Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- OTL logfile created on: 9/12/2015 9:53:06 PM - Run 1
- OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tittus\Desktop
- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
- Internet Explorer (Version = 8.0.7601.17514)
- Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
- 3.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 41.66% Memory free
- 6.00 Gb Paging File | 4.31 Gb Available in Paging File | 71.95% Paging File free
- Paging file location(s): ?:\pagefile.sys [binary data]
- %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
- Drive C: | 60.08 Gb Total Space | 14.06 Gb Free Space | 23.41% Space Free | Partition Type: NTFS
- Drive D: | 88.96 Gb Total Space | 43.91 Gb Free Space | 49.35% Space Free | Partition Type: NTFS
- Computer Name: TITTUS-PC | User Name: tittus | Logged in as Administrator.
- Boot Mode: Normal | Scan Mode: Current user
- Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
- [color=#E56717]========== Processes (SafeList) ==========[/color]
- PRC - C:\Users\tittus\Desktop\OTL.exe (OldTimer Tools)
- PRC - C:\Users\tittus\AppData\Local\gmsd_ra_005010083\upgmsd_ra_005010083.exe ()
- PRC - C:\Program Files\gmsd_ra_005010083\gmsd_ra_005010083.exe ()
- PRC - C:\Program Files\Common Files\ShopperPro\spbiu.exe (ShopperPro)
- PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
- PRC - C:\Program Files\baidu\pps.exe ()
- PRC - C:\Program Files\BimaTRI\BimaTRI.exe ()
- PRC - C:\Program Files\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
- PRC - C:\Program Files\BlueStacks\HD-UpdaterService.exe (BlueStack Systems, Inc.)
- PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
- PRC - C:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
- PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
- PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
- PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
- PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
- PRC - C:\Program Files\HapAckeR Soft\MoMo - Web Browser Optimize\MoMo.exe (HapAckeR Soft)
- PRC - C:\Windows\System32\ChgService.exe ()
- PRC - C:\Windows\explorer.exe (Microsoft Corporation)
- PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
- [color=#E56717]========== Modules (No Company Name) ==========[/color]
- MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\252acca6f055917d5a5a9c4bb4ace6b0\JSON.ni.dll ()
- MOD - C:\Users\tittus\AppData\Local\gmsd_ra_005010083\upgmsd_ra_005010083.exe ()
- MOD - C:\Program Files\gmsd_ra_005010083\gmsd_ra_005010083.exe ()
- MOD - C:\Program Files\baidu\pps.exe ()
- MOD - c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll ()
- MOD - C:\Program Files\BimaTRI\BimaTRI.exe ()
- MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a96ebdd39d16d2b9e7476a6b9d728ae7\System.ServiceProcess.ni.dll ()
- MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\31e991980fae3062d709f31dcf6f4669\System.Web.ni.dll ()
- MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5d9b26fc02784136a0c34d75a2f3d714\System.Windows.Forms.ni.dll ()
- MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8283e75f3820b002e167d2270b790f7e\System.Drawing.ni.dll ()
- MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9097049b739730f4391c8f50da0d6e34\System.Xml.ni.dll ()
- MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\26ce7c29eb3c15178a21a4ae283f420d\System.Configuration.ni.dll ()
- MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9fccc2be9a47b2970bc9498cc57fb142\System.ni.dll ()
- MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\d40b99d82652dbbc000d378a824ae296\mscorlib.ni.dll ()
- MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
- MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
- [color=#E56717]========== Services (SafeList) ==========[/color]
- SRV - (totyseku) -- C:\Program Files\03000200-1441197202-0500-0006-000700080009\hnsx1392.tmp File not found
- SRV - (musepimo) -- C:\Program Files\03000200-1441197202-0500-0006-000700080009\knsq1907.tmp File not found
- SRV - (jimocoso) -- C:\Program Files\03000200-1441197202-0500-0006-000700080009\jnsmBA59.tmp File not found
- SRV - (globalUpdatem) -- C:\Program Files\globalUpdate\Update\globalupdate.exe /medsvc File not found
- SRV - (globalUpdate) -- C:\Program Files\globalUpdate\Update\globalupdate.exe /svc File not found
- SRV - (SPBIUpd) -- C:\Program Files\Common Files\ShopperPro\spbiu.exe (ShopperPro)
- SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
- SRV - (BstHdUpdaterSvc) -- C:\Program Files\BlueStacks\HD-UpdaterService.exe (BlueStack Systems, Inc.)
- SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
- SRV - (BstHdLogRotatorSvc) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
- SRV - (BstHdAndroidSvc) -- C:\Program Files\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
- SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
- SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
- SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
- SRV - (Change Modem Device Service) -- C:\Windows\System32\ChgService.exe ()
- SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
- SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
- SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
- SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
- [color=#E56717]========== Driver Services (SafeList) ==========[/color]
- DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
- DRV - (MpKsl66e2b5eb) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4825072A-B57E-4E45-910C-F13DE9A7DA0C}\MpKsl66e2b5eb.sys (Microsoft Corporation)
- DRV - (SPBIUpdd) -- C:\Program Files\Common Files\ShopperPro\spbiw.sys ()
- DRV - (BstHdDrv) -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys (BlueStack Systems)
- DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
- DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
- DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
- DRV - (RtlWlanu) -- C:\Windows\System32\drivers\RTWlanU.sys (Realtek Semiconductor Corporation )
- DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (QUALCOMM Incorporated)
- DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
- DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
- DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
- DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
- DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
- DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
- DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
- DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
- DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
- DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
- DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
- DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
- DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
- DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
- DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
- [color=#E56717]========== Standard Registry (All) ==========[/color]
- [color=#E56717]========== Internet Explorer ==========[/color]
- IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
- IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
- IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
- IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
- IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
- IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
- IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
- IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
- IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
- IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
- IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
- IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
- IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
- IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://u.msn.com/id-id/?ocid=iehp
- IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
- IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 2A C5 02 41 C7 D0 01 [binary data]
- IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
- IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
- IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
- IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
- [color=#E56717]========== FireFox ==========[/color]
- FF - prefs.js..browser.search.countryCode: "ID"
- FF - prefs.js..browser.search.defaultenginename: "mystartsearch"
- FF - prefs.js..browser.search.region: "ID"
- FF - prefs.js..browser.search.searchengine.alias: "mystartsearch"
- FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine"
- FF - prefs.js..browser.search.searchengine.iconURL: "http://www.mystartsearch.com/favicon.ico"
- FF - prefs.js..browser.search.searchengine.name: "mystartsearch"
- FF - prefs.js..browser.search.searchengine.ptid: "cmi"
- FF - prefs.js..browser.search.searchengine.uid: "ST3160215AS_6RABANRDXXXX6RABANRD"
- FF - prefs.js..browser.search.searchengine.url: "http://www.mystartsearch.com/web/?type=ds&ts=1441719083&z=894c575bf4d18e0147fa109g0zcz5g9mag9b8t5c3m&from=cmi&uid=ST3160215AS_6RABANRDXXXX6RABANRD&q={searchTerms}"
- FF - prefs.js..browser.search.selectedEngine: "mystartsearch"
- FF - prefs.js..browser.startup.homepage: "http://www.mystartsearch.com/?type=hp&ts=1441719083&z=894c575bf4d18e0147fa109g0zcz5g9mag9b8t5c3m&from=cmi&uid=ST3160215AS_6RABANRDXXXX6RABANRD"
- FF - prefs.js..extensions.enabledAddons: mozilla_cc2%40internetdownloadmanager.com:6.23.19
- FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1
- FF - user.js - File not found
- FF - HKLM\Software\MozillaPlugins\@iqiyi.com/npWebPlayer: C:\IQIYI Video\LStyle\npWebPlayer.dll File not found
- FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
- FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
- FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10: C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll File not found
- FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4: C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll File not found
- FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
- FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
- FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
- FF - HKCU\Software\MozillaPlugins\@iqiyi.com/npWebPlayer: C:\IQIYI Video\LStyle\npWebPlayer.dll File not found
- FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\defsearchp@gmail.com: C:\Users\tittus\AppData\Roaming\Mozilla\Firefox\Profiles\z5vurs5l.default-1432035441886\extensions\defsearchp@gmail.com
- FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\deskCutv2@gmail.com: C:\Users\tittus\AppData\Roaming\Mozilla\Firefox\Profiles\z5vurs5l.default-1432035441886\extensions\deskCutv2@gmail.com
- FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
- FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
- FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc2@internetdownloadmanager.com: C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2015/08/14 17:36:02 | 000,029,742 | ---- | M] ()
- FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\tittus\AppData\Roaming\IDM\idmmzcc5 [2015/09/05 14:20:36 | 000,000,000 | ---D | M]
- [2015/04/10 18:28:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tittus\AppData\Roaming\Mozilla\Extensions
- [2015/09/12 10:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tittus\AppData\Roaming\Mozilla\Firefox\Profiles\z5vurs5l.default-1432035441886\extensions
- [2015/09/09 21:03:04 | 000,002,176 | ---- | M] () -- C:\Users\tittus\AppData\Roaming\Mozilla\Firefox\Profiles\z5vurs5l.default-1432035441886\searchplugins\mystartsearch.xml
- [2015/09/02 19:42:06 | 000,002,167 | ---- | M] () -- C:\Users\tittus\AppData\Roaming\Mozilla\Firefox\Profiles\z5vurs5l.default-1432035441886\searchplugins\oursurfing.xml
- [2015/04/10 16:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
- [2015/04/10 16:24:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- [2015/08/14 17:36:02 | 000,029,742 | ---- | M] () (No name found) -- C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMMZCC2.XPI
- [color=#E56717]========== Chrome ==========[/color]
- CHR - Extension: No name found = C:\Users\tittus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
- CHR - Extension: No name found = C:\Users\tittus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
- CHR - Extension: No name found = C:\Users\tittus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
- CHR - Extension: No name found = C:\Users\tittus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
- CHR - Extension: No name found = C:\Users\tittus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.9.1_0\
- CHR - Extension: No name found = C:\Users\tittus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
- CHR - Extension: No name found = C:\Users\tittus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
- CHR - Extension: No name found = C:\Users\tittus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
- CHR - Extension: No name found = C:\Users\tittus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
- CHR - Extension: No name found = C:\Users\tittus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.23.15_0\
- CHR - Extension: No name found = C:\Users\tittus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
- CHR - Extension: No name found = C:\Users\tittus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
- O1 HOSTS File: ([2009/06/11 04:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
- O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
- O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
- O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
- O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
- O4 - HKLM..\Run: [gmsd_ra_005010080] File not found
- O4 - HKLM..\Run: [gmsd_ra_005010081] File not found
- O4 - HKLM..\Run: [gmsd_ra_005010082] File not found
- O4 - HKLM..\Run: [gmsd_ra_005010083] C:\Program Files\gmsd_ra_005010083\gmsd_ra_005010083.exe ()
- O4 - HKLM..\Run: [mbot_id_014010078] File not found
- O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
- O4 - HKCU..\Run: [apphide] C:\Program Files\baidu\pps.exe ()
- O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
- O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
- O4 - HKCU..\Run: [MoMo_WebBrowserOptimize] C:\Program Files\HapAckeR Soft\MoMo - Web Browser Optimize\MoMo.exe (HapAckeR Soft)
- O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
- O4 - HKLM..\RunOnce: [upgmsd_ra_005010083.exe] C:\Users\tittus\AppData\Local\gmsd_ra_005010083\upgmsd_ra_005010083.exe ()
- O4 - Startup: C:\Users\tittus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BimaTRI.lnk = C:\Program Files\BimaTRI\BimaTRI.exe ()
- O4 - Startup: C:\Users\tittus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk = File not found
- O4 - Startup: C:\Users\tittus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\W.lnk = C:\Users\tittus\AppData\Roaming\obaG8oUMSY.exe ()
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
- O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
