03:37 | 000,157,504 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Bprotect.sys -- (Bprotect)
  124. DRV - [2014/05/27 14:19:38 | 000,070,496 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\bnbasex.sys -- (Bnbase)
  125. DRV - [2014/05/27 14:19:38 | 000,051,584 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\bndef.sys -- (Bndef)
  126. DRV - [2014/05/27 14:19:38 | 000,048,448 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\Bfilter.sys -- (Bfilter)
  127. DRV - [2014/05/27 14:19:38 | 000,029,504 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\Bfmon.sys -- (Bfmon)
  128. DRV - [2014/05/27 14:19:38 | 000,021,152 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BdCameraProtect.sys -- (BdCameraProtect)
  129. DRV - [2013/11/12 18:59:10 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20131118.002\NAVEX15.SYS -- (NAVEX15)
  130. DRV - [2013/11/12 18:59:10 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20131118.002\NAVENG.SYS -- (NAVENG)
  131. DRV - [2013/11/11 01:56:40 | 000,393,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20131115.001\IDSvix86.sys -- (IDSVix86)
  132. DRV - [2013/10/23 07:11:14 | 001,096,280 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20131101.003\BHDrvx86.sys -- (BHDrvx86)
  133. DRV - [2013/09/07 02:34:16 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
  134. DRV - [2013/06/23 19:58:35 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
  135. DRV - [2013/05/23 13:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1405000.01C\symefa.sys -- (SymEFA)
  136. DRV - [2013/05/21 13:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1405000.01C\symds.sys -- (SymDS)
  137. DRV - [2013/05/19 08:14:30 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
  138. DRV - [2013/05/19 07:15:11 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
  139. DRV - [2013/05/16 13:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1405000.01C\srtsp.sys -- (SRTSP)
  140. DRV - [2013/04/25 08:43:56 | 000,339,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1405000.01C\symnets.sys -- (SymNetS)
  141. DRV - [2013/04/16 10:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1405000.01C\ccsetx86.sys -- (ccSet_NIS)
  142. DRV - [2013/03/05 09:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1405000.01C\ironx86.sys -- (SymIRON)
  143. DRV - [2013/03/05 09:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1405000.01C\srtspx.sys -- (SRTSPX)
  144. DRV - [2012/11/22 08:43:14 | 000,100,216 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
  145. DRV - [2011/11/07 16:18:14 | 000,039,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ren2cap.sys -- (REN2CAP_DRIVER)
  146. DRV - [2011/09/03 06:48:58 | 000,105,344 | ---- | M] (Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT_U_USBSER.sys -- (qcusbserialser)
  147. DRV - [2011/04/04 16:47:40 | 000,021,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_MODEM_H.sys -- (UsbModemDriver)
  148. DRV - [2010/03/15 23:44:46 | 000,127,488 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
  149. DRV - [2009/11/05 03:50:50 | 000,038,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_BusEnum_H.sys -- (USB_BusEnum_H)
  150. DRV - [2009/10/27 00:45:06 | 000,030,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_WinMux_H.sys -- (USB_WinMux_H)
  151. DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
  152. DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
  153. DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
  154. DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
  155. DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
  156. DRV - [2009/07/14 06:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
  157. DRV - [2009/07/14 06:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
  158. DRV - [2008/05/28 23:02:08 | 000,016,128 | ---- | M] (Via Telecom, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_ETS_H.sys -- (USB_ETS_H)
  159.  
  160.  
  161. [color=#E56717]========== Standard Registry (All) ==========[/color]
  162.  
  163.  
  164. [color=#E56717]========== Internet Explorer ==========[/color]
  165.  
  166. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  167. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  168. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
  169. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
  170. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
  171. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  172. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
  173. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  174. IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  175. IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  176.  
  177. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
  178. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
  179. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://plasa.msn.com/?rd=1&ucc=ID&dcc=ID&opt=0&ocid=iehp
  180. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
  181. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 95 92 39 2A 4B CE 01 [binary data]
  182. IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
  183. IE - HKCU\..\SearchScopes,DefaultScope = {1EBF08D6-053E-41CC-8D91-5E69FEDD5A05}
  184. IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
  185. IE - HKCU\..\SearchScopes\{1EBF08D6-053E-41CC-8D91-5E69FEDD5A05}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
  186. IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
  187. IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=sb&qsrc=2869
  188. IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  189. IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
  190.  
  191. [color=#E56717]========== FireFox ==========[/color]
  192.  
