aufa

OTL logfile created on: 29/04/2017 2:54:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\GAVA MEDIA\Desktop
64bit- Enterprise Edition N  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16438)
Locale: 00000421 | Country: Indonesia | Language: IND | Date Format: dd/MM/yyyy

3,89 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 73,02% Memory free
4,58 Gb Paging File | 3,49 Gb Available in Paging File | 76,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,67 Gb Total Space | 14,40 Gb Free Space | 12,35% Space Free | Partition Type: NTFS
Drive E: | 175,78 Gb Total Space | 13,22 Gb Free Space | 7,52% Space Free | Partition Type: NTFS
Drive F: | 172,79 Gb Total Space | 11,75 Gb Free Space | 6,80% Space Free | Partition Type: NTFS

Computer Name: ASUS | User Name: GAVA MEDIA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\GAVA MEDIA\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe (AnchorFree Inc.)
PRC - C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe ()
PRC - C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe ()
PRC - C:\Program Files (x86)\SMADAV\SMΔRTP.exe (Smadsoft)
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software LLC)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Users\GAVA MEDIA\AppData\Local\TECHP-Browser\prtsvc.exe ()
PRC - C:\Program Files (x86)\ArcGIS\License10.3\bin\ARCGIS.exe (ESRI)
PRC - C:\Program Files (x86)\ArcGIS\License10.3\bin\lmgrd.exe (Flexera Software LLC)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe ()
MOD - C:\Program Files (x86)\SMADAV\SM?RTP.exe ()
MOD - C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ()


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - (TrueKeyServiceHelper) -- C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe (McAfee, Inc.)
SRV:[b]64bit:[/b] - (TrueKeyScheduler) -- C:\Program Files\TrueKey\McTkSchedulerService.exe (McAfee, Inc.)
SRV:[b]64bit:[/b] - (TrueKey) -- C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe (McAfee, Inc.)
SRV:[b]64bit:[/b] - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe (McAfee, Inc.)
SRV:[b]64bit:[/b] - (rtop) -- C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe ()
SRV:[b]64bit:[/b] - (ByteFenceService) -- C:\Program Files\ByteFence\ByteFenceService.exe (Byte Technologies LLC)
SRV:[b]64bit:[/b] - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (MsKeyboardFilter) -- C:\Windows\SysNative\KeyboardFilterSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Intel(R) -- C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe (Intel(R) Corporation)
SRV:[b]64bit:[/b] - (Intel(R) -- C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Intel(R) Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe (AnchorFree Inc.)
SRV - (uSHAREitSvc) -- C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe (SHAREit Technologies Co.Ltd)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software LLC)
SRV - (prtsvc) -- C:\Users\GAVA MEDIA\AppData\Local\TECHP-Browser\prtsvc.exe ()
SRV - (ArcGIS License Manager) -- C:\Program Files (x86)\ArcGIS\License10.3\bin\lmgrd.exe (Flexera Software LLC)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUSTek Computer Inc.)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes)
DRV:[b]64bit:[/b] - (IntelHaxm) -- C:\Windows\SysNative\drivers\IntelHaxm.sys (Intel  Corporation)
DRV:[b]64bit:[/b] - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:[b]64bit:[/b] - (ssudserd) -- C:\Windows\SysNative\drivers\ssudserd.sys (Samsung Electronics Co., Ltd.)
DRV:[b]64bit:[/b] - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (Samsung Electronics Co., Ltd.)
DRV:[b]64bit:[/b] - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (Samsung Electronics Co., Ltd.)
DRV:[b]64bit:[/b] - (DFX12) -- C:\Windows\SysNative\drivers\dfx12x64.sys (Windows (R) Win 7 DDK provider)
DRV:[b]64bit:[/b] - (XQHDrv) -- C:\Windows\SysNative\drivers\XQHDrv.sys (BigNox Corporation)
DRV:[b]64bit:[/b] - (DFX11_1) -- C:\Windows\SysNative\drivers\dfx11_1x64.sys (Windows (R) Win 7 DDK provider)
DRV:[b]64bit:[/b] - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:[b]64bit:[/b] - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:[b]64bit:[/b] - (ATP) -- C:\Windows\SysNative\drivers\AsusTP.sys (ASUS Corporation)
DRV:[b]64bit:[/b] - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (TXEIx64) -- C:\Windows\SysNative\drivers\TXEIx64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (RTL8168) -- C:\Windows\SysNative\drivers\Rt630x64.sys (Realtek                                            )
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athwbx.sys (Qualcomm Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:[b]64bit:[/b] - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:[b]64bit:[/b] - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (iaioi2c) -- C:\Windows\SysNative\drivers\iaioi2ce.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (GPIO) -- C:\Windows\SysNative\drivers\iaiogpioe.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (MBI) -- C:\Windows\SysNative\drivers\MBI.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (HIDSwitch) -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys (ASUS)
DRV:[b]64bit:[/b] - (kbldfltr) -- C:\Windows\SysNative\drivers\kbldfltr.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Vid) -- C:\Windows\SysNative\drivers\Vid.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vmbusr) -- C:\Windows\SysNative\drivers\vmbusr.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (storvsp) -- C:\Windows\SysNative\drivers\storvsp.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vpcivsp) -- C:\Windows\SysNative\drivers\vpcivsp.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:[b]64bit:[/b] - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:[b]64bit:[/b] - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:[b]64bit:[/b] - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:[b]64bit:[/b] - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (ReFS) -- C:\Windows\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:[b]64bit:[/b] - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (RSBASTOR) -- C:\Windows\SysNative\drivers\RtsBaStor.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:[b]64bit:[/b] - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:[b]64bit:[/b] - (tapoas) -- C:\Windows\SysNative\drivers\tapoas.sys (The OpenVPN Project)
DRV:[b]64bit:[/b] - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:[b]64bit:[/b] - (REN2CAP_DRIVER) -- C:\Windows\SysNative\drivers\ren2cap.sys ()
DRV:[b]64bit:[/b] - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV - (AFTrafMgr1.2) -- C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_2_64.sys (AnchorFree Inc.)
DRV - (hwinterface) -- C:\Windows\SysWOW64\drivers\hwinterface.sys (Logix4u)
DRV - (XQHDrv) -- C:\Windows\SysWOW64\drivers\XQHDrv.sys (BigNox Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUSTek Computer Inc.)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3C}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{5e7797ae-5ca1-4b50-95d8-97e746340487}: "URL" = [String data over 1000 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://smartsputnik.ru/?ri=1&uid=eac954ae850660e68614d890f9e9b94e&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://smartsputnik.ru/?ri=1&uid=eac954ae850660e68614d890f9e9b94e&q=
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5e7797ae-5ca1-4b50-95d8-97e746340487}: "URL" = [String data over 1000 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://u.msn.com/id-id/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = id-ID
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 67 D6 A1 78 66 D1 01  [binary data]
IE - HKCU\..\URLSearchHook: {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No CLSID value found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3C}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" =
IE - HKCU\..\SearchScopes\{5e7797ae-5ca1-4b50-95d8-97e746340487}: "URL" = [String data over 1000 bytes]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "ID"
FF - prefs.js..browser.search.region: "ID"
FF - prefs.js..browser.search.selectedEngine: "Palikan"
FF - prefs.js..browser.startup.homepage: "https://www.malwarebytes.org/restorebrowser//?f=1&a=plk_coinisrs_17_08_ssg01&cd=2XzuyEtN2Y1L1Qzu0A0C0ByDyB0Dzy0B0E0D0BtB0DtDtA0BtN0D0Tzu0StCzzyByBtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StByByD0BtByBzz0CtGyC0EzztBtGyEyCzy0EtGtAtAtC0BtGtAyDtDyByC0FtBtDtBzytByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtAtAyCtCtC0E0DtG0AyC0EtDtGyEzyzzyDtGzy0A0C0FtGzzyE0C0DtC0A0DtC0AzzyBzz2QtN0A0LzutB&cr=2098784095&ir="
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.0.2
FF - prefs.js..keyword.URL: true
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.11.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.11.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npAndroidAssistant: C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll (腾讯公司)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0.2\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0.2\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\GAVA MEDIA\AppData\Roaming\IDM\idmmzcc5 [2015/07/02 15:15:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\GAVA MEDIA\AppData\Roaming\IDM\idmmzcc5 [2015/07/02 15:15:05 | 000,000,000 | ---D | M]