- O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
- O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
- O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
- O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
- O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
- O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
- O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
- O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
- O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
- O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
- O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
- O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
- O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
- O13 - gopher Prefix: missing
- O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4501245A-F899-4C0A-835C-051E915E9D5A}: DhcpNameServer = 8.8.8.8 8.8.4.4
- O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
- O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
- O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
- O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
- O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
- O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
- O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
- O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
- O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
- O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
- O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
- O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
- O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
- O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
- O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
- O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
- O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
- O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
- O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
- O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
- O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
- O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
- O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
- O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
- O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
- O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
- O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
- O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
- O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
- O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
- O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
- O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
- O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
- O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
- O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
- O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
- O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
- O31 - SafeBoot: AlternateShell - cmd.exe
- O32 - HKLM CDRom: AutoRun - 1
- O32 - AutoRun File - [2015/09/12 10:28:40 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
- O32 - AutoRun File - [2009/06/11 04:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
- O32 - AutoRun File - [2013/10/08 16:18:36 | 4229,266,025 | ---- | M] (Autodesk, Inc.) - D:\Autodesk_Inventor_2014_Eng_64bit_dlm_001_002.sfx.exe -- [ NTFS ]
- O32 - AutoRun File - [2013/10/08 07:02:48 | 161,701,279 | ---- | M] (Autodesk, Inc.) - D:\Autodesk_Inventor_2014_Eng_64bit_dlm_002_002.sfx.exe -- [ NTFS ]
- O33 - MountPoints2\{0657f779-d087-11e4-9b5a-002488c23038}\Shell - "" = AutoRun
- O33 - MountPoints2\{0657f779-d087-11e4-9b5a-002488c23038}\Shell\AutoRun\command - "" = E:\setup.exe
- O33 - MountPoints2\{2d9a8189-cfc6-11e4-a543-002488c23038}\Shell - "" = AutoRun
- O33 - MountPoints2\{2d9a8189-cfc6-11e4-a543-002488c23038}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
- O34 - HKLM BootExecute: (autocheck autochk *)
- O35 - HKLM\..comfile [open] -- "%1" %*
- O35 - HKLM\..exefile [open] -- "%1" %*
- O37 - HKLM\...com [@ = comfile] -- "%1" %*
- O37 - HKLM\...exe [@ = exefile] -- "%1" %*
- O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
- O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
- O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
- [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
- [2015/09/12 11:11:02 | 005,635,119 | ---- | C] (Swearware) -- C:\Users\tittus\Desktop\ComboFix.exe
- [2015/09/12 11:09:10 | 024,344,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\tittus\Desktop\mbam-setup-techspot-2.1.8.1057.exe
- [2015/09/12 11:08:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tittus\Desktop\OTL.exe
- [2015/09/12 10:53:48 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Roaming\Autodesk
- [2015/09/12 10:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
- [2015/09/12 10:28:40 | 000,000,000 | ---D | C] -- C:\Autodesk
- [2015/09/10 21:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\SmartfrenAD687GDriver
- [2015/09/08 20:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
- [2015/09/08 20:40:23 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Local\gmsd_ra_005010083