  193. FF - prefs.js..browser.search.useDBForOrder: true
  194. FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
  195. FF - prefs.js..extensions.enabledAddons: addon%40defaulttab.com:2.4
  196. FF - prefs.js..extensions.enabledAddons: %7B03D1C0DF-3E82-79B7-114C-34947EBFAB6F%7D:5.0.6
  197. FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0.2
  198. FF - prefs.js..network.proxy.backup.ftp: "202.43.188.9"
  199. FF - prefs.js..network.proxy.backup.ftp_port: 8080
  200. FF - prefs.js..network.proxy.backup.socks: "202.43.188.9"
  201. FF - prefs.js..network.proxy.backup.socks_port: 8080
  202. FF - prefs.js..network.proxy.backup.ssl: "202.43.188.9"
  203. FF - prefs.js..network.proxy.backup.ssl_port: 8080
  204. FF - prefs.js..network.proxy.ftp: "116.12.47.2"
  205. FF - prefs.js..network.proxy.ftp_port: 8080
  206. FF - prefs.js..network.proxy.http: "116.12.47.2"
  207. FF - prefs.js..network.proxy.http_port: 8080
  208. FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1 google.com"
  209. FF - prefs.js..network.proxy.share_proxy_settings: true
  210. FF - prefs.js..network.proxy.socks: "116.12.47.2"
  211. FF - prefs.js..network.proxy.socks_port: 8080
  212. FF - prefs.js..network.proxy.ssl: "116.12.47.2"
  213. FF - prefs.js..network.proxy.ssl_port: 8080
  214. FF - prefs.js..network.proxy.type: 1
  215. FF - user.js - File not found
  216.  
  217. FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
  218. FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
  219. FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
  220. FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
  221. FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
  222. FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
  223. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
  224. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
  225. FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
  226. FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
  227.  
  228. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\coFFPlgn\ [2014/10/31 22:26:02 | 000,000,000 | ---D | M]
  229. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\IPSFF [2013/10/14 20:14:32 | 000,000,000 | ---D | M]
  230. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
  231. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
  232. FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Reza Arta Bagaskoro\AppData\Roaming\IDM\idmmzcc5 [2013/05/22 09:02:15 | 000,000,000 | ---D | M]
  233. FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Reza Arta Bagaskoro\AppData\Roaming\IDM\idmmzcc5 [2013/05/22 09:02:15 | 000,000,000 | ---D | M]
  234.  
  235. [2013/06/23 22:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Mozilla\Extensions
  236. [2014/10/19 23:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Mozilla\Firefox\Profiles\ysv2zsqy.default\extensions
  237. [2014/10/19 23:39:00 | 000,000,000 | ---D | M] (Setup Controller 12) -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Mozilla\Firefox\Profiles\ysv2zsqy.default\extensions\{03D1C0DF-3E82-79B7-114C-34947EBFAB6F}
  238. [2014/05/10 15:27:17 | 000,050,921 | ---- | M] () (No name found) -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Mozilla\Firefox\Profiles\ysv2zsqy.default\extensions\addon@defaulttab.com.xpi
  239. [2014/10/31 18:15:25 | 000,002,062 | ---- | M] () -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Mozilla\Firefox\Profiles\ysv2zsqy.default\searchplugins\search-here.xml
  240. [2014/10/31 14:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
  241. [2014/10/31 14:18:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
  242.  
  243. [color=#E56717]========== Chrome ==========[/color]
  244.  