[2015/07/08 01:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GAVA MEDIA\AppData\Roaming\Mozilla\Extensions
[2017/04/03 17:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GAVA MEDIA\AppData\Roaming\Mozilla\Firefox\Profiles\w82ciju9.default\extensions
[2017/04/03 17:20:00 | 000,007,704 | ---- | M] () (No name found) -- C:\Users\GAVA MEDIA\AppData\Roaming\Mozilla\Firefox\Profiles\w82ciju9.default\features\{5c5c37aa-e42d-4208-a774-d6ef77059080}\aushelper@mozilla.org.xpi
[2017/04/03 17:20:00 | 000,005,527 | ---- | M] () (No name found) -- C:\Users\GAVA MEDIA\AppData\Roaming\Mozilla\Firefox\Profiles\w82ciju9.default\features\{5c5c37aa-e42d-4208-a774-d6ef77059080}\diagnostics@mozilla.org.xpi
[2017/04/03 17:20:01 | 000,008,857 | ---- | M] () (No name found) -- C:\Users\GAVA MEDIA\AppData\Roaming\Mozilla\Firefox\Profiles\w82ciju9.default\features\{5c5c37aa-e42d-4208-a774-d6ef77059080}\disableSHA1rollout@mozilla.org.xpi
[2017/04/03 17:20:01 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\GAVA MEDIA\AppData\Roaming\Mozilla\Firefox\Profiles\w82ciju9.default\features\{5c5c37aa-e42d-4208-a774-d6ef77059080}\e10srollout@mozilla.org.xpi
[2017/04/03 17:20:01 | 000,005,336 | ---- | M] () (No name found) -- C:\Users\GAVA MEDIA\AppData\Roaming\Mozilla\Firefox\Profiles\w82ciju9.default\features\{5c5c37aa-e42d-4208-a774-d6ef77059080}\hsts-priming@mozilla.org.xpi
[2012/10/01 20:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2009/12/21 18:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll

[color=#E56717]========== Chrome  ==========[/color]

CHR - Extension: No name found = C:\Users\GAVA MEDIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\GAVA MEDIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\GAVA MEDIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\GAVA MEDIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\GAVA MEDIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnibclkcmchpmfgnpnpnhanmfapffcjn\1.5.0_0\
CHR - Extension: No name found = C:\Users\GAVA MEDIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\GAVA MEDIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\GAVA MEDIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb\2.2.0_0\
CHR - Extension: No name found = C:\Users\GAVA MEDIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\GAVA MEDIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.21_1\
CHR - Extension: No name found = C:\Users\GAVA MEDIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk\2.1.26_0\
CHR - Extension: No name found = C:\Users\GAVA MEDIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgfhaplbolbklbifbhiplbcldlbbamfc\2.6.5_0\
CHR - Extension: No name found = C:\Users\GAVA MEDIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\
CHR - Extension: No name found = C:\Users\GAVA MEDIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm\3.1_0\
CHR - Extension: No name found = C:\Users\GAVA MEDIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\GAVA MEDIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\