- [2015/09/08 20:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\gmsd_ra_005010083
- [2015/09/08 20:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
- [2015/09/08 20:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
- [2015/09/08 20:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\BlueStacks
- [2015/09/08 20:30:22 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Local\Bluestacks
- [2015/09/07 21:52:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\Flash
- [2015/09/07 21:43:57 | 000,000,000 | -HSD | C] -- C:\Users\tittus\AppData\Roaming\AnyProtectEx
- [2015/09/07 21:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
- [2015/09/07 21:32:15 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Local\globalUpdate
- [2015/09/07 21:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\pWdsManProp
- [2015/09/07 21:16:02 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Local\Crossbrowse
- [2015/09/06 22:56:25 | 000,000,000 | -HSD | C] -- C:\[Smad-Cage]
- [2015/09/06 22:56:25 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Roaming\Smadav
- [2015/09/06 22:50:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
- [2015/09/06 22:36:22 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Local\Systweak
- [2015/09/06 22:32:54 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Roaming\systweak
- [2015/09/06 22:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ShopperPro
- [2015/09/06 22:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ShopperPro
- [2015/09/06 22:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\3WdsManPro3
- [2015/09/06 22:24:11 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Local\Installer
- [2015/09/06 22:24:10 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Local\CrashRpt
- [2015/09/05 14:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\1WdsManPro1
- [2015/09/05 14:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
- [2015/09/05 14:47:45 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Local\gamesdesktop
- [2015/09/05 14:20:23 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
- [2015/09/05 14:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
- [2015/09/05 14:18:04 | 000,000,000 | ---D | C] -- C:\Users\tittus\Documents\TPM
- [2015/09/02 20:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\predm
- [2015/09/02 20:06:12 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Roaming\ppslog
- [2015/09/02 19:51:13 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Local\SysassistByHotWheel
- [2015/09/02 19:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WWdsManProW
- [2015/09/02 19:50:42 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Local\Unity
- [2015/09/02 19:49:57 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Roaming\IQIYI Video
- [2015/09/02 19:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\IQIYI Video
- [2015/09/02 19:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\baidu
- [2015/09/02 19:35:18 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Local\03000200-1441222518-0500-0006-000700080009
- [2015/08/30 21:29:06 | 000,000,000 | ---D | C] -- C:\Users\tittus\AppData\Local\CEF
- [2015/08/28 19:36:11 | 000,123,968 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
- [2015/08/16 14:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Android Device USB driver
- [2015/08/16 14:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Android Device USB driver
- [2015/08/16 12:10:13 | 000,000,000 | ---D | C] -- C:\Users\tittus\.android
- [2015/08/16 11:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
- [2015/08/14 19:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\BimaTRI
- [2 C:\Users\tittus\AppData\Local\*.tmp files -> C:\Users\tittus\AppData\Local\*.tmp -> ]
- [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
- [2015/09/12 21:53:40 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- [2015/09/12 21:53:40 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- [2015/09/12 21:46:52 | 000,000,939 | ---- | M] () -- C:\Users\tittus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BimaTRI.lnk
- [2015/09/12 21:46:24 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
- [2015/09/12 21:46:24 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
- [2015/09/12 21:46:22 | 000,005,498 | ---- | M] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-7.job
- [2015/09/12 21:46:22 | 000,005,474 | ---- | M] () -- C:\Windows\tasks\cbda1388-caa9-4039-9ecf-a43326686b1a-7.job
- [2015/09/12 21:46:22 | 000,004,474 | ---- | M] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-4.job
- [2015/09/12 21:46:22 | 000,004,450 | ---- | M] () -- C:\Windows\tasks\cbda1388-caa9-4039-9ecf-a43326686b1a-4.job
- [2015/09/12 21:46:22 | 000,003,454 | ---- | M] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-1-7.job
- [2015/09/12 21:46:22 | 000,002,426 | ---- | M] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-5_user.job
- [2015/09/12 21:46:22 | 000,002,426 | ---- | M] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-5.job
- [2015/09/12 21:46:22 | 000,002,092 | ---- | M] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-10_user.job
- [2015/09/12 21:46:22 | 000,002,068 | ---- | M] () -- C:\Windows\tasks\cbda1388-caa9-4039-9ecf-a43326686b1a-10_user.job