  245. CHR - default_search_provider: (Enabled)
  246. CHR - default_search_provider: search_url =
  247. CHR - default_search_provider: suggest_url =
  248. CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
  249. CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
  250. CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
  251. CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll
  252. CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
  253. CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
  254. CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
  255. CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
  256. CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
  257. CHR - Extension: Setup Controller 12 = C:\Users\Reza Arta Bagaskoro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\5.0.6\
  258. CHR - Extension: No name found = C:\Users\Reza Arta Bagaskoro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
  259. CHR - Extension: No name found = C:\Users\Reza Arta Bagaskoro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
  260. CHR - Extension: No name found = C:\Users\Reza Arta Bagaskoro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc\2013.4.13.7_0\
  261. CHR - Extension: No name found = C:\Users\Reza Arta Bagaskoro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
  262. CHR - Extension: No name found = C:\Users\Reza Arta Bagaskoro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cibagbkdcmlkilneaijeehhjalmkcnnk\1\
  263. CHR - Extension: No name found = C:\Users\Reza Arta Bagaskoro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0\
  264. CHR - Extension: No name found = C:\Users\Reza Arta Bagaskoro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
  265. CHR - Extension: No name found = C:\Users\Reza Arta Bagaskoro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlifncbnjghnohhcppiabjdankjmaopn\1\
  266. CHR - Extension: No name found = C:\Users\Reza Arta Bagaskoro\AppData\Local\Google\Chrome\User Data\Default\Extensions\eippemmglhneiklnpfikggjiipfkbnnf\1\
  267. CHR - Extension: No name found = C:\Users\Reza Arta Bagaskoro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.3_0\
  268. CHR - Extension: No name found = C:\Users\Reza Arta Bagaskoro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\
  269. CHR - Extension: No name found = C:\Users\Reza Arta Bagaskoro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhacdeanndcbcdbkhmloehhegaidopah\1\
  270. CHR - Extension: No name found = C:\Users\Reza Arta Bagaskoro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnmijmkgddbcefjmambaoahiflfpmphk\1\
  271. CHR - Extension: No name found = C:\Users\Reza Arta Bagaskoro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
  272. CHR - Extension: No name found = C:\Users\Reza Arta Bagaskoro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfemlchclbigdjbdnobejbpcoobobb\1\
  273. CHR - Extension: No name found = C:\Users\Reza Arta Bagaskoro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
  274.  
  275. O1 HOSTS File: ([2014/10/26 21:45:52 | 000,001,397 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
  276. O1 - Hosts: 127.0.0.1 localhost
  277. O1 - Hosts: ::1 localhost
  278. O1 - Hosts: 198.37.114.178 www.google-analytics.com.
  279. O1 - Hosts: 198.37.114.178 google-analytics.com.
  280. O1 - Hosts: 198.37.114.178 connect.facebook.net.
  281. O1 - Hosts: 212.47.195.163 www.google-analytics.com.
  282. O1 - Hosts: 212.47.195.163 google-analytics.com.
  283. O1 - Hosts: 212.47.195.163 connect.facebook.net.
  284. O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
  285. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
  286. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.5.0.28\coieplg.dll (Symantec Corporation)
  287. O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.5.0.28\ips\ipsbho.dll (Symantec Corporation)
  288. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
  289. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
  290. O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Reza Arta Bagaskoro\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
  291. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
  292. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.5.0.28\coieplg.dll (Symantec Corporation)
  293. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.5.0.28\coieplg.dll (Symantec Corporation)
  294. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
  295. O4 - HKLM..\Run: [Baidu Antivirus] C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe (Baidu, Inc.)
  296. O4 - HKLM..\Run: [Baidu PC Faster 4.0.0.0] C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe (Baidu Inc.)
  297. O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
  298. O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
  299. O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
  300. O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
  301. O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
  302. O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
  303. O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
  304. O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
  305. O4 - HKCU..\Run: [AdapterTroubleshooter] "C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Microsoft\Windows\IEUpdate\AdapterTroubleshooter.exe" File not found
  306. O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
  307. O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
  308. O4 - HKCU..\Run: [EPSON ME 32 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGEC.EXE (SEIKO EPSON CORPORATION)
  309. O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
  310. O4 - HKCU..\Run: [Imsoft] C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
  311. O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
  312. O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
  313. O4 - HKCU..\Run: [NextLive] C:\Users\Reza Arta Bagaskoro\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
  314. O4 - HKCU..\Run: [SMΔRT-Protection] C:\Program Files\Smadav\SMΔRTP.exe (Smadsoft)
  315. O4 - HKCU..\Run: [Ummedia] C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
  316. O4 - HKCU..\Run: [YVPack] C:\Users\Reza Arta Bagaskoro\AppData\Local\YVPack\tmpF5D6.exe ()
  317. O4 - Startup: C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdapterTroubleshooter.lnk = File not found
  318. O4 - Startup: C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
  319. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
  320. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
  321. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
  322. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
  323. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
  324. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
  325. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
  326. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
  327. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
  328. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
  329. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
  330. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
  331. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
  332. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
  333. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
  334. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
  335. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
  336. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
  337. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
  338. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
  339. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
  340. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
  341. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
  342. O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
  343. O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
  344. O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Run = "C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Microsoft\Windows\IEUpdate\AdapterTroubleshooter.exe"
  345. O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
  346. O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
  347. O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
  348. O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
  349. O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
  350. O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
  351. O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
  352. O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
  353. O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  354. O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
  355. O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
  356. O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
  357. O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
  358. O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
  359. O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
  360. O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  361. O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  362. O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  363. O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  364. O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  365. O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  366. O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  367. O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  368. O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  369. O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  370. O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  371. O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  372. O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  373. O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  374. O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  375. O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  376. O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  377. O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  378. O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  379. O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  380. O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  381. O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  382. O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  383. O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  384. O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  385. O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  386. O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  387. O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  388. O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  389. O13 - gopher Prefix: missing
  390. O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
  391. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{178E871D-DD32-4D61-AD00-8C54C597CA4C}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
  392. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD360FD3-1FBF-48AB-88D5-265850219616}: DhcpNameServer = 192.168.1.1
  393. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD360FD3-1FBF-48AB-88D5-265850219616}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.4.4
  394. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F134269D-90CF-4D94-8E21-51FA4DEA1767}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
  395. O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
  396. O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  397. O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
  398. O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  399. O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  400. O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
  401. O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  402. O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  403. O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
  404. O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
  405. O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  406. O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
  407. O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
  408. O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  409. O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
  410. O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
  411. O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
  412. O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
  413. O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
  414. O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
  415. O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
  416. O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
  417. O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  418. O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  419. O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
  420. O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
  421. O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
  422. O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
  423. O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
  424. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  425. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
  426. O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
  427. O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
  428. O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
  429. O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
  430. O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
  431. O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
  432. O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
  433. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
  434. O31 - SafeBoot: AlternateShell - cmd.exe
  435. O32 - HKLM CDRom: AutoRun - 1
  436. O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
  437. O32 - AutoRun File - [2006/02/16 19:56:14 | 000,770,048 | R--- | M] (JoWooD Software Productions AG) - E:\autorun.exe -- [ CDFS ]
  438. O32 - AutoRun File - [2003/12/10 22:39:10 | 000,000,053 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
  439. O33 - MountPoints2\{470fa274-42b4-11e3-a02a-002481351f8b}\Shell - "" = AutoRun
  440. O33 - MountPoints2\{470fa274-42b4-11e3-a02a-002481351f8b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
  441. O33 - MountPoints2\{470fa283-42b4-11e3-a02a-002481351f8b}\Shell - "" = AutoRun
  442. O33 - MountPoints2\{470fa283-42b4-11e3-a02a-002481351f8b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
  443. O33 - MountPoints2\{797cdbcb-bfd1-11e2-b2a2-00247e1dc45f}\Shell - "" = AutoRun
  444. O33 - MountPoints2\{797cdbcb-bfd1-11e2-b2a2-00247e1dc45f}\Shell\AutoRun\command - "" = F:\Setup.exe
  445. O33 - MountPoints2\{8b48588a-b790-11e2-af11-00247e1dc45f}\Shell - "" = AutoRun
  446. O33 - MountPoints2\{8b48588a-b790-11e2-af11-00247e1dc45f}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2004/11/24 20:02:10 | 000,031,744 | R--- | M] ()
  447. O33 - MountPoints2\{b187e9f0-2202-11e3-9bb8-002481351f8b}\Shell - "" = AutoRun
  448. O33 - MountPoints2\{b187e9f0-2202-11e3-9bb8-002481351f8b}\Shell\AutoRun\command - "" = F:\Setup.exe
  449. O33 - MountPoints2\{b6e8e3f3-c018-11e2-9312-00247e1dc45f}\Shell - "" = AutoRun
  450. O33 - MountPoints2\{b6e8e3f3-c018-11e2-9312-00247e1dc45f}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2006/02/16 19:56:14 | 000,770,048 | R--- | M] (JoWooD Software Productions AG)
  451. O33 - MountPoints2\{b89845ed-c5dc-11e2-a674-00247e1dc45f}\Shell - "" = AutoRun
  452. O33 - MountPoints2\{b89845ed-c5dc-11e2-a674-00247e1dc45f}\Shell\AutoRun\command - "" = F:\Setup.exe
  453. O34 - HKLM BootExecute: (autocheck autochk *)
  454. O35 - HKLM\..comfile [open] -- "%1" %*
  455. O35 - HKLM\..exefile [open] -- "%1" %*
  456. O37 - HKLM\...com [@ = comfile] -- "%1" %*
  457. O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  458. O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
  459. O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
  460. O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  461.  
  462. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
  463.  
  464. [2014/10/31 14:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
  465. [2014/10/19 23:39:01 | 000,000,000 | ---D | C] -- C:\Users\Reza Arta Bagaskoro\AppData\Local\Imsoft
  466. [2014/10/19 23:38:09 | 000,000,000 | ---D | C] -- C:\Users\Reza Arta Bagaskoro\AppData\Local\YVPack
  467. [2014/10/13 16:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\baidu
  468. [2014/10/12 22:41:53 | 000,000,000 | ---D | C] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Opera Software
  469. [2014/10/12 22:41:53 | 000,000,000 | ---D | C] -- C:\Users\Reza Arta Bagaskoro\AppData\Local\Opera Software
  470. [2014/10/12 22:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
  471. [2014/10/12 15:43:48 | 000,000,000 | ---D | C] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store
  472. [2014/10/12 15:43:41 | 000,000,000 | ---D | C] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\PC App Store
  473. [2014/10/12 15:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\PC App Store
  474. [2014/10/12 15:09:54 | 000,000,000 | ---D | C] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Hear
  475. [2014/10/12 15:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hear
  476. [2014/10/12 15:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\Hear
  477. [1 C:\Users\Reza Arta Bagaskoro\Documents\*.tmp files -> C:\Users\Reza Arta Bagaskoro\Documents\*.tmp -> ]
  478.  
  479. [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
  480.  
  481. [2014/10/31 22:33:47 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  482. [2014/10/31 22:33:47 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  483. [2014/10/31 22:25:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
  484. [2014/10/31 22:25:45 | 2360,291,328 | -HS- | M] () -- C:\hiberfil.sys
  485. [2014/10/31 20:23:22 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
  486. [2014/10/31 19:03:15 | 000,001,984 | ---- | M] () -- C:\Users\Reza Arta Bagaskoro\Desktop\PC App Store.lnk
  487. [2014/10/31 18:55:34 | 000,000,884 | RHS- | M] () -- C:\Users\Reza Arta Bagaskoro\ntuser.pol
  488. [2014/10/31 10:59:15 | 417,373,397 | ---- | M] () -- C:\Windows\MEMORY.DMP
  489. [2014/10/31 10:19:56 | 000,001,206 | ---- | M] () -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdapterTroubleshooter.lnk
  490. [2014/10/31 10:05:05 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
  491. [2014/10/26 21:45:52 | 000,001,397 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts
  492. [2014/10/22 21:05:18 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  493. [2014/10/22 21:05:15 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  494. [2014/10/15 11:13:23 | 000,014,304 | ---- | M] () -- C:\ProgramData\Duplicaterecord.js
  495. [2014/10/14 09:45:37 | 000,002,111 | ---- | M] () -- C:\Users\Reza Arta Bagaskoro\Application Data\Microsoft\Internet Explorer\Quick Launch\Spark Browser.lnk
  496. [2014/10/14 09:45:31 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Spark Browser.lnk
  497. [2014/10/12 22:41:11 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
  498. [2014/10/12 15:20:16 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
  499. [2014/10/12 15:20:16 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
  500. [2014/10/12 15:09:48 | 000,000,891 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hear.lnk
  501. [2014/10/12 14:40:33 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
  502. [2014/10/12 14:40:33 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
  503. [1 C:\Users\Reza Arta Bagaskoro\Documents\*.tmp files -> C:\Users\Reza Arta Bagaskoro\Documents\*.tmp -> ]
  504.  
  505. [color=#E56717]========== Files Created - No Company Name ==========[/color]
  506.  
  507. [2014/10/31 10:59:15 | 417,373,397 | ---- | C] () -- C:\Windows\MEMORY.DMP
  508. [2014/10/31 10:19:55 | 000,001,206 | ---- | C] () -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdapterTroubleshooter.lnk
  509. [2014/10/15 11:13:23 | 000,014,304 | ---- | C] () -- C:\ProgramData\Duplicaterecord.js
  510. [2014/10/14 09:45:31 | 000,002,111 | ---- | C] () -- C:\Users\Reza Arta Bagaskoro\Application Data\Microsoft\Internet Explorer\Quick Launch\Spark Browser.lnk
  511. [2014/10/14 09:45:30 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Spark Browser.lnk
  512. [2014/10/12 22:41:17 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
  513. [2014/10/12 22:41:16 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
  514. [2014/10/12 15:09:47 | 000,000,891 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hear.lnk
  515. [2014/10/12 15:09:42 | 000,039,048 | ---- | C] () -- C:\Windows\System32\drivers\ren2cap.sys
  516. [2014/08/04 07:00:01 | 000,000,043 | ---- | C] () -- C:\Windows\System32\config.ini
  517. [2014/02/05 00:10:35 | 000,000,884 | RHS- | C] () -- C:\Users\Reza Arta Bagaskoro\ntuser.pol
  518. [2014/01/23 18:31:12 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
  519. [2014/01/23 18:31:08 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
  520. [2014/01/23 18:31:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
  521. [2014/01/23 18:31:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
  522. [2014/01/23 18:31:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
  523. [2013/10/28 10:51:12 | 000,038,400 | ---- | C] () -- C:\Windows\System32\drivers\USB_BusEnum_H.sys
  524. [2013/10/28 10:51:12 | 000,030,080 | ---- | C] () -- C:\Windows\System32\drivers\USB_WinMux_H.sys
  525. [2013/10/28 10:51:12 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\USB_MODEM_H.sys
  526. [2013/09/16 23:33:08 | 000,216,064 | ---- | C] () -- C:\Windows\System32\gcapi_dll.dll
  527. [2013/05/19 08:51:42 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
  528. [2013/05/18 17:32:05 | 000,000,016 | ---- | C] () -- C:\Windows\System32\dmlconf.dat
  529. [2013/05/08 06:01:28 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
  530. [2013/05/08 06:01:27 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
  531. [2013/05/08 06:01:27 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
  532. [2013/05/08 06:01:27 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
  533. [2013/05/08 06:01:27 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
  534. [2013/05/08 06:01:27 | 000,000,259 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
  535. [2013/05/01 09:40:58 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
  536. [2013/05/01 09:40:58 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
  537. [2013/05/01 09:40:58 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
  538. [2013/05/01 09:40:57 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
  539. [2013/05/01 09:12:44 | 000,000,288 | ---- | C] () -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\.backup.dm
  540. [2013/05/01 08:59:52 | 000,000,017 | ---- | C] () -- C:\Users\Reza Arta Bagaskoro\AppData\Local\resmon.resmoncfg
  541.  
  542. [color=#E56717]========== ZeroAccess Check ==========[/color]
  543.  
  544. [2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
  545.  
  546. [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  547.  
  548. [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
  549.  
  550. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  551. "" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
  552. "ThreadingModel" = Apartment
  553.  
  554. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  555. "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
  556. "ThreadingModel" = Free
  557.  
  558. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  559. "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
  560. "ThreadingModel" = Both
  561.  
  562. [color=#E56717]========== LOP Check ==========[/color]
  563.  
  564. [2014/10/13 16:28:17 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Baidu
  565. [2014/10/31 11:25:32 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Baidu Security
  566. [2014/10/31 23:02:40 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\BitTorrent
  567. [2014/07/11 21:52:31 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\DAEMON Tools Pro
  568. [2014/02/05 00:10:32 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\DefaultTab
  569. [2014/10/26 21:26:53 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\DMCache
  570. [2014/01/08 07:58:08 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\DownLite
  571. [2013/11/06 11:39:17 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\EVDO_Haier
  572. [2013/05/08 11:35:10 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Foxit Reader
  573. [2013/09/16 23:33:42 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Foxit Software
  574. [2014/10/12 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Hear
  575. [2014/08/30 04:20:09 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\IDM
  576. [2013/05/01 10:57:34 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\iSilo
  577. [2014/10/26 21:28:30 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\newnext.me
  578. [2014/10/12 22:41:53 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Opera Software
  579. [2014/10/12 15:43:41 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\PC App Store
  580. [2013/05/07 22:49:41 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\PROLiNKEVDO
  581. [2013/05/08 11:33:49 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Rovio
  582. [2014/05/09 23:00:41 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Samsung
  583. [2013/05/19 00:10:17 | 000,000,000 | ---D | M] -- C:\Users\Reza Arta Bagaskoro\AppData\Roaming\Smadav
  584.  
  585. [color=#E56717]========== Purity Check ==========[/color]
  586.  
  587.  
  588.  
  589. [color=#E56717]========== Files - Unicode (All) ==========[/color]
  590. [2013/05/19 00:10:17 | 000,000,692 | ---- | M] ()(C:\Users\Public\Desktop\SMAD?V.lnk) -- C:\Users\Public\Desktop\SMADΔV.lnk
  591. [2013/05/19 00:10:17 | 000,000,692 | ---- | C] ()(C:\Users\Public\Desktop\SMAD?V.lnk) -- C:\Users\Public\Desktop\SMADΔV.lnk
  592.  
  593. < End of report >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!