O1 HOSTS File: ([2017/04/29 02:47:36 | 000,002,052 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.1	mssplus.mcafee.com
O1 - Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
O1 - Hosts: 0.0.0.0 media.opencandy.com
O1 - Hosts: 0.0.0.0 cdn.opencandy.com
O1 - Hosts: 0.0.0.0 tracking.opencandy.com
O1 - Hosts: 0.0.0.0 api.opencandy.com
O1 - Hosts: 0.0.0.0 api.recommendedsw.com
O1 - Hosts: 0.0.0.0 installer.betterinstaller.com
O1 - Hosts: 0.0.0.0 installer.filebulldog.com
O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
O1 - Hosts: 0.0.0.0 inno.bisrv.com
O1 - Hosts: 0.0.0.0 nsis.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.file2desktop.com
O1 - Hosts: 0.0.0.0 cdn.goateastcach.us
O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us
O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com
O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com
O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com
O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us
O1 - Hosts: 0.0.0.0 cdn.montiera.com
O1 - Hosts: 0.0.0.0 cdn.msdwnld.com
O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com
O1 - Hosts: 0.0.0.0 cdn.ppdownload.com
O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us
O1 - Hosts: 12 more lines...
O2:[b]64bit:[/b] - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:[b]64bit:[/b] - BHO: (True Key Helper) - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll (Intel Security)
O2:[b]64bit:[/b] - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (True Key Helper) - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll (Intel Security)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Ó¦ÓÃ±¦Ò»¼ü°²×°²å¼þ) - {50F4150A-48B2-417A-BE4C-C83F580FB904} - C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll (腾讯公司)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (True Key) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll (Intel Security)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (True Key) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll (Intel Security)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (True Key) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll (Intel Security)
O3 - HKCU\..\Toolbar\WebBrowser: (True Key) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll (Intel Security)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [DFX] C:\Program Files (x86)\DFX\DFX.exe ()
O4 - HKLM..\Run: [SMΔRT-Protection] C:\Program Files (x86)\Smadav\SMΔRTP.exe (Smadsoft)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKCU..\Run: [Chromium] c:\users\gava media\appdata\local\chromium\application\chrome.exe (The Chromium Authors)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DLPDFEditorUpdateChecker] "0\DLPDFEditorUpdateChecker.exe" File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: hola.org ([]http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC52DAC6-2A7A-42D6-9B5D-0D1C66BFF936}: DhcpNameServer = 192.168.0.1
O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O30:[b]64bit:[/b] - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ac420e2-66d8-11e5-9c39-08626668ee9c}\Shell - "" = AutoRun
O33 - MountPoints2\{2ac420e2-66d8-11e5-9c39-08626668ee9c}\Shell\AutoRun\command - "" = "G:\Setup.exe" /s
O33 - MountPoints2\{7ef3ca40-03c0-11e6-9c87-08626668ee9c}\Shell - "" = AutoRun
O33 - MountPoints2\{7ef3ca40-03c0-11e6-9c87-08626668ee9c}\Shell\AutoRun\command - "" = "H:\Setup.exe" /s
O33 - MountPoints2\{e636ff96-5f75-11e5-9c35-08626668ee9c}\Shell - "" = AutoRun
O33 - MountPoints2\{e636ff96-5f75-11e5-9c35-08626668ee9c}\Shell\AutoRun\command - "" = "G:\Setup.exe" /s
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2017/04/29 02:51:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\GAVA MEDIA\Desktop\OTL.exe
[2017/04/28 20:51:24 | 000,000,000 | ---D | C] -- C:\Users\GAVA MEDIA\Desktop\New folder (4)
[2017/04/26 04:49:17 | 000,000,000 | ---D | C] -- C:\Users\GAVA MEDIA\AppData\Roaming\Google
[2017/04/21 01:24:56 | 000,000,000 | ---D | C] -- C:\Users\GAVA MEDIA\Desktop\auto
[2017/04/19 18:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ezkeyword
[2017/04/19 00:08:03 | 000,000,000 | ---D | C] -- C:\Users\GAVA MEDIA\Desktop\IDM 7.1 Full portable
[2017/04/09 00:11:43 | 000,000,000 | ---D | C] -- C:\Users\GAVA MEDIA\Desktop\as
[2017/04/08 07:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2017/04/07 20:34:10 | 000,223,464 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2017/04/03 21:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ezkeyword
[2017/04/03 17:30:48 | 000,000,000 | ---D | C] -- C:\Users\GAVA MEDIA\AppData\Roaming\Xiaomi
[2017/04/03 17:12:21 | 000,000,000 | ---D | C] -- C:\Users\GAVA MEDIA\Desktop\MiFlashUnlock_1.1.0317.1_en
[2017/04/03 17:04:06 | 000,000,000 | ---D | C] -- C:\Users\GAVA MEDIA\AppData\Roaming\TeamViewer
[2017/04/03 17:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2017/04/01 00:47:07 | 000,000,000 | ---D | C] -- C:\Users\GAVA MEDIA\Desktop\ez
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\GAVA MEDIA\Desktop\*.tmp files -> C:\Users\GAVA MEDIA\Desktop\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2017/04/29 02:51:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GAVA MEDIA\Desktop\OTL.exe
[2017/04/29 02:48:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017/04/29 02:46:33 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2017/04/29 02:46:30 | 3340,861,440 | -HS- | M] () -- C:\hiberfil.sys
[2017/04/29 00:22:44 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2017/04/27 06:14:28 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\True Key.lnk
[2017/04/27 05:57:20 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\McAfee Remediation (Prepare).job
[2017/04/27 00:52:14 | 000,076,292 | ---- | M] () -- C:\Users\GAVA MEDIA\Desktop\SLIP_SBMPTN_11799923109.jpg
[2017/04/26 18:02:52 | 000,863,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017/04/26 18:02:52 | 000,722,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2017/04/26 18:02:52 | 000,135,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017/04/20 23:40:53 | 000,333,146 | ---- | M] () -- C:\Users\GAVA MEDIA\Desktop\kartini-abadi.png
[2017/04/20 10:38:45 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2017/04/19 18:47:09 | 000,001,041 | ---- | M] () -- C:\Users\GAVA MEDIA\Desktop\ezkeyword.lnk
[2017/04/19 15:26:28 | 000,002,309 | ---- | M] () -- C:\Users\GAVA MEDIA\Desktop\Google Chrome.lnk
[2017/04/19 15:26:28 | 000,002,309 | ---- | M] () -- C:\Users\GAVA MEDIA\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2017/04/13 15:30:08 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2017/04/08 07:13:09 | 000,001,986 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2017/04/03 19:00:30 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2017/04/03 18:50:32 | 002,493,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2017/04/03 17:11:47 | 002,104,201 | ---- | M] () -- C:\Users\GAVA MEDIA\Desktop\MiFlashUnlock_1.1.0317.1_en.zip