- [2015/09/12 21:46:20 | 000,005,474 | ---- | M] () -- C:\Windows\tasks\cbda1388-caa9-4039-9ecf-a43326686b1a-6.job
- [2015/09/12 21:46:20 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\Crossbrowse.job
- [2015/09/12 21:46:17 | 000,005,498 | ---- | M] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-6.job
- [2015/09/12 21:46:17 | 000,004,474 | ---- | M] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-3.job
- [2015/09/12 21:46:17 | 000,004,450 | ---- | M] () -- C:\Windows\tasks\cbda1388-caa9-4039-9ecf-a43326686b1a-3.job
- [2015/09/12 21:46:17 | 000,003,118 | ---- | M] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-1-6.job
- [2015/09/12 21:46:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
- [2015/09/12 21:45:58 | 2415,271,936 | -HS- | M] () -- C:\hiberfil.sys
- [2015/09/12 14:15:45 | 000,659,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat
- [2015/09/12 14:15:45 | 000,120,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
- [2015/09/12 14:03:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
- [2015/09/12 11:19:28 | 024,344,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\tittus\Desktop\mbam-setup-techspot-2.1.8.1057.exe
- [2015/09/12 11:19:18 | 005,635,119 | ---- | M] (Swearware) -- C:\Users\tittus\Desktop\ComboFix.exe
- [2015/09/12 11:09:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tittus\Desktop\OTL.exe
- [2015/09/12 10:49:37 | 000,001,732 | ---- | M] () -- C:\Users\tittus\Desktop\chrome - Shortcut.lnk
- [2015/09/12 10:11:56 | 000,000,740 | ---- | M] () -- C:\Users\tittus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\W.lnk
- [2015/09/12 10:11:55 | 103,399,936 | RHS- | M] () -- C:\Users\tittus\AppData\Roaming\obaG8oUMSY.exe
- [2015/09/10 12:11:37 | 000,006,560 | ---- | M] () -- C:\bootsqm.dat
- [2015/09/09 18:09:52 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job
- [2015/09/09 18:09:52 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job
- [2015/09/08 21:46:20 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
- [2015/09/08 21:31:57 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job
- [2015/09/08 20:33:18 | 000,000,102 | ---- | M] () -- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
- [2015/09/08 20:32:22 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Apps.lnk
- [2015/09/08 20:32:22 | 000,001,765 | ---- | M] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
- [2015/09/08 20:31:40 | 000,001,395 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
- [2015/09/08 19:50:39 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
- [2015/09/08 19:50:39 | 000,000,248 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
- [2015/09/07 21:32:15 | 000,000,004 | ---- | M] () -- C:\Windows\System32\029B560A371F4E00AB32838EBC01B9E7
- [2015/09/07 21:27:46 | 000,001,411 | ---- | M] () -- C:\Users\tittus\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
- [2015/09/07 21:24:26 | 000,000,489 | ---- | M] () -- C:\Users\tittus\Desktop\Power Options - Shortcut.lnk
- [2015/09/07 21:16:35 | 000,002,368 | ---- | M] () -- C:\Users\tittus\Application Data\Microsoft\Internet Explorer\Quick Launch\Crossbrowse.lnk
- [2015/09/07 21:14:22 | 000,002,344 | ---- | M] () -- C:\Users\tittus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
- [2015/09/05 14:20:26 | 000,000,983 | ---- | M] () -- C:\Users\tittus\Desktop\Internet Download Manager.lnk
- [2015/09/05 14:04:48 | 000,406,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
- [2015/09/04 12:18:30 | 000,018,248 | ---- | M] () -- C:\Windows\System32\sasnative32.exe
- [2015/08/16 14:37:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01009.Wdf
- [2015/08/14 19:31:17 | 000,000,827 | ---- | M] () -- C:\Users\Public\Desktop\BimaTRI.lnk
- [2 C:\Users\tittus\AppData\Local\*.tmp files -> C:\Users\tittus\AppData\Local\*.tmp -> ]
- [color=#E56717]========== Files Created - No Company Name ==========[/color]
- [2015/09/12 10:42:28 | 000,001,732 | ---- | C] () -- C:\Users\tittus\Desktop\chrome - Shortcut.lnk
- [2015/09/12 10:11:56 | 000,000,740 | ---- | C] () -- C:\Users\tittus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\W.lnk
- [2015/09/12 10:11:52 | 103,399,936 | RHS- | C] () -- C:\Users\tittus\AppData\Roaming\obaG8oUMSY.exe
- [2015/09/10 12:11:37 | 000,006,560 | ---- | C] () -- C:\bootsqm.dat
- [2015/09/08 20:32:22 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Apps.lnk
- [2015/09/08 20:32:22 | 000,001,765 | ---- | C] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
- [2015/09/07 21:57:48 | 000,000,364 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP3.job
- [2015/09/07 21:57:47 | 000,000,364 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP2.job
- [2015/09/07 21:57:45 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP1.job
- [2015/09/07 21:42:05 | 000,004,450 | ---- | C] () -- C:\Windows\tasks\cbda1388-caa9-4039-9ecf-a43326686b1a-4.job
- [2015/09/07 21:41:56 | 000,005,474 | ---- | C] () -- C:\Windows\tasks\cbda1388-caa9-4039-9ecf-a43326686b1a-6.job
- [2015/09/07 21:41:54 | 000,005,474 | ---- | C] () -- C:\Windows\tasks\cbda1388-caa9-4039-9ecf-a43326686b1a-7.job
- [2015/09/07 21:41:49 | 000,004,450 | ---- | C] () -- C:\Windows\tasks\cbda1388-caa9-4039-9ecf-a43326686b1a-3.job
