API tools faq
paste
Advertisement
Guest User

OTL

a guest
Jul 1st, 2014
52
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 56.35 KB | None | 0 0
raw download clone embed print report
  1. OTL logfile created on: 7/18/2014 4:56:31 PM - Run 1
  2. OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kim\Downloads
  3. 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
  4. Internet Explorer (Version = 9.11.9600.17126)
  5. Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
  6.  
  7. 3.94 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 35.46% Memory free
  8. 7.87 Gb Paging File | 3.33 Gb Available in Paging File | 42.32% Paging File free
  9. Paging file location(s): ?:\pagefile.sys [binary data]
  10.  
  11. %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
  12. Drive C: | 278.17 Gb Total Space | 49.29 Gb Free Space | 17.72% Space Free | Partition Type: NTFS
  13. Drive E: | 14.63 Gb Total Space | 2.18 Gb Free Space | 14.92% Space Free | Partition Type: NTFS
  14. Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32
  15.  
  16. Computer Name: KIM-HP | User Name: Kim | Logged in as Administrator.
  17. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
  18. Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
  19.  
  20. [color=#E56717]========== Processes (SafeList) ==========[/color]
  21.  
  22. PRC - [2014/07/18 16:56:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kim\Downloads\OTL.exe
  23. PRC - [2014/07/14 13:45:33 | 001,310,544 | ---- | M] (BitTorrent Inc.) -- C:\Users\Kim\AppData\Roaming\uTorrent\uTorrent.exe
  24. PRC - [2014/06/06 01:47:29 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) -- C:\metasploit\ruby\bin\ruby.exe
  25. PRC - [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  26. PRC - [2014/05/28 12:41:50 | 000,455,680 | ---- | M] (Skillbrains) -- C:\Users\Kim\AppData\Local\Skillbrains\lightshot\5.1.2.5\Lightshot.exe
  27. PRC - [2014/05/19 20:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe
  28. PRC - [2014/04/11 00:16:57 | 000,316,000 | ---- | M] (Hyperdesktop) -- C:\Users\Kim\AppData\Roaming\Hyperdesktop\hyperdesktop.exe
  29. PRC - [2014/04/10 18:47:49 | 004,287,488 | ---- | M] (PostgreSQL Global Development Group) -- C:\metasploit\postgresql\bin\postgres.exe
  30. PRC - [2014/04/10 18:47:49 | 000,076,800 | ---- | M] (PostgreSQL Global Development Group) -- C:\metasploit\postgresql\bin\pg_ctl.exe
  31. PRC - [2014/03/25 04:05:06 | 004,971,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
  32. PRC - [2014/03/25 04:05:05 | 012,916,544 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
  33. PRC - [2014/03/25 03:42:32 | 000,238,400 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
  34. PRC - [2014/03/21 02:40:50 | 002,691,480 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
  35. PRC - [2014/03/20 11:24:00 | 005,288,608 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
  36. PRC - [2014/03/18 23:18:30 | 000,419,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
  37. PRC - [2014/02/21 15:59:18 | 001,294,136 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
  38. PRC - [2014/02/21 15:59:18 | 000,319,288 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
  39. PRC - [2014/02/19 06:06:04 | 000,769,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
  40. PRC - [2013/10/23 18:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\Kim\AppData\Local\FluxSoftware\Flux\flux.exe
  41. PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
  42. PRC - [2013/09/04 13:58:36 | 001,010,208 | ---- | M] () -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 9\WVSScheduler.exe
  43. PRC - [2013/07/10 20:51:02 | 003,981,976 | ---- | M] (proXPN.com) -- C:\Program Files (x86)\proXPN\bin\proxpn.exe
  44. PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
  45. PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
  46. PRC - [2011/12/10 22:57:22 | 000,112,070 | ---- | M] (PainteR) -- C:\AdobePhotoshopCS6Portable\PhotoshopCS6Portable.exe
  47. PRC - [2011/10/12 05:06:06 | 041,975,752 | ---- | M] (Adobe Systems, Incorporated) -- C:\AdobePhotoshopCS6Portable\App\PhotoshopCS6\Photoshop.exe
  48. PRC - [2011/02/12 00:07:16 | 000,820,048 | R--- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
  49.  
  50.  
  51. [color=#E56717]========== Modules (No Company Name) ==========[/color]
  52.  
  53. MOD - [2014/07/16 19:57:47 | 000,008,704 | ---- | M] () -- C:\Users\Kim\AppData\Local\Temp\nsgC440.tmp\newadvsplash.dll
  54. MOD - [2014/07/16 19:57:42 | 000,016,384 | ---- | M] () -- C:\Users\Kim\AppData\Local\Temp\nsgC440.tmp\registry.dll
  55. MOD - [2014/07/16 19:57:42 | 000,011,264 | ---- | M] () -- C:\Users\Kim\AppData\Local\Temp\nsgC440.tmp\System.dll
  56. MOD - [2014/07/16 14:04:28 | 000,043,008 | ---- | M] () -- c:\users\kim\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2sx0_s.dll
  57. MOD - [2014/06/05 09:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
  58. MOD - [2014/06/05 09:58:37 | 014,612,296 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
  59. MOD - [2014/06/05 09:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
  60. MOD - [2014/06/05 09:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
  61. MOD - [2014/06/05 09:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
  62. MOD - [2014/06/05 09:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
  63. MOD - [2014/03/20 11:24:00 | 005,288,608 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
  64. MOD - [2014/03/18 23:22:06 | 032,733,088 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
  65. MOD - [2014/01/02 21:09:26 | 003,610,624 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
  66. MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
  67. MOD - [2013/08/23 15:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\Dropbox\bin\libcef.dll
  68. MOD - [2011/10/12 03:55:34 | 000,134,144 | ---- | M] () -- C:\AdobePhotoshopCS6Portable\App\PhotoshopCS6\aif_ocl.dll
  69. MOD - [2011/10/12 03:55:12 | 002,204,672 | ---- | M] () -- C:\AdobePhotoshopCS6Portable\App\PhotoshopCS6\aif_ogl.dll
  70. MOD - [2011/10/12 03:54:26 | 000,033,792 | ---- | M] () -- C:\AdobePhotoshopCS6Portable\App\PhotoshopCS6\QuickTimeGlue.dll
  71. MOD - [2011/10/12 03:54:22 | 000,480,768 | ---- | M] () -- C:\AdobePhotoshopCS6Portable\App\PhotoshopCS6\aif_core.dll
  72. MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
  73.  
  74.  
  75. [color=#E56717]========== Services (SafeList) ==========[/color]
  76.  
  77. SRV:[b]64bit:[/b] - [2014/05/30 05:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
  78. SRV:[b]64bit:[/b] - [2014/01/17 15:01:08 | 000,187,592 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
  79. SRV:[b]64bit:[/b] - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
  80. SRV:[b]64bit:[/b] - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
  81. SRV:[b]64bit:[/b] - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
  82. SRV:[b]64bit:[/b] - [2011/04/26 06:08:26 | 000,048,128 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
  83. SRV:[b]64bit:[/b] - [2011/02/12 00:07:16 | 000,481,104 | R--- | M] (DigitalPersona, Inc.) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
  84. SRV:[b]64bit:[/b] - [2011/02/09 14:28:12 | 001,318,912 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
  85. SRV:[b]64bit:[/b] - [2011/01/28 12:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
  86. SRV:[b]64bit:[/b] - [2011/01/27 05:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
  87. SRV:[b]64bit:[/b] - [2011/01/26 22:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
  88. SRV:[b]64bit:[/b] - [2011/01/21 22:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
  89. SRV:[b]64bit:[/b] - [2009/12/03 19:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
  90. SRV:[b]64bit:[/b] - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
  91. SRV:[b]64bit:[/b] - [2009/03/03 06:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
  92. SRV - [2014/07/15 19:17:54 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
  93. SRV - [2014/06/06 01:47:29 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) [Auto | Running] -- C:\metasploit\ruby\bin\ruby.exe -- (metasploitWorker)
  94. SRV - [2014/06/06 01:47:29 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) [Auto | Running] -- C:\metasploit\ruby\bin\ruby.exe -- (metasploitThin)
  95. SRV - [2014/06/06 01:47:29 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) [Auto | Running] -- C:\metasploit\ruby\bin\ruby.exe -- (metasploitProSvc)
  96. SRV - [2014/04/10 18:47:49 | 000,076,800 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\metasploit\postgresql\bin\pg_ctl.exe -- (metasploitPostgreSQL)
  97. SRV - [2014/03/25 04:05:06 | 004,971,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
  98. SRV - [2014/02/26 19:57:32 | 002,224,976 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
  99. SRV - [2014/02/26 09:50:04 | 000,377,616 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
  100. SRV - [2014/02/21 15:59:18 | 000,319,288 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe -- (MbaeSvc)
  101. SRV - [2014/01/12 14:07:40 | 000,438,272 | ---- | M] (PowerUp Software, LLC) [Auto | Stopped] -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
  102. SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
  103. SRV - [2013/10/05 00:58:24 | 000,087,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe -- (VsEtwService120)
  104. SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
  105. SRV - [2013/09/04 13:58:36 | 001,010,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 9\WVSScheduler.exe -- (AcuWVSSchedulerv9)
  106. SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
  107. SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
  108. SRV - [2011/12/15 13:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
  109. SRV - [2011/05/06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
  110. SRV - [2011/02/15 18:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [Disabled | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
  111. SRV - [2011/02/07 15:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
  112. SRV - [2011/02/04 20:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
  113. SRV - [2011/02/03 19:09:18 | 000,464,480 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
  114. SRV - [2011/01/28 19:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
  115. SRV - [2011/01/26 13:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
  116. SRV - [2011/01/21 22:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
  117. SRV - [2011/01/20 01:55:18 | 001,125,728 | ---- | M] (Infineon Technologies AG) [Disabled | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
  118. SRV - [2011/01/20 01:43:00 | 000,203,104 | ---- | M] (Infineon Technologies AG) [Disabled | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
  119. SRV - [2011/01/20 00:49:00 | 000,980,320 | ---- | M] (Infineon Technologies AG) [Disabled | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe -- (IFXTCS)
  120. SRV - [2011/01/18 17:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
  121. SRV - [2011/01/15 08:32:30 | 001,116,656 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
  122. SRV - [2011/01/12 15:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Disabled | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
  123. SRV - [2011/01/03 18:16:42 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
  124. SRV - [2011/01/03 18:16:40 | 000,326,168 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
  125. SRV - [2010/11/29 15:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
  126. SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
  127. SRV - [2008/04/17 15:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
  128.  
  129.  
  130. [color=#E56717]========== Driver Services (SafeList) ==========[/color]
  131.  
  132. DRV:[b]64bit:[/b] - [2014/04/15 22:16:46 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
  133. DRV:[b]64bit:[/b] - [2014/01/17 15:01:06 | 000,202,600 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
  134. DRV:[b]64bit:[/b] - [2013/12/06 09:37:50 | 000,035,232 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
  135. DRV:[b]64bit:[/b] - [2013/11/26 21:54:02 | 000,042,016 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv.sys -- (ManyCam)
  136. DRV:[b]64bit:[/b] - [2013/10/15 21:44:42 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
  137. DRV:[b]64bit:[/b] - [2013/10/15 21:42:02 | 000,044,744 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
  138. DRV:[b]64bit:[/b] - [2013/09/17 15:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
  139. DRV:[b]64bit:[/b] - [2013/09/17 15:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
  140. DRV:[b]64bit:[/b] - [2013/09/17 15:17:38 | 000,157,432 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
  141. DRV:[b]64bit:[/b] - [2013/09/06 15:26:58 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
  142. DRV:[b]64bit:[/b] - [2013/09/06 15:26:58 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
  143. DRV:[b]64bit:[/b] - [2013/07/28 18:44:50 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
  144. DRV:[b]64bit:[/b] - [2013/07/21 22:19:42 | 000,126,872 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
  145. DRV:[b]64bit:[/b] - [2013/07/04 15:57:00 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
  146. DRV:[b]64bit:[/b] - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
  147. DRV:[b]64bit:[/b] - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
  148. DRV:[b]64bit:[/b] - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
  149. DRV:[b]64bit:[/b] - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
  150. DRV:[b]64bit:[/b] - [2013/02/21 06:14:04 | 000,495,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
  151. DRV:[b]64bit:[/b] - [2013/01/29 21:42:14 | 000,468,720 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
  152. DRV:[b]64bit:[/b] - [2012/11/28 10:42:06 | 001,866,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
  153. DRV:[b]64bit:[/b] - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
  154. DRV:[b]64bit:[/b] - [2012/03/26 12:46:46 | 000,192,072 | ---- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcwhdpvr.sys -- (hcwhdpvr)
  155. DRV:[b]64bit:[/b] - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
  156. DRV:[b]64bit:[/b] - [2011/12/15 13:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
  157. DRV:[b]64bit:[/b] - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
  158. DRV:[b]64bit:[/b] - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
  159. DRV:[b]64bit:[/b] - [2011/04/26 06:08:26 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
  160. DRV:[b]64bit:[/b] - [2011/04/26 06:08:25 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
  161. DRV:[b]64bit:[/b] - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
  162. DRV:[b]64bit:[/b] - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
  163. DRV:[b]64bit:[/b] - [2011/02/09 14:59:52 | 000,168,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
  164. DRV:[b]64bit:[/b] - [2011/02/08 13:26:52 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
  165. DRV:[b]64bit:[/b] - [2011/02/07 11:50:26 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
  166. DRV:[b]64bit:[/b] - [2011/01/30 15:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
  167. DRV:[b]64bit:[/b] - [2011/01/27 05:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
  168. DRV:[b]64bit:[/b] - [2011/01/26 22:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
  169. DRV:[b]64bit:[/b] - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
  170. DRV:[b]64bit:[/b] - [2010/12/02 21:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
  171. DRV:[b]64bit:[/b] - [2010/11/20 09:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
  172. DRV:[b]64bit:[/b] - [2010/11/20 09:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
  173. DRV:[b]64bit:[/b] - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
  174. DRV:[b]64bit:[/b] - [2010/11/20 07:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
  175. DRV:[b]64bit:[/b] - [2010/11/20 07:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
  176. DRV:[b]64bit:[/b] - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
  177. DRV:[b]64bit:[/b] - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
  178. DRV:[b]64bit:[/b] - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
  179. DRV:[b]64bit:[/b] - [2010/10/14 14:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
  180. DRV:[b]64bit:[/b] - [2010/03/19 07:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
  181. DRV:[b]64bit:[/b] - [2010/01/26 16:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
  182. DRV:[b]64bit:[/b] - [2010/01/26 01:31:08 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive)
  183. DRV:[b]64bit:[/b] - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
  184. DRV:[b]64bit:[/b] - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
  185. DRV:[b]64bit:[/b] - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
  186. DRV:[b]64bit:[/b] - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
  187. DRV:[b]64bit:[/b] - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
  188. DRV:[b]64bit:[/b] - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
  189. DRV:[b]64bit:[/b] - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
  190. DRV:[b]64bit:[/b] - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
  191. DRV:[b]64bit:[/b] - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
  192. DRV:[b]64bit:[/b] - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
  193. DRV - [2014/02/21 15:59:18 | 000,062,168 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys -- (ESProtectionDriver)
  194. DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
  195. DRV - [2008/01/25 15:06:42 | 000,010,624 | ---- | M] () [Kernel | System | Stopped] -- C:\windows\SysWow64\drivers\archlp.sys -- (archlp)
  196.  
  197.  
  198. [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
  199.  
  200.  
  201. [color=#E56717]========== Internet Explorer ==========[/color]
  202.  
  203. IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
  204. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
  205. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
  206. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
  207. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  208. IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
  209. IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
  210.  
  211. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
  212. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
  213. IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
  214. IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
  215. IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  216. IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
  217. IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 186.46.187.43:3128
  218.  
  219. [color=#E56717]========== FireFox ==========[/color]
  220.  
  221. FF - prefs.js..browser.search.useDBForOrder: true
  222. FF - prefs.js..extensions.enabledAddons: ipfuck%40p4ul.info:1.2.1
  223. FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:28.0.2
  224. FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.8.2
  225. FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.15
  226. FF - prefs.js..extensions.enabledAddons: %7B9c51bd27-6ed8-4000-a2bf-36cb95c0c947%7D:11.0.1
  227. FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
  228. FF - user.js - File not found
  229.  
  230. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
  231. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.0.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
  232. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.0.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
  233. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  234. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
  235. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  236. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
  237. FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
  238. FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
  239. FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
  240. FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
  241. FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
  242. FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  243. FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
  244. FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  245. FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
  246. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
  247. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
  248. FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
  249. FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Kim\AppData\Local\Roblox\Versions\version-f77fe2742c314291\\NPRobloxProxy.dll ()
  250. FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.33: C:\Users\Kim\AppData\Local\Spoon\3.33.6.270\npMozillaSpoonPlugin.dll (Code Systems Corporation)
  251. FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
  252. FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
  253. FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
  254. FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
  255.  
  256. 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2014/04/10 23:06:22 | 000,000,000 | ---D | M]
  257. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/03/06 18:16:04 | 000,000,000 | ---D | M]
  258. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/06 18:29:29 | 000,000,000 | ---D | M]
  259. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
  260. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
  261. FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014/04/10 23:06:22 | 000,000,000 | ---D | M]
  262. FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
  263. FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
  264.  
  265. [2014/02/26 21:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\Extensions
  266. [2014/07/15 18:43:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\w0nwjmow.default\extensions
  267. [2014/06/12 19:00:49 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\w0nwjmow.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
  268. [2014/06/12 18:53:38 | 000,016,512 | ---- | M] () (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\firefox\profiles\w0nwjmow.default\extensions\ipfuck@p4ul.info.xpi
  269. [2014/06/12 18:54:37 | 000,033,235 | ---- | M] () (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\firefox\profiles\w0nwjmow.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
  270. [2014/07/15 18:43:08 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\firefox\profiles\w0nwjmow.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
  271. [2014/06/29 02:13:14 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\firefox\profiles\w0nwjmow.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
  272. [2014/07/15 19:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
  273. [2014/07/15 19:17:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
  274.  
  275. [color=#E56717]========== Chrome ==========[/color]
  276.  
  277. CHR - default_search_provider: Google (Enabled)
  278. CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
  279. CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
  280. CHR - plugin: Error reading preferences file
  281. CHR - Extension: Google Docs = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
  282. CHR - Extension: Google Drive = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
  283. CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_1\
  284. CHR - Extension: YouTube = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
  285. CHR - Extension: Google Search = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
  286. CHR - Extension: Google Wallet = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
  287. CHR - Extension: Gmail = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
  288.  
  289. O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
  290. O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
  291. O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
  292. O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
  293. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
  294. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
  295. O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
  296. O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
  297. O4 - HKLM..\Run: [] File not found
  298. O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
  299. O4 - HKLM..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)
  300. O4 - HKCU..\Run: [Clownfish] File not found
  301. O4 - HKCU..\Run: [f.lux] C:\Users\Kim\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
  302. O4 - HKCU..\Run: [Hyperdesktop] C:\Users\Kim\AppData\Roaming\Hyperdesktop\hyperdesktop.exe (Hyperdesktop)
  303. O4 - HKCU..\Run: [LightShot] C:\Users\Kim\AppData\Local\Skillbrains\lightshot\Lightshot.exe ()
  304. O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
  305. O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe (Adobe Systems Incorporated)
  306. O4 - Startup: C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
  307. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  308. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
  309. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
  310. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
  311. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
  312. O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
  313. O13[b]64bit:[/b] - gopher Prefix: missing
  314. O13 - gopher Prefix: missing
  315. O15 - HKLM\..Trusted Domains: localhost ([]https in Trusted sites)
  316. O15 - HKCU\..Trusted Domains: localhost ([]https in Trusted sites)
  317. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EC561DA-16F1-4ABD-9857-7285FCAE52FA}: DhcpNameServer = 192.168.72.2
  318. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE39BB46-48E8-4EA4-ABA9-53E283BFD8DE}: DhcpNameServer = 10.0.0.1
  319. O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
  320. O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
  321. O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
  322. O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
  323. O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
  324. O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
  325. O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
  326. O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
  327. O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
  328. O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
  329. O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
  330. O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  331. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  332. O32 - HKLM CDRom: AutoRun - 1
  333. O34 - HKLM BootExecute: (autocheck autochk *)
  334. O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
  335. O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
  336. O35 - HKLM\..comfile [open] -- "%1" %*
  337. O35 - HKLM\..exefile [open] -- "%1" %*
  338. O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
  339. O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
  340. O37 - HKLM\...com [@ = comfile] -- "%1" %*
  341. O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  342. O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
  343. O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
  344. O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  345.  
  346. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
  347.  
  348. [2014/07/15 19:17:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
  349. [2014/07/04 10:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metasploit
  350. [2014/07/04 10:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
  351. [2014/07/04 10:00:19 | 000,000,000 | ---D | C] -- C:\metasploit
  352. [2014/07/03 21:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
  353. [2014/06/25 20:21:10 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\TeamViewer
  354. [2014/06/18 21:17:59 | 000,000,000 | ---D | C] -- C:\Users\Kim\Lulzoff Networks LLC Stresser
  355. [2014/06/18 18:53:00 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\Wireshark
  356. [2014/06/18 18:28:02 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\Acunetix WVS 9
  357. [2014/06/18 18:27:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Acunetix WVS 9
  358. [2014/06/18 18:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acunetix Web Vulnerability Scanner 9
  359. [2014/06/18 18:26:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acunetix
  360. [2014/06/18 18:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Acunetix WVS 9
  361. [3 C:\Users\Kim\Documents\*.tmp files -> C:\Users\Kim\Documents\*.tmp -> ]
  362. [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
  363. [1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
  364.  
  365. [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
  366.  
  367. [2014/07/18 16:49:53 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3852597747-2231192638-2743856475-1002UA1cf7285210e4b31.job
  368. [2014/07/18 16:17:16 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA1cf980fbea90670.job
  369. [2014/07/18 15:10:00 | 000,000,384 | ---- | M] () -- C:\windows\tasks\update-S-1-5-21-3852597747-2231192638-2743856475-1002.job
  370. [2014/07/18 14:41:00 | 000,000,384 | ---- | M] () -- C:\windows\tasks\update-sys.job
  371. [2014/07/18 03:49:01 | 000,000,848 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3852597747-2231192638-2743856475-1002Core.job
  372. [2014/07/18 01:17:02 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
  373. [2014/07/16 14:10:44 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  374. [2014/07/16 14:10:44 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  375. [2014/07/16 14:02:24 | 000,119,296 | ---- | M] () -- C:\windows\SysWow64\zlib.dll
  376. [2014/07/16 14:02:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
  377. [2014/07/14 20:07:01 | 005,114,064 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
  378. [2014/07/14 18:56:03 | 000,000,324 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForKim.job
  379. [2014/07/14 18:29:24 | 000,000,338 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForKIM-HP$.job
  380. [2014/06/28 21:02:11 | 000,000,132 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\Adobe PNG Format CS6 Prefs
  381. [2014/06/27 19:13:18 | 000,122,512 | ---- | M] () -- C:\Users\Kim\Documents\Runescape Guide 50 Mil Gold!.pdf
  382. [2014/06/27 18:41:22 | 000,376,879 | ---- | M] () -- C:\Users\Kim\Documents\7200 RP Guide.pdf
  383. [2014/06/26 18:53:26 | 000,002,050 | -H-- | M] () -- C:\Users\Kim\Documents\Default.rdp
  384. [2014/06/25 13:07:19 | 000,065,426 | ---- | M] () -- C:\Users\Kim\Documents\futurama__bender_by_suzura-d59kq1p.png
  385. [2014/06/25 13:01:04 | 000,787,698 | ---- | M] () -- C:\Users\Kim\Documents\Tango.jpg
  386. [2014/06/25 12:35:05 | 000,003,859 | ---- | M] () -- C:\Users\Kim\Documents\snipe.jpg
  387. [2014/06/21 00:00:42 | 000,076,317 | ---- | M] () -- C:\Users\Kim\Documents\pope-john-paul-ii-0212.jpg
  388. [2014/06/20 23:49:06 | 000,034,691 | ---- | M] () -- C:\Users\Kim\Documents\pope.jpg
  389. [2014/06/20 07:44:30 | 000,000,432 | ---- | M] () -- C:\Users\Kim\AppData\Local\UserProducts.xml
  390. [2014/06/18 18:27:38 | 000,000,722 | ---- | M] () -- C:\windows\WVS_InstDBLogFile.csv
  391. [3 C:\Users\Kim\Documents\*.tmp files -> C:\Users\Kim\Documents\*.tmp -> ]
  392. [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
  393. [1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
  394.  
  395. [color=#E56717]========== Files Created - No Company Name ==========[/color]
  396.  
  397. [2014/07/05 01:12:40 | 000,000,898 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA1cf980fbea90670.job
  398. [2014/06/27 19:13:18 | 000,122,512 | ---- | C] () -- C:\Users\Kim\Documents\Runescape Guide 50 Mil Gold!.pdf
  399. [2014/06/27 18:41:20 | 000,376,879 | ---- | C] () -- C:\Users\Kim\Documents\7200 RP Guide.pdf
  400. [2014/06/25 13:07:18 | 000,065,426 | ---- | C] () -- C:\Users\Kim\Documents\futurama__bender_by_suzura-d59kq1p.png
  401. [2014/06/25 13:00:52 | 000,787,698 | ---- | C] () -- C:\Users\Kim\Documents\Tango.jpg
  402. [2014/06/25 12:35:04 | 000,003,859 | ---- | C] () -- C:\Users\Kim\Documents\snipe.jpg
  403. [2014/06/21 00:00:41 | 000,076,317 | ---- | C] () -- C:\Users\Kim\Documents\pope-john-paul-ii-0212.jpg
  404. [2014/06/20 23:49:03 | 000,034,691 | ---- | C] () -- C:\Users\Kim\Documents\pope.jpg
  405. [2014/06/18 18:25:45 | 000,000,722 | ---- | C] () -- C:\windows\WVS_InstDBLogFile.csv
  406. [2014/05/20 21:30:56 | 000,119,296 | ---- | C] () -- C:\windows\SysWow64\zlib.dll
  407. [2014/05/20 21:30:56 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\ADsSecurity.dll
  408. [2014/04/12 19:22:49 | 000,001,536 | ---- | C] () -- C:\windows\Sandboxie.ini
  409. [2014/04/05 20:02:56 | 000,000,432 | ---- | C] () -- C:\Users\Kim\AppData\Local\UserProducts.xml
  410. [2014/03/26 04:04:31 | 000,000,132 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\Adobe GIF Format CS6 Prefs
  411. [2014/01/22 20:40:32 | 000,009,716 | ---- | C] () -- C:\Users\Kim\Place2.rbxl
  412. [2014/01/13 15:50:48 | 000,010,624 | ---- | C] () -- C:\windows\SysWow64\drivers\archlp.sys
  413. [2014/01/04 23:26:20 | 000,002,400 | ---- | C] () -- C:\windows\HCWPNP.INI
  414. [2013/12/01 19:53:46 | 000,007,600 | ---- | C] () -- C:\Users\Kim\AppData\Local\Resmon.ResmonCfg
  415. [2013/11/11 00:12:45 | 000,000,132 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\Adobe PNG Format CS6 Prefs
  416. [2013/09/25 19:09:53 | 004,178,432 | ---- | C] () -- C:\windows\SysWow64\PhotoLooksRenderer.dll
  417. [2013/09/03 17:30:56 | 000,452,096 | ---- | C] () -- C:\windows\SysWow64\nmap.exe
  418. [2013/09/03 17:30:56 | 000,290,816 | ---- | C] () -- C:\windows\SysWow64\nmapserv.exe
  419. [2013/09/02 12:42:49 | 000,000,182 | ---- | C] () -- C:\Users\Kim\SciTE.recent
  420. [2013/09/02 12:42:49 | 000,000,108 | ---- | C] () -- C:\Users\Kim\SciTE.session
  421. [2013/09/01 18:04:08 | 000,004,502 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\CamStudio.cfg
  422. [2013/08/31 00:34:25 | 000,000,408 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\CamShapes.ini
  423. [2013/08/31 00:34:25 | 000,000,408 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\CamLayout.ini
  424. [2013/08/31 00:34:25 | 000,000,103 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\Camdata.ini
  425. [2013/07/28 18:44:52 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
  426. [2012/11/28 10:42:06 | 000,026,464 | ---- | C] () -- C:\windows\snuvcdsm.exe
  427.  
  428. [color=#E56717]========== ZeroAccess Check ==========[/color]
  429.  
  430. [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
  431.  
  432. [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  433.  
  434. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  435.  
  436. [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
  437.  
  438. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
  439.  
  440. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  441. "" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
  442. "ThreadingModel" = Apartment
  443.  
  444. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  445. "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
  446. "ThreadingModel" = Apartment
  447.  
  448. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
  449. "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
  450. "ThreadingModel" = Free
  451.  
  452. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  453. "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
  454. "ThreadingModel" = Free
  455.  
  456. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
  457. "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
  458. "ThreadingModel" = Both
  459.  
  460. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  461.  
  462. [color=#E56717]========== LOP Check ==========[/color]
  463.  
  464. [2014/07/14 20:57:32 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\.minecraft
  465. [2013/11/09 08:22:52 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\BitTorrent
  466. [2013/08/19 22:33:09 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\DigitalPersona
  467. [2014/07/18 14:06:32 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Dropbox
  468. [2014/07/16 14:04:45 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\DropboxMaster
  469. [2014/01/04 22:19:39 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Elgato
  470. [2013/12/27 21:51:46 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\EurekaLog
  471. [2013/12/20 15:28:09 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Gyazo
  472. [2014/04/11 00:16:57 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Hyperdesktop
  473. [2013/08/19 22:33:53 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Infineon
  474. [2014/04/11 00:50:38 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\java
  475. [2014/03/16 11:42:51 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\LolClient
  476. [2014/02/28 01:26:28 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\ManyCam
  477. [2013/09/23 23:14:07 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\MAXON
  478. [2014/05/20 19:44:58 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\MotioninJoy
  479. [2014/01/24 22:00:24 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Notepad++
  480. [2014/02/01 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\NuGet
  481. [2014/05/31 15:38:37 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\OmniCoin
  482. [2014/05/20 21:31:12 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\PowerUp Software
  483. [2014/04/10 22:12:56 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Process Hacker 2
  484. [2013/09/04 15:32:03 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Publish Providers
  485. [2013/09/04 16:53:18 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Red Giant
  486. [2013/09/04 17:05:26 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Red Giant Link
  487. [2014/03/16 09:54:09 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Riot Games
  488. [2013/08/20 13:12:39 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\SoftGrid Client
  489. [2013/10/07 15:20:25 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Sony
  490. [2013/12/26 00:56:03 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Sony Creative Software Inc
  491. [2013/08/20 12:43:24 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Synaptics
  492. [2014/06/25 20:21:10 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\TeamViewer
  493. [2014/01/14 17:09:27 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\TITANSOULSAIR
  494. [2013/08/20 13:09:33 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\TP
  495. [2014/06/13 18:18:14 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Ufasoft
  496. [2014/07/18 17:05:54 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\uTorrent
  497. [2014/06/18 18:53:00 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Wireshark
  498.  
  499. [color=#E56717]========== Purity Check ==========[/color]
  500.  
  501.  
  502.  
  503. [color=#E56717]========== Alternate Data Streams ==========[/color]
  504.  
  505. @Alternate Data Stream - 128 bytes -> C:\windows\SysWow64\zlib.dll:SummaryInformation
  506. @Alternate Data Stream - 128 bytes -> C:\windows\SysWow64\zlib.dll:DocumentSummaryInformation
  507.  
  508. < End of report >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!