[2017/04/01 22:36:25 | 031,490,009 | ---- | M] (ciptafile.com                                               ) -- C:\Users\GAVA MEDIA\Desktop\ezkeyword.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\GAVA MEDIA\Desktop\*.tmp files -> C:\Users\GAVA MEDIA\Desktop\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2017/04/27 06:14:28 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\True Key.lnk
[2017/04/27 00:52:12 | 000,076,292 | ---- | C] () -- C:\Users\GAVA MEDIA\Desktop\SLIP_SBMPTN_11799923109.jpg
[2017/04/20 23:40:53 | 000,333,146 | ---- | C] () -- C:\Users\GAVA MEDIA\Desktop\kartini-abadi.png
[2017/04/19 18:47:09 | 000,001,041 | ---- | C] () -- C:\Users\GAVA MEDIA\Desktop\ezkeyword.lnk
[2017/04/19 00:22:17 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2017/04/03 19:00:30 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2017/04/03 17:11:38 | 002,104,201 | ---- | C] () -- C:\Users\GAVA MEDIA\Desktop\MiFlashUnlock_1.1.0317.1_en.zip
[2017/04/03 17:04:06 | 000,001,065 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
[2016/11/15 12:56:56 | 000,000,047 | ---- | C] () -- C:\Windows\ncStarter.INI
[2016/09/23 23:16:30 | 000,131,072 | RHS- | C] ( ) -- C:\Windows\SysWow64\csrss.exe
[2016/07/17 16:24:30 | 000,000,600 | ---- | C] () -- C:\Users\GAVA MEDIA\AppData\Roaming\winscp.rnd
[2016/07/15 10:48:41 | 000,872,506 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2016/02/14 16:51:29 | 000,005,120 | ---- | C] () -- C:\Users\GAVA MEDIA\AppData\Roaming\GiftBag.db
[2016/02/11 18:42:24 | 000,000,017 | ---- | C] () -- C:\Users\GAVA MEDIA\AppData\Local\resmon.resmoncfg
[2016/01/25 21:53:59 | 000,000,008 | RHS- | C] () -- C:\Users\GAVA MEDIA\ntuser.pol
[2016/01/19 11:04:55 | 002,681,364 | ---- | C] () -- C:\Users\GAVA MEDIA\AppData\Roaming\sb328.dat
[2016/01/19 11:04:28 | 000,396,288 | ---- | C] () -- C:\Users\GAVA MEDIA\AppData\Roaming\Setup39967.exe
[2015/12/09 01:52:52 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\PROTOCOL.INI
[2015/08/06 16:51:46 | 039,028,974 | ---- | C] () -- C:\Users\GAVA MEDIA\tecsnd1.uha
[2015/08/06 16:51:43 | 062,295,583 | ---- | C] () -- C:\Users\GAVA MEDIA\tecsnd0.uha
[2015/08/06 16:51:43 | 005,016,988 | ---- | C] () -- C:\Users\GAVA MEDIA\tecmisc0.uha
[2015/08/06 16:51:43 | 000,781,154 | ---- | C] () -- C:\Users\GAVA MEDIA\tecmisc1.uha
[2015/08/06 16:51:40 | 053,043,788 | ---- | C] () -- C:\Users\GAVA MEDIA\tecmesh.uha
[2015/08/06 16:51:40 | 007,679,605 | ---- | C] () -- C:\Users\GAVA MEDIA\tecmaps.uha
[2015/08/06 16:51:40 | 005,505,532 | ---- | C] () -- C:\Users\GAVA MEDIA\tecdll.uha
[2015/08/06 16:51:40 | 000,344,042 | ---- | C] () -- C:\Users\GAVA MEDIA\tecmain.uha
[2015/08/06 16:51:39 | 008,842,694 | ---- | C] () -- C:\Users\GAVA MEDIA\tecanim.uha
[2015/08/06 16:51:39 | 000,100,864 | ---- | C] () -- C:\Users\GAVA MEDIA\Tecuha.exe
[2015/08/06 16:51:39 | 000,001,685 | ---- | C] () -- C:\Users\GAVA MEDIA\_Unpak.bat
[2015/08/03 15:11:29 | 000,000,218 | ---- | C] () -- C:\Users\GAVA MEDIA\.recently-used.xbel
[2015/07/18 03:10:42 | 000,000,273 | ---- | C] () -- C:\Users\GAVA MEDIA\AppData\Roaming\WB.CFG
[2015/07/09 02:21:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/07/08 00:45:30 | 000,005,296 | ---- | C] () -- C:\Windows\SysWow64\Wisuahype.ini
[2015/07/08 00:45:30 | 000,003,016 | ---- | C] () -- C:\Windows\SysWow64\WisuahypeOff.ini
[2015/07/08 00:28:04 | 000,000,000 | ---- | C] () -- C:\Windows\prleth.sys
[2015/07/08 00:28:04 | 000,000,000 | ---- | C] () -- C:\Windows\hgfs.sys
[2015/07/02 18:38:22 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2015/07/02 16:43:09 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2015/07/02 16:43:09 | 000,000,008 | RHS- | C] () -- C:\ProgramData\7DFF748DE8.sys
[2015/07/01 15:55:54 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2015/07/01 14:50:44 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015/07/01 14:45:43 | 000,299,520 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2015/07/01 14:45:42 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2015/07/01 14:45:26 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2015/09/06 20:49:51 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/15 00:46:31 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/15 00:46:31 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 16:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 09:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 16:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2016/11/07 19:39:40 | 000,000,000 | -H-D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\249BD025
[2016/07/15 11:09:56 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\Andy
[2016/02/16 10:11:40 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\api--1-0
[2016/06/09 16:39:04 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\DAEMON Tools Lite
[2017/04/07 19:38:01 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\DMCache
[2016/06/07 03:43:12 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\ESRI
[2017/03/01 16:42:57 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\FileZilla
[2015/08/15 21:00:25 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\gtk-2.0
[2016/12/04 17:58:22 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\Hola
[2016/12/02 07:20:27 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\Hotspot Shield
[2017/04/18 23:54:01 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\IDM
[2016/11/22 04:55:24 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\JetBrains
[2016/01/27 13:53:14 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\kingsoft
[2016/02/21 00:44:13 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\MegaTypers
[2016/01/20 09:03:20 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\mgyun
[2017/01/09 00:38:41 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\MiniLyrics
[2016/03/19 01:02:22 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\MiniUpgrade
[2016/03/20 20:36:30 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\MPC-HC
[2016/11/15 00:10:47 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\Nox
[2017/01/30 01:50:54 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\PhotoScape
[2015/08/11 11:12:21 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\Rovio
[2017/04/29 02:48:29 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\Smadav
[2016/01/26 16:05:39 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\software
[2016/03/19 01:02:07 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\talimama
[2017/04/03 17:04:06 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\TeamViewer
[2016/07/21 14:46:37 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\Tencent
[2016/10/31 05:13:42 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\Umeng
[2016/06/06 21:18:43 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\uTorrent
[2016/06/03 23:03:01 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\WarThunder
[2016/01/27 13:53:45 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\wps
[2017/04/03 17:30:48 | 000,000,000 | ---D | M] -- C:\Users\GAVA MEDIA\AppData\Roaming\Xiaomi

[color=#E56717]========== Purity Check ==========[/color]


[color=#E56717]========== Files - Unicode (All) ==========[/color]
(C:\Users\GAVA MEDIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\GAVA MEDIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件

< End of report >

OTL Extras logfile created on: 29/04/2017 2:54:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\GAVA MEDIA\Desktop
64bit- Enterprise Edition N  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16438)
Locale: 00000421 | Country: Indonesia | Language: IND | Date Format: dd/MM/yyyy

3,89 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 73,02% Memory free
4,58 Gb Paging File | 3,49 Gb Available in Paging File | 76,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,67 Gb Total Space | 14,40 Gb Free Space | 12,35% Space Free | Partition Type: NTFS
Drive E: | 175,78 Gb Total Space | 13,22 Gb Free Space | 7,52% Space Free | Partition Type: NTFS
Drive F: | 172,79 Gb Total Space | 11,75 Gb Free Space | 6,80% Space Free | Partition Type: NTFS

Computer Name: ASUS | User Name: GAVA MEDIA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTM.HJRO7HSOVI2IUMPTO7PJB5GWVU] -- C:\Users\GAVA MEDIA\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [ByteFence Folder Scan] -- "C:\Program Files\ByteFence\ByteFenceScan.exe" /scan:"%1" (Byte Technologies LLC)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc64.enqueue] -- "C:\Program Files (x86)\K-Lite Codec Pack 2\MPC-HC64\mpc-hc64.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc64.play] -- "C:\Program Files (x86)\K-Lite Codec Pack 2\MPC-HC64\mpc-hc64.exe" "%1" (MPC-HC Team)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [SHAREit] -- C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe /waitfile:%1 (SHAREit Technologies Co.Ltd)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [ByteFence Folder Scan] -- "C:\Program Files\ByteFence\ByteFenceScan.exe" /scan:"%1" (Byte Technologies LLC)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc64.enqueue] -- "C:\Program Files (x86)\K-Lite Codec Pack 2\MPC-HC64\mpc-hc64.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc64.play] -- "C:\Program Files (x86)\K-Lite Codec Pack 2\MPC-HC64\mpc-hc64.exe" "%1" (MPC-HC Team)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [SHAREit] -- C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe /waitfile:%1 (SHAREit Technologies Co.Ltd)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = A6 4E 27 AC 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{182E32F2-4D44-4089-8DA5-F5B574F74AC0}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{280B9725-E658-49E2-A9DC-47F53BCB64A7}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{47C074EC-D026-4D8A-B706-886EBBFA5863}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{9A91BAC8-AADC-4DD4-8634-47771800914C}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{B290445F-E5B4-4781-BE28-F25ADDB711AC}" = lport=5353 | protocol=17 | dir=in | app=c:\users\gava media\appdata\local\chromium\application\chrome.exe |
"{CD18F8FB-3D91-44D6-A486-DDDC734B977D}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{DB73515C-C516-43F9-80D8-D0D2CE6A5FD3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018B7B3F-72E2-49FF-BC9C-94A0FF56C9AC}" = protocol=6 | dir=in | app=c:\program files (x86)\mypublicwifi\mypublicwifi.exe |
"{044CAE66-A987-4BDF-AF43-23F09F99E56C}" = dir=out | app=c:\users\gava media\appdata\local\temp\andy-x64\setup.exe |
"{05B59494-8963-4917-8E26-F99F80BD01BC}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{0981FDFD-8718-4373-B1B7-74BB8478E110}" = dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe |
"{09BB3F49-7C44-4D67-8346-851E2FEAAD44}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{10C74109-91E4-4355-8625-870B15013A66}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{1899C94C-5F4F-452D-83E1-E49281A30BEA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{18F7F0CB-8DB8-471D-A450-DF7BDDFC3EA2}" = dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\131\tencentdl.exe |
"{28F9F8C2-AE23-4ED9-A86E-D84EF8039B9D}" = protocol=6 | dir=in | name=abrir puertos 27000-27009 |
"{2A5AAA93-CD55-4167-BE54-C75D1AFFA37F}" = dir=out | name=@{microsoft.bingsports_3.0.4.345_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{2C163E4B-7404-4B10-A982-10C85ADB3774}" = dir=out | app=c:\program files\andy\setupfiles\uninstall.exe |
"{311B1178-D978-456C-B961-14BF9D8DF154}" = dir=out | name=windows_ie_ac_001 |
"{37400CD0-C3A9-459F-9FDE-978CD1E6907D}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{3ACAA342-DD38-469F-9BEB-B2CFC570471F}" = dir=in | app=c:\program files (x86)\tencent\qqpcmgr\11.6.17602.210\plugins\checkpcmgrupdate.exe |
"{3C52CEF3-AFFC-41C3-AF1E-4C43D3BCF87C}" = dir=in | name=f5.vpn.client |
"{3D3F77BC-AC26-4344-AC2F-FA2E296339DF}" = dir=in | app=c:\program files\andy\andy.exe |
"{4027DAD1-4690-4BCB-87E4-F278EDDE9865}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{43D32C04-3571-4F55-BA1D-AA1689E1D7B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{46A435FD-B170-4B30-AEF7-3C45C5C5AFD4}" = dir=in | app=c:\program files\andy\setupfiles\uninstall.exe |
"{4A3AA50E-B086-4914-9F86-E598965686BE}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{4AA00625-946D-43EB-AFFE-BD2E002ED558}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{4CBB5E7E-22D3-43FF-B0D3-AD5E8D7F1A1A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{4CF5C462-C198-4BDE-A084-C99AB1AC122C}" = protocol=17 | dir=in | app=c:\program files (x86)\shareit technologies\shareit\shareit.exe |
"{53FCDD00-AB9D-4611-A574-92D29B016316}" = dir=out | name=@{microsoft.bingweather_3.0.4.350_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{55B99A2E-C70A-4B20-B3F6-3EADA8E8CF6D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5E10FDE8-4F37-4B25-8570-7B632171A0C0}" = dir=out | name=@{microsoft.bingtravel_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{5FB08332-0A2D-498C-A2BD-7E1C33D72153}" = protocol=6 | dir=in | app=c:\program files (x86)\shareit technologies\shareit\shareit.exe |
"{65B3E550-8F0E-4CAF-A18B-3AE6E07EA450}" = protocol=6 | dir=in | app=c:\users\gava media\desktop\hammerheaddomain\app\firefox\firefox.exe |
"{662E2252-1EAE-46EA-B7B5-82708F07181C}" = dir=out | name=@{microsoft.bingnews_3.0.4.344_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{66C159BB-227A-42C6-B6A3-D7BF4C587CE2}" = protocol=6 | dir=in | app=c:\program files (x86)\shareit technologies\shareit\shareit.exe |
"{6A2CF76B-96D4-458B-8C0D-CEE5520C0930}" = protocol=17 | dir=in | app=c:\program files (x86)\shareit technologies\shareit\shareit.exe |
"{707D823A-412B-4794-ADD3-AC6E076419E1}" = dir=out | name=f5.vpn.client |
"{70EB8721-183C-4211-92D0-49AED5858518}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{727C2449-4F98-4BA2-85A3-75EE2500C8A7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{73759FD4-C3DC-4E3B-87E3-C9EDDF71BF85}" = dir=in | name=junipernetworks.junospulsevpn |
"{7D7DCFA8-E8B3-400B-9DFD-ECABA61F8873}" = dir=out | name=junipernetworks.junospulsevpn |
"{836DB9ED-1128-443C-8935-98D98E24E187}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{8381BC2A-6338-4D50-96E4-3F3AB00BFABB}" = dir=out | app=c:\program files\andy\andyconsole.exe |
"{8566E6CE-8413-44D8-9851-B9DF55D55124}" = protocol=17 | dir=in | app=c:\program files (x86)\mypublicwifi\mypublicwifi.exe |
"{86B0CE3B-19E3-4D23-BB1C-77698EC78201}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{96020BB7-32DB-48C1-A54B-EA8F876E256E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{9D5E1863-2075-4C42-A162-2BB38840C1D6}" = dir=in | app=c:\program files\andy\handyandy.exe |
"{9FC956DF-BB6C-4F56-A401-1FD397E092C5}" = dir=out | app=c:\program files\andy\andy.exe |
"{A4B8899F-AB69-42A0-89D0-1E86DCE6C601}" = dir=out | app=c:\users\gava media\appdata\local\temp\andy-x64\setup.exe |
"{A610FD37-00BB-4046-9B2B-D1880D734238}" = dir=in | name=sonicwall.mobileconnect |
"{A785D10E-9DDF-4DCF-9626-47F914AEA589}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{AA9173FB-DF6F-482F-B5DF-BBD60B83DCC5}" = dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe |
"{AE74E26C-9DA5-494D-81ED-934D6CB03965}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{B2FED0DD-DE5C-4D7F-9885-0446410AFA55}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B3670AAC-2BBC-40DE-9405-A93809034BD0}" = protocol=17 | dir=in | app=c:\users\gava media\desktop\hammerheaddomain\app\firefox\firefox.exe |
"{B53D282E-F35F-451A-A682-EC1AA3D97734}" = protocol=17 | dir=in | app=c:\program files (x86)\shareit technologies\shareit\shareit.exe |
"{B5AA8671-9715-40E3-9F44-939275B95B3A}" = dir=in | name=checkpoint.vpn |
"{BE2A89A1-BCA4-4438-88E1-E84392E222C5}" = dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe |
"{BF69F6F2-20C8-4DB4-8CDF-6ED746044D64}" = dir=out | app=c:\program files\andy\handyandy.exe |
"{C3F12E8C-A794-41E8-A7F0-0E160F54240B}" = dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe |
"{C9E9CBAA-FBB5-4525-95D3-0F77FBCCB057}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CB5277D4-29B5-4849-93FD-CC8BC0BA6F71}" = dir=out | name=@{microsoft.bingfinance_3.0.4.344_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{CB833BCD-5E58-4A45-8F2E-8A241A6459EA}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{CCD20E34-B40C-47B1-BC39-A2AA16607B1D}" = protocol=17 | dir=in | app=c:\users\gava media\appdata\roaming\utorrent\utorrent.exe |
"{D00EA503-F556-4412-BFCC-F7A7501EF150}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{DA5D22FA-32A4-4A38-A440-BE4E562C7107}" = protocol=6 | dir=in | app=c:\program files (x86)\shareit technologies\shareit\shareit.exe |
"{DEC73439-31BD-4846-A410-F5FB3F03F965}" = protocol=6 | dir=in | app=c:\users\gava media\appdata\roaming\utorrent\utorrent.exe |
"{E058F791-25B8-4AFD-A4BF-E98C254D0319}" = protocol=6 | dir=in | app=c:\program files\android\android studio\jre\bin\java.exe |
"{E33428A2-0388-46C7-929A-A062A6A963A5}" = dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe |
"{E3B2C8E5-A137-40C7-8692-A75230EAE655}" = dir=out | name=sonicwall.mobileconnect |
"{E41D8F24-F35A-4B85-BCE9-3371CF4A9B87}" = protocol=17 | dir=in | app=c:\program files\android\android studio\jre\bin\java.exe |
"{E91D54E8-0A80-46D9-8985-42AC103FA55A}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{E98B75B9-2F7B-4311-B4A0-AA606131DD70}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{EA36696A-978C-4550-B200-8EFEB8D0A038}" = dir=out | name=checkpoint.vpn |
"{EB2A700A-6B19-400F-B398-A2DE82485BC2}" = dir=in | app=c:\program files\andy\andyconsole.exe |
"{ECC0FF1F-3C33-4264-A48D-AECFFB930029}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{F4E45B6E-940B-432A-8481-18EA6DA49FB1}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{F831B48C-0463-46C4-A2FB-D5A16D2A48B0}" = dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe |
"{FA5A963F-F19D-4AC5-803D-E942321C02A4}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{FB696780-A938-4E59-8489-2A22A662BDC4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"TCP Query User{2069F283-FA39-4258-BB75-0555FC8F859D}C:\program files\android\android studio\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\android\android studio\jre\bin\java.exe |
"TCP Query User{8BB5D66A-3C1F-4DB6-BE77-8D0DA5D165C3}F:\games\warhammer\w40k.exe" = protocol=6 | dir=in | app=f:\games\warhammer\w40k.exe |
"TCP Query User{C9642FAE-EFB5-4B88-B5E5-82BAB8C64758}C:\users\gava media\desktop\hammerheaddomain\app\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\users\gava media\desktop\hammerheaddomain\app\firefox\firefox.exe |
"TCP Query User{EF1D3BF2-FDCC-4C47-AAEE-3B2B8FB7CCB8}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe |
"UDP Query User{3B1E93F7-9809-4500-9D6B-79056A0E7944}C:\program files\android\android studio\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\android\android studio\jre\bin\java.exe |
"UDP Query User{4B4584CF-6441-417A-BD53-AEE1E37AD085}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe |
"UDP Query User{8A9EF88A-6960-45A3-98A5-C274850A0657}C:\users\gava media\desktop\hammerheaddomain\app\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\users\gava media\desktop\hammerheaddomain\app\firefox\firefox.exe |
"UDP Query User{9A923AAC-5CBA-483C-AFAB-7A9360987363}F:\games\warhammer\w40k.exe" = protocol=17 | dir=in | app=f:\games\warhammer\w40k.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{176E2755-0A17-42C6-88E2-192AB2131278}" = Intel(R) Trusted Execution Engine
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86418011FF}" = Java 8 Update 11 (64-bit)
"{27276DC1-66AA-4B16-918D-5AB1EEDF09C6}" = Intel® Hardware Accelerated Execution Manager
"{2D6248C0-4693-4CAB-9922-F05E4015F62A}" = Intel(R) Trusted Execution Engine
"{37D41A97-6B02-4C30-8753-85107BE1D674}" = Intel® RealSense™ SDK 2014 Runtime  (x64): Core
"{42112AF2-A715-465e-B9B7-02626461E6E8}" = DL PDF Editor 1.7
"{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1" = OPPO USB Drivers 2.2.6.0
"{6307E820-0317-4DCE-AAE0-7B6CAD867055}" = Intel(R) Trusted Execution Engine Driver
"{64A3A4F4-B792-11D6-A78A-00B0D0180110}" = Java SE Development Kit 8 Update 11 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"2BEE838DC3D664A0CAB23AEA0332BB3877ED0685" = Windows Driver Package - ASUS (ATP) Mouse  (01/07/2014 1.0.0.197)
"CCleaner" = CCleaner
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 52.0.2 (x64 id)" = Mozilla Firefox 52.0.2 (x64 id)
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"TrueKey" = Intel Security True Key
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3421ebee-874e-4668-9a74-fec88239d649}" = Hotspot Shield 6.5.2
"{35DAA04C-1720-4BE3-A920-A03731EC6A1D}" = Google Earth Pro
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710C34F3-9270-4DF9-AB44-BC8D71DB24F0}" = ArcGIS 10.3 License Manager
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{83E94EF6-73FC-49AA-9A63-F02AAD7CDD7A}" = Global Mapper 15
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{884CC64A-405C-4A58-89F4-56C50EE22DCF}" = MOST
"{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1" = SMADAV version 11.0
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A0BC33A-EAA8-4ED4-8D0C-CB9B42B06D7F}" = ArcGIS 10.3 for Desktop
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AF599C42-A2E5-4251-B7EE-4925B177CBA7}" = Hotspot Shield 6.5.2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1" = CBR Reader
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"4K Video Downloader_is1" = 4K Video Downloader 4.1
"Adobe Flash Player NPAPI" = Adobe Flash Player 25 NPAPI
"Adobe Flash Player PPAPI" = Adobe Flash Player 24 PPAPI
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"ArcGIS 10.3 for Desktop" = ArcGIS 10.3 for Desktop
"ArcGIS 10.3 License Manager" = ArcGIS 10.3 License Manager
"ByteFence" = ByteFence Anti-Malware
"C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9" = Intel(R) Sideband Fabric Device Driver
"CDisplay_is1" = CDisplay 1.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"DFX" = DFX
"DjVu Solo 3.1" = DjVu Solo 3.1
"ezkeyword_is1" = ezkeyword Versi 3.0.0
"FastStone Photo Resizer" = FastStone Photo Resizer 3.7
"FileZilla Client" = FileZilla Client 3.14.1
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"HotspotShield" = Hotspot Shield 6.5.2
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 12.0.1 Full
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.1.1043
"MiniLyrics" = MiniLyrics
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenOrienteering Mapper 0.5.96" = OpenOrienteering Mapper 0.5.96 x64
"PhotoScape" = PhotoScape
"TeamViewer" = TeamViewer 12
"Universal Maps Downloader_is1" = Universal Maps Downloader 8.9
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.1.1
"Winamp" = Winamp
"www.ushareit.com_is1" = SHAREit

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Chromium" = Chromium

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 21/04/2017 20:29:02 | Computer Name = ASUS | Source = .NET Runtime | ID = 1026
Description =

Error - 21/04/2017 20:29:02 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Faulting application name: EzKeyword.exe, version: 3.0.0.0, time stamp:
 0x58f1a46f  Faulting module name: KERNELBASE.dll, version: 6.3.9600.16408, time stamp:
 0x523d4548  Exception code: 0xe0434352  Fault offset: 0x00012eec  Faulting process id:
 0x1410  Faulting application start time: 0x01d2bafee37d5021  Faulting application path:
 C:\Program Files (x86)\ezkeyword\EzKeyword.exe  Faulting module path: C:\Windows\SYSTEM32\KERNELBASE.dll
Report
 Id: aebb261f-26f2-11e7-9dbb-08626668ee9c  Faulting package full name:   Faulting package-relative
 application ID:

Error - 21/04/2017 20:29:08 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Faulting application name: EzKeyword.exe, version: 3.0.0.0, time stamp:
 0x58f1a46f  Faulting module name: KERNELBASE.dll, version: 6.3.9600.16408, time stamp:
 0x523d4548  Exception code: 0xc000041d  Fault offset: 0x00012eec  Faulting process id:
 0x1410  Faulting application start time: 0x01d2bafee37d5021  Faulting application path:
 C:\Program Files (x86)\ezkeyword\EzKeyword.exe  Faulting module path: C:\Windows\SYSTEM32\KERNELBASE.dll
Report
 Id: b21db933-26f2-11e7-9dbb-08626668ee9c  Faulting package full name:   Faulting package-relative
 application ID:

Error - 22/04/2017 2:54:25 | Computer Name = ASUS | Source = .NET Runtime | ID = 1026
Description =

Error - 22/04/2017 2:54:25 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Faulting application name: EzKeyword.exe, version: 3.0.0.0, time stamp:
 0x58f1a46f  Faulting module name: KERNELBASE.dll, version: 6.3.9600.16408, time stamp:
 0x523d4548  Exception code: 0xe0434352  Fault offset: 0x00012eec  Faulting process id:
 0xb58  Faulting application start time: 0x01d2bb004a502338  Faulting application path:
 C:\Program Files (x86)\ezkeyword\EzKeyword.exe  Faulting module path: C:\Windows\SYSTEM32\KERNELBASE.dll
Report
 Id: 85594d0c-2728-11e7-9dbb-08626668ee9c  Faulting package full name:   Faulting package-relative
 application ID:

Error - 22/04/2017 2:54:27 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Faulting application name: EzKeyword.exe, version: 3.0.0.0, time stamp:
 0x58f1a46f  Faulting module name: KERNELBASE.dll, version: 6.3.9600.16408, time stamp:
 0x523d4548  Exception code: 0xc000041d  Fault offset: 0x00012eec  Faulting process id:
 0xb58  Faulting application start time: 0x01d2bb004a502338  Faulting application path:
 C:\Program Files (x86)\ezkeyword\EzKeyword.exe  Faulting module path: C:\Windows\SYSTEM32\KERNELBASE.dll
Report
 Id: 86a2557b-2728-11e7-9dbb-08626668ee9c  Faulting package full name:   Faulting package-relative
 application ID:

Error - 28/04/2017 4:43:26 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 15.0.4420.1017, time
 stamp: 0x506741b5  Faulting module name: EXCEL.EXE, version: 15.0.4420.1017, time
 stamp: 0x506741b5  Exception code: 0xc0000005  Fault offset: 0x0000000000d18964  Faulting
 process id: 0x134c  Faulting application start time: 0x01d2bff9d762e50b  Faulting application
 path: C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE  Faulting module path: C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE
Report
 Id: be48db01-2bee-11e7-9dbe-08626668ee9c  Faulting package full name:   Faulting package-relative
 application ID:

Error - 28/04/2017 8:42:23 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 15.0.4420.1017, time
 stamp: 0x506741b5  Faulting module name: EXCEL.EXE, version: 15.0.4420.1017, time
 stamp: 0x506741b5  Exception code: 0xc0000005  Fault offset: 0x0000000000889493  Faulting
 process id: 0x700  Faulting application start time: 0x01d2c011e03ebd6a  Faulting application
 path: C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE  Faulting module path: C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE
Report
 Id: 1fe62f72-2c10-11e7-9dbe-08626668ee9c  Faulting package full name:   Faulting package-relative
 application ID:

Error - 28/04/2017 13:35:24 | Computer Name = ASUS | Source = Microsoft-Windows-WMI | ID = 28
Description = Failed to Initialize WMI Core or Provider SubSystem or Event SubSystem
 with error number 0x80090017. This could be due to a badly installed version of
 WMI, WMI repository upgrade failure, insufficient disk space or insufficient memory.

Error - 28/04/2017 15:47:18 | Computer Name = ASUS | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar
 failed with error: -2144927150 See the Microsoft-Windows-TWinUI/Operational log
 for additional information.


< End of report >