- [2015/09/07 21:41:39 | 000,002,068 | ---- | C] () -- C:\Windows\tasks\cbda1388-caa9-4039-9ecf-a43326686b1a-10_user.job
- [2015/09/07 21:39:18 | 000,018,248 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
- [2015/09/07 21:36:26 | 000,000,248 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
- [2015/09/07 21:36:25 | 000,000,256 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
- [2015/09/07 21:34:48 | 000,002,426 | ---- | C] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-5_user.job
- [2015/09/07 21:34:45 | 000,002,426 | ---- | C] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-5.job
- [2015/09/07 21:33:29 | 000,003,118 | ---- | C] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-1-6.job
- [2015/09/07 21:33:28 | 000,003,454 | ---- | C] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-1-7.job
- [2015/09/07 21:33:10 | 000,004,474 | ---- | C] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-4.job
- [2015/09/07 21:32:42 | 000,005,498 | ---- | C] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-6.job
- [2015/09/07 21:32:40 | 000,005,498 | ---- | C] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-7.job
- [2015/09/07 21:32:19 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
- [2015/09/07 21:32:18 | 000,004,474 | ---- | C] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-3.job
- [2015/09/07 21:32:18 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
- [2015/09/07 21:32:15 | 000,000,004 | ---- | C] () -- C:\Windows\System32\029B560A371F4E00AB32838EBC01B9E7
- [2015/09/07 21:32:07 | 000,002,092 | ---- | C] () -- C:\Windows\tasks\50dc9e50-0b3a-4036-ab03-e787a5059eb4-10_user.job
- [2015/09/07 21:24:26 | 000,000,489 | ---- | C] () -- C:\Users\tittus\Desktop\Power Options - Shortcut.lnk
- [2015/09/07 21:16:23 | 000,002,344 | ---- | C] () -- C:\Users\tittus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
- [2015/09/07 21:15:50 | 000,001,046 | ---- | C] () -- C:\Windows\tasks\Crossbrowse.job
- [2015/09/07 21:14:22 | 000,002,368 | ---- | C] () -- C:\Users\tittus\Application Data\Microsoft\Internet Explorer\Quick Launch\Crossbrowse.lnk
- [2015/09/06 22:33:09 | 000,018,200 | ---- | C] () -- C:\Windows\System32\roboot.exe
- [2015/09/02 19:51:09 | 000,000,102 | ---- | C] () -- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
- [2015/08/16 14:37:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01009.Wdf
- [2015/08/14 19:31:18 | 000,000,839 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BimaTRI.lnk
- [2015/08/14 19:31:17 | 000,000,827 | ---- | C] () -- C:\Users\Public\Desktop\BimaTRI.lnk
- [2015/03/22 08:50:12 | 000,657,209 | ---- | C] () -- C:\Windows\Condition Zero Uninstaller.exe
- [2015/03/21 19:38:11 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ChgService.exe
- [2015/03/19 21:49:22 | 004,229,086 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
- [color=#E56717]========== ZeroAccess Check ==========[/color]
- [2009/07/14 11:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
- [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
- [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
- [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
- "" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 04:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
- "ThreadingModel" = Apartment
- [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
- "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
- "ThreadingModel" = Free
- [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
- "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 08:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
- "ThreadingModel" = Both
- [color=#E56717]========== LOP Check ==========[/color]
- [2015/09/11 22:42:05 | 000,000,000 | ---D | M] -- C:\Users\tittus\AppData\Roaming\.minecraft
- [2015/09/07 21:43:57 | 000,000,000 | -HSD | M] -- C:\Users\tittus\AppData\Roaming\AnyProtectEx
- [2015/09/12 10:53:49 | 000,000,000 | ---D | M] -- C:\Users\tittus\AppData\Roaming\Autodesk
- [2015/03/30 16:09:13 | 000,000,000 | ---D | M] -- C:\Users\tittus\AppData\Roaming\BimaTRI
- [2015/09/12 14:54:09 | 000,000,000 | ---D | M] -- C:\Users\tittus\AppData\Roaming\DMCache
- [2015/03/21 18:38:32 | 000,000,000 | ---D | M] -- C:\Users\tittus\AppData\Roaming\eTeks
- [2015/09/12 10:56:17 | 000,000,000 | ---D | M] -- C:\Users\tittus\AppData\Roaming\IDM
- [2015/09/02 20:06:46 | 000,000,000 | ---D | M] -- C:\Users\tittus\AppData\Roaming\IQIYI Video
- [2015/09/12 13:34:56 | 000,000,000 | ---D | M] -- C:\Users\tittus\AppData\Roaming\MoMo - Web Browser Optimize
- [2015/04/10 10:10:46 | 000,000,000 | ---D | M] -- C:\Users\tittus\AppData\Roaming\MPC-HC
- [2015/07/26 09:13:57 | 000,000,000 | ---D | M] -- C:\Users\tittus\AppData\Roaming\openBVE
- [2015/09/02 20:06:18 | 000,000,000 | ---D | M] -- C:\Users\tittus\AppData\Roaming\ppslog
- [2015/09/06 22:56:25 | 000,000,000 | ---D | M] -- C:\Users\tittus\AppData\Roaming\Smadav
- [2015/09/07 21:39:37 | 000,000,000 | ---D | M] -- C:\Users\tittus\AppData\Roaming\systweak
- [color=#E56717]========== Purity Check ==========[/color]
- [color=#E56717]========== Alternate Data Streams ==========[/color]
- @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:56E2E879
- < End of report >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement