API tools faq
paste
Advertisement
zenz90

OTL

zenz90
Feb 22nd, 2014
141
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 62.80 KB | None | 0 0
raw download clone embed print report
  1. OTL logfile created on: 22/2/2014 2:30:09 PM - Run 1
  2. OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
  3. 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
  4. Internet Explorer (Version = 8.0.7601.17514)
  5. Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy
  6.  
  7. 4.00 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 65.50% Memory free
  8. 7.99 Gb Paging File | 6.08 Gb Available in Paging File | 76.04% Paging File free
  9. Paging file location(s): ?:\pagefile.sys [binary data]
  10.  
  11. %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
  12. Drive C: | 48.73 Gb Total Space | 14.05 Gb Free Space | 28.83% Space Free | Partition Type: NTFS
  13. Drive D: | 416.93 Gb Total Space | 118.98 Gb Free Space | 28.54% Space Free | Partition Type: NTFS
  14.  
  15. Computer Name: USER-PC | User Name: user | Logged in as Administrator.
  16. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
  17. Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
  18.  
  19. [color=#E56717]========== Processes (SafeList) ==========[/color]
  20.  
  21. PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
  22. PRC - C:\Windows\PromptService.exe (NewSoftwares.net,Inc.)
  23. PRC - C:\Program Files (x86)\Garena Plus\ggdllhost.exe ()
  24. PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
  25. PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
  26. PRC - C:\Program Files (x86)\ViewPower2.11\upsMonitor.exe (Acresso)
  27. PRC - C:\Program Files (x86)\ViewPower2.11\jre\bin\javaw.exe (Sun Microsystems, Inc.)
  28. PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
  29. PRC - C:\Program Files (x86)\ViewPower2.11\tomcat\bin\tomcat6.exe (Apache Software Foundation)
  30. PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
  31.  
  32.  
  33. [color=#E56717]========== Modules (No Company Name) ==========[/color]
  34.  
  35. MOD - C:\Windows\Secure.dll ()
  36. MOD - C:\Program Files (x86)\Garena Plus\ggspawn.dll ()
  37. MOD - C:\Program Files (x86)\Garena Plus\ggdllhost.exe ()
  38. MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
  39.  
  40.  
  41. [color=#E56717]========== Services (SafeList) ==========[/color]
  42.  
  43. SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
  44. SRV:[b]64bit:[/b] - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
  45. SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
  46. SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
  47. SRV:[b]64bit:[/b] - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
  48. SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
  49. SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
  50. SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
  51. SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
  52. SRV - (upsMonitor) -- C:\Program Files (x86)\ViewPower2.11\upsMonitor.exe (Acresso)
  53. SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
  54. SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
  55. SRV - (upsTomcat) -- C:\Program Files (x86)\ViewPower2.11\tomcat\bin\tomcat6.exe (Apache Software Foundation)
  56. SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
  57. SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
  58. SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
  59. SRV - (npkcsvc) -- C:\Windows\SysWOW64\npkcsvc.exe (INCA Internet Co., Ltd.)
  60.  
  61.  
  62. [color=#E56717]========== Driver Services (SafeList) ==========[/color]
  63.  
  64. DRV:[b]64bit:[/b] - (oem-drv64) -- C:\Windows\SysNative\drivers\oem-drv64.sys (secr9tos)
  65. DRV:[b]64bit:[/b] - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
  66. DRV:[b]64bit:[/b] - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
  67. DRV:[b]64bit:[/b] - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
  68. DRV:[b]64bit:[/b] - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab ZAO)
  69. DRV:[b]64bit:[/b] - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab ZAO)
  70. DRV:[b]64bit:[/b] - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
  71. DRV:[b]64bit:[/b] - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
  72. DRV:[b]64bit:[/b] - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
  73. DRV:[b]64bit:[/b] - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
  74. DRV:[b]64bit:[/b] - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
  75. DRV:[b]64bit:[/b] - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
  76. DRV:[b]64bit:[/b] - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
  77. DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
  78. DRV:[b]64bit:[/b] - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
  79. DRV:[b]64bit:[/b] - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
  80. DRV:[b]64bit:[/b] - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
  81. DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
  82. DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
  83. DRV:[b]64bit:[/b] - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
  84. DRV:[b]64bit:[/b] - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
  85. DRV:[b]64bit:[/b] - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
  86. DRV:[b]64bit:[/b] - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
  87. DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
  88. DRV:[b]64bit:[/b] - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
  89. DRV:[b]64bit:[/b] - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
  90. DRV:[b]64bit:[/b] - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
  91. DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
  92. DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
  93. DRV:[b]64bit:[/b] - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
  94. DRV:[b]64bit:[/b] - (Mkd3kfNt) -- C:\Windows\SysNative\drivers\mkd3kfnt.sys (AhnLab, Inc.)
  95. DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
  96. DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
  97. DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
  98. DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
  99. DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
  100. DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
  101. DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
  102. DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
  103. DRV:[b]64bit:[/b] - (Mkd2Nadr) -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys (AhnLab, Inc.)
  104. DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
  105. DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
  106. DRV - (npkcusb) -- C:\Windows\SysWOW64\npkcusb.sys (INCA Internet Co., Ltd.)
  107. DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
  108.  
  109.  
  110. [color=#E56717]========== Standard Registry (All) ==========[/color]
  111.  
  112.  
  113. [color=#E56717]========== Internet Explorer ==========[/color]
  114.  
  115. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  116. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  117. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
  118. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
  119. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
  120. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  121. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
  122. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
  123. IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope =
  124. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  125. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  126. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  127. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
  128. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
  129. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
  130. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
  131. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  132. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
  133. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  134. IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  135. IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  136.  
  137. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
  138. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
  139. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
  140. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  141. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
  142. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?ocid=iehp
  143. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-sg
  144. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 D9 A7 37 63 2C CF 01 [binary data]
  145. IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
  146. IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  147. IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
  148. IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  149. IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
  150.  
  151.  
  152. [color=#E56717]========== FireFox ==========[/color]
  153.  
  154. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
  155. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
  156. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll File not found
  157. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
  158. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  159. FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
  160. FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
  161. FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
  162. FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
  163. FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
  164. FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
  165. FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
  166. FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  167. FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
  168. FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll File not found
  169. FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll File not found
  170. FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\user\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
  171. FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
  172. FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
  173.  
  174. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/12/11 00:22:01 | 000,000,000 | ---D | M]
  175. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/12/11 00:22:01 | 000,000,000 | ---D | M]
  176. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/12/11 00:22:01 | 000,000,000 | ---D | M]
  177. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/12/11 00:22:01 | 000,000,000 | ---D | M]
  178. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/12/11 00:22:01 | 000,000,000 | ---D | M]
  179. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/08/13 09:33:13 | 000,000,000 | ---D | M]
  180.  
  181. [2013/06/02 14:45:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\C\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-8838053-3361496580-2850369974-1000\FireFox\extensions
  182.  
  183. O1 HOSTS File: ([2013/03/17 01:43:53 | 000,000,959 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
  184. O1 - Hosts: 127.0.0.1 genuine.microsoft.com
  185. O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
  186. O1 - Hosts: 127.0.0.1 sls.microsoft.com
  187. O1 - Hosts: 184.22.4.42 nprotect.sealonline.com.my
  188. O2:[b]64bit:[/b] - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
  189. O2:[b]64bit:[/b] - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
  190. O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
  191. O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
  192. O2:[b]64bit:[/b] - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
  193. O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
  194. O2:[b]64bit:[/b] - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
  195. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
  196. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
  197. O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
  198. O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
  199. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
  200. O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
  201. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
  202. O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
  203. O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
  204. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
  205. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  206. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
  207. O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
  208. O4 - HKLM..\Run: [PromptService] C:\Windows\PromptService.exe (NewSoftwares.net,Inc.)
  209. O4 - HKLM..\Run: [PromptService64] C:\Windows\PromptService64.exe (NewSoftwares.net,Inc.)
  210. O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
  211. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  212. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
  213. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
  214. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
  215. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
  216. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
  217. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
  218. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
  219. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
  220. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
  221. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
  222. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
  223. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
  224. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
  225. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
  226. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
  227. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
  228. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
  229. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
  230. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
  231. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
  232. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
  233. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
  234. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
  235. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
  236. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
  237. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
  238. O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
  239. O8:[b]64bit:[/b] - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
  240. O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
  241. O9:[b]64bit:[/b] - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
  242. O9:[b]64bit:[/b] - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
  243. O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
  244. O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
  245. O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
  246. O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
  247. O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
  248. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
  249. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
  250. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
  251. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
  252. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  253. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
  254. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
  255. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
  256. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
  257. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
  258. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  259. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  260. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  261. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
  262. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
  263. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  264. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  265. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  266. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  267. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  268. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  269. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  270. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
  271. O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
  272. O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
  273. O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
  274. O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
  275. O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  276. O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
  277. O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
  278. O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
  279. O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
  280. O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
  281. O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  282. O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  283. O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  284. O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
  285. O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
  286. O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  287. O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  288. O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  289. O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  290. O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  291. O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  292. O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  293. O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
  294. O16 - DPF: {20D5FC56-9F89-4966-94E1-122DDA4FA5E7} http://start1.gnjoy.com/cab/1004/GSystemInfo.cab (GLauncher Control)
  295. O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab (Battlefield Play4Free Updater)
  296. O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} http://www.sealindo.com/nprotect/nprotect/npx.cab (NPX Control)
  297. O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://www.sealindo.com/nprotect/nPKeyCrypt/npkcx.cab (NPKCX Control)
  298. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{590E9357-982C-44BA-AFDB-9FEC721A765A}: NameServer = 202.134.1.10,222.124.204.34
  299. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7312F52-5FE6-4630-8EE2-6A5418A71658}: DhcpNameServer = 10.10.0.1
  300. O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
  301. O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
  302. O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
  303. O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
  304. O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
  305. O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
  306. O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
  307. O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
  308. O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
  309. O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
  310. O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
  311. O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
  312. O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
  313. O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
  314. O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
  315. O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
  316. O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
  317. O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
  318. O18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
  319. O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
  320. O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
  321. O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
  322. O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
  323. O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
  324. O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
  325. O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
  326. O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
  327. O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
  328. O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
  329. O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
  330. O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
  331. O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
  332. O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
  333. O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
  334. O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
  335. O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
  336. O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
  337. O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
  338. O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
  339. O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
  340. O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
  341. O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
  342. O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
  343. O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
  344. O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
  345. O18:[b]64bit:[/b] - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
  346. O18:[b]64bit:[/b] - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
  347. O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
  348. O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
  349. O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
  350. O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
  351. O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
  352. O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
  353. O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
  354. O20 - AppInit_DLLs: (c:\progra~2\contin~1\sprote~1.dll) - File not found
  355. O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
  356. O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
  357. O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
  358. O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
  359. O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
  360. O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
  361. O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  362. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  363. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
  364. O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
  365. O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
  366. O30:[b]64bit:[/b] - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
  367. O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
  368. O30:[b]64bit:[/b] - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
  369. O30:[b]64bit:[/b] - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
  370. O30:[b]64bit:[/b] - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
  371. O30:[b]64bit:[/b] - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
  372. O30:[b]64bit:[/b] - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
  373. O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
  374. O30:[b]64bit:[/b] - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
  375. O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
  376. O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
  377. O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
  378. O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
  379. O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
  380. O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
  381. O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
  382. O31 - SafeBoot: AlternateShell - cmd.exe
  383. O32 - HKLM CDRom: AutoRun - 0
  384. O34 - HKLM BootExecute: (autocheck autochk *)
  385. O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
  386. O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
  387. O35 - HKLM\..comfile [open] -- "%1" %*
  388. O35 - HKLM\..exefile [open] -- "%1" %*
  389. O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
  390. O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
  391. O37 - HKLM\...com [@ = comfile] -- "%1" %*
  392. O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  393. O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
  394. O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
  395. O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  396.  
  397. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
  398.  
  399. [2014/02/22 14:27:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
  400. [2014/02/22 14:23:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
  401. [2014/02/20 10:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
  402. [2014/02/20 10:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
  403. [2014/02/17 16:48:30 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\backup
  404. [2014/02/17 15:44:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Opera Software
  405. [2014/02/17 15:44:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Opera Software
  406. [2014/02/17 15:44:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
  407. [2014/02/13 20:11:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Garena
  408. [2014/02/13 20:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Garena
  409. [2014/02/13 20:09:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\GarenaPlus
  410. [2014/02/13 19:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
  411. [2014/02/13 19:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Plus
  412. [2014/02/13 19:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\GarenaMessenger
  413. [2014/02/10 16:20:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
  414. [2014/02/10 16:19:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
  415. [2014/02/10 16:19:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
  416. [2014/02/10 13:59:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
  417. [2014/02/10 13:59:35 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
  418. [2014/02/10 13:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
  419. [2014/02/10 13:50:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
  420. [2014/02/08 20:04:40 | 000,079,464 | ---- | C] (Initex) -- C:\Windows\SysNative\WTFastDrv.dll
  421. [2014/02/08 20:04:40 | 000,072,296 | ---- | C] (Initex) -- C:\Windows\SysWow64\WTFastDrv.dll
  422. [2014/02/08 20:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WTFast
  423. [2014/02/08 20:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WTFast
  424. [2014/02/08 01:57:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Awesomium
  425. [2014/02/07 22:15:33 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Elder Scrolls Online
  426. [2014/02/07 22:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Elder Scrolls Online
  427. [2014/02/06 00:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online Beta
  428. [2014/01/28 12:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
  429. [2014/01/27 15:54:38 | 000,421,744 | ---- | C] (Network Tunnel Lab) -- C:\Windows\SysWow64\networkdlllsp.dll
  430. [2014/01/27 12:07:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\ATI
  431. [2014/01/27 12:07:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\ATI
  432. [2014/01/27 12:07:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
  433. [2014/01/27 12:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
  434. [2014/01/27 12:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
  435. [2014/01/27 12:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
  436. [2014/01/27 12:04:25 | 000,110,080 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\DelayAPO.dll
  437. [2014/01/27 12:04:25 | 000,096,768 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\AtihdW76.sys
  438. [2014/01/27 12:04:11 | 023,810,560 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll
  439. [2014/01/27 12:04:11 | 000,076,800 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_12.104.dll
  440. [2014/01/27 12:04:11 | 000,076,288 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OpenVideo64.dll
  441. [2014/01/27 12:04:11 | 000,054,784 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
  442. [2014/01/27 12:04:11 | 000,050,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
  443. [2014/01/27 12:04:10 | 000,065,536 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OpenVideo.dll
  444. [2014/01/27 12:04:10 | 000,064,000 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OVDecode64.dll
  445. [2014/01/27 12:04:09 | 029,150,720 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
  446. [2014/01/27 12:04:09 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atidemgy.dll
  447. [2014/01/27 12:04:09 | 000,056,320 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OVDecode.dll
  448. [2014/01/27 12:04:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
  449. [2014/01/27 12:03:59 | 004,450,264 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
  450. [2014/01/27 12:03:59 | 000,139,696 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
  451. [2014/01/27 12:03:59 | 000,118,584 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
  452. [2014/01/27 12:03:58 | 024,229,376 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
  453. [2014/01/27 12:03:58 | 019,870,720 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
  454. [2014/01/27 12:03:58 | 011,658,752 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
  455. [2014/01/27 12:03:58 | 006,985,624 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
  456. [2014/01/27 12:03:58 | 005,944,264 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
  457. [2014/01/27 12:03:58 | 005,000,320 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
  458. [2014/01/27 12:03:58 | 000,581,120 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
  459. [2014/01/27 12:03:58 | 000,562,688 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
  460. [2014/01/27 12:03:58 | 000,332,800 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODE.exe
  461. [2014/01/27 12:03:58 | 000,241,152 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
  462. [2014/01/27 12:03:58 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
  463. [2014/01/27 12:03:58 | 000,112,440 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
  464. [2014/01/27 12:03:58 | 000,092,304 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
  465. [2014/01/27 12:03:58 | 000,078,432 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
  466. [2014/01/27 12:03:58 | 000,078,432 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
  467. [2014/01/27 12:03:58 | 000,071,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
  468. [2014/01/27 12:03:58 | 000,071,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
  469. [2014/01/27 12:03:58 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
  470. [2014/01/27 12:03:58 | 000,051,200 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODCLI.exe
  471. [2014/01/27 12:03:58 | 000,044,032 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
  472. [2014/01/27 12:03:58 | 000,034,816 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
  473. [2014/01/27 12:03:58 | 000,026,112 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
  474. [2014/01/27 12:03:58 | 000,017,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
  475. [2014/01/27 12:03:58 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
  476. [2014/01/27 12:03:58 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
  477. [2014/01/27 12:03:57 | 016,082,944 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
  478. [2014/01/27 12:03:57 | 013,703,168 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
  479. [2014/01/27 12:03:57 | 008,272,136 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atidxx64.dll
  480. [2014/01/27 12:03:57 | 007,233,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
  481. [2014/01/27 12:03:57 | 001,155,264 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll
  482. [2014/01/27 12:03:57 | 000,970,912 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
  483. [2014/01/27 12:03:57 | 000,636,416 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
  484. [2014/01/27 12:03:57 | 000,430,080 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
  485. [2014/01/27 12:03:57 | 000,163,840 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
  486. [2014/01/27 12:03:57 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atibtmon.exe
  487. [2014/01/27 12:03:57 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
  488. [2014/01/27 12:03:57 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
  489. [2014/01/27 12:03:57 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
  490. [2014/01/27 12:03:57 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
  491. [2014/01/27 12:03:57 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
  492. [2014/01/27 12:03:57 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
  493. [2014/01/27 12:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
  494. [2014/01/27 12:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
  495. [2014/01/27 11:25:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\WindowsApplication1
  496. [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
  497.  
  498. [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
  499.  
  500. [2014/02/22 14:27:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
  501. [2014/02/22 13:55:37 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
  502. [2014/02/22 13:55:36 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
  503. [2014/02/22 13:55:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
  504. [2014/02/22 12:22:22 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  505. [2014/02/22 12:22:22 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  506. [2014/02/22 12:15:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
  507. [2014/02/22 12:14:54 | 000,042,496 | ---- | M] (secr9tos) -- C:\Windows\SysNative\drivers\oem-drv64.sys
  508. [2014/02/20 16:10:50 | 000,001,032 | ---- | M] () -- C:\Users\user\Desktop\Mumble.lnk
  509. [2014/02/20 07:50:11 | 000,783,792 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
  510. [2014/02/20 07:50:11 | 000,663,522 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
  511. [2014/02/20 07:50:11 | 000,121,860 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
  512. [2014/02/19 16:07:02 | 000,000,000 | -HS- | M] () -- C:\Windows\SysWow64\win_fp_app.dat
  513. [2014/02/19 16:06:55 | 000,353,792 | ---- | M] (NewSoftwares.net,Inc.) -- C:\Windows\PromptService64.exe
  514. [2014/02/19 16:06:55 | 000,266,240 | ---- | M] (NewSoftwares.net,Inc.) -- C:\Windows\PromptService.exe
  515. [2014/02/19 16:06:55 | 000,098,304 | ---- | M] () -- C:\Windows\Secure.dll
  516. [2014/02/19 00:53:11 | 000,125,440 | ---- | M] () -- C:\Windows\Secure64.dll
  517. [2014/02/17 15:44:31 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
  518. [2014/02/13 20:12:15 | 000,045,270 | ---- | M] () -- C:\Users\user\AppData\Roaming\room_v3.dat
  519. [2014/02/08 20:04:40 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\WTFast.lnk
  520. [2014/02/06 00:02:50 | 000,000,945 | ---- | M] () -- C:\Users\user\Desktop\The Elder Scrolls Online Beta.lnk
  521. [2014/01/27 12:07:36 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
  522. [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
  523.  
  524. [color=#E56717]========== Files Created - No Company Name ==========[/color]
  525.  
  526. [2014/02/20 16:10:50 | 000,001,032 | ---- | C] () -- C:\Users\user\Desktop\Mumble.lnk
  527. [2014/02/17 15:44:32 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
  528. [2014/02/17 15:44:32 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
  529. [2014/02/13 20:12:15 | 000,045,270 | ---- | C] () -- C:\Users\user\AppData\Roaming\room_v3.dat
  530. [2014/02/08 20:04:40 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\WTFast.lnk
  531. [2014/02/06 00:02:50 | 000,000,945 | ---- | C] () -- C:\Users\user\Desktop\The Elder Scrolls Online Beta.lnk
  532. [2014/01/27 12:07:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
  533. [2014/01/27 12:04:11 | 001,187,342 | ---- | C] () -- C:\Windows\SysNative\amdocl_as64.exe
  534. [2014/01/27 12:04:11 | 001,061,902 | ---- | C] () -- C:\Windows\SysNative\amdocl_ld64.exe
  535. [2014/01/27 12:04:11 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
  536. [2014/01/27 12:04:11 | 000,230,064 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik_nd.dat
  537. [2014/01/27 12:04:11 | 000,222,720 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
  538. [2014/01/27 12:04:11 | 000,044,066 | ---- | C] () -- C:\Windows\atiogl.xml
  539. [2014/01/27 12:04:10 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
  540. [2014/01/27 12:04:10 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
  541. [2014/01/27 12:04:10 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
  542. [2014/01/27 12:04:10 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
  543. [2014/01/27 12:04:10 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
  544. [2014/01/27 12:04:09 | 000,522,872 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
  545. [2014/01/27 12:04:09 | 000,522,872 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
  546. [2014/01/27 12:04:09 | 000,230,836 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik.dat
  547. [2014/01/27 12:04:09 | 000,075,600 | ---- | C] () -- C:\Windows\SysNative\ativce02.dat
  548. [2014/01/27 12:04:09 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
  549. [2014/01/27 12:04:09 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
  550. [2014/01/27 12:03:58 | 003,342,768 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
  551. [2014/01/27 12:03:58 | 003,309,936 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
  552. [2014/01/27 12:03:58 | 000,695,006 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
  553. [2013/11/17 22:42:08 | 000,125,440 | ---- | C] () -- C:\Windows\Secure64.dll
  554. [2013/11/17 22:42:08 | 000,098,304 | ---- | C] () -- C:\Windows\Secure.dll
  555. [2013/11/17 22:42:08 | 000,004,384 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_config.dat
  556. [2013/11/17 22:42:08 | 000,000,000 | -HS- | C] () -- C:\Windows\SysWow64\win_fp_app.dat
  557. [2013/06/16 13:37:36 | 000,007,606 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
  558. [2013/06/14 11:52:46 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
  559. [2013/03/21 18:46:14 | 000,000,132 | ---- | C] () -- C:\Users\user\AppData\Roaming\Adobe PNG Format CS6 Prefs
  560. [2013/03/21 18:28:55 | 000,001,456 | ---- | C] () -- C:\Users\user\AppData\Local\Adobe Save for Web 13.0 Prefs
  561. [2013/03/20 14:13:23 | 000,000,318 | ---- | C] () -- C:\Windows\WPE PRO - modified.INI
  562. [2013/03/04 16:45:52 | 000,001,066 | RHS- | C] () -- C:\Users\user\ntuser.pol
  563. [2013/02/27 17:30:24 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
  564. [2013/02/26 00:21:56 | 000,775,966 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
  565. [2013/02/17 01:10:48 | 000,000,132 | ---- | C] () -- C:\Users\user\AppData\Roaming\Adobe BMP Format CS6 Prefs
  566. [2013/02/15 00:16:40 | 000,795,648 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
  567. [2013/02/15 00:16:40 | 000,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
  568. [2013/02/15 00:16:40 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
  569. [2013/02/15 00:16:39 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
  570. [2013/02/15 00:16:39 | 000,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
  571. [2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
  572. [2012/02/27 20:31:13 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
  573.  
  574. [color=#E56717]========== ZeroAccess Check ==========[/color]
  575.  
  576. [2009/07/14 11:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
  577.  
  578. [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  579.  
  580. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  581.  
  582. [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
  583.  
  584. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
  585.  
  586. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  587. "" = C:\Windows\SysNative\shell32.dll -- [2010/11/21 10:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
  588. "ThreadingModel" = Apartment
  589.  
  590. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  591. "" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 10:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
  592. "ThreadingModel" = Apartment
  593.  
  594. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
  595. "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 08:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
  596. "ThreadingModel" = Free
  597.  
  598. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  599. "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 10:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
  600. "ThreadingModel" = Free
  601.  
  602. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
  603. "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 08:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
  604. "ThreadingModel" = Both
  605.  
  606. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  607.  
  608. [color=#E56717]========== LOP Check ==========[/color]
  609.  
  610. [2013/02/16 15:34:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\2K Sports
  611. [2013/11/05 17:00:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AppFile
  612. [2013/06/14 11:46:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Artifex Mundi
  613. [2014/02/11 11:24:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Awesomium
  614. [2013/05/14 13:13:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon
  615. [2014/02/10 14:15:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
  616. [2014/02/17 16:50:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DMCache
  617. [2013/02/14 14:27:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DRPSu
  618. [2014/02/13 20:11:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garena
  619. [2014/02/19 23:12:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GarenaPlus
  620. [2013/10/12 21:54:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Guild Wars 2
  621. [2013/05/31 08:24:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mumble
  622. [2013/05/13 19:13:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Notepad++
  623. [2014/02/17 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera Software
  624. [2014/01/21 00:55:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Origin
  625. [2013/05/22 10:48:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\raidcall
  626. [2013/02/20 21:11:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sports Interactive
  627. [2013/06/16 12:43:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Subversion
  628. [2013/07/07 00:55:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
  629. [2014/02/18 17:31:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TS3Client
  630. [2013/02/16 03:11:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ts3overlay
  631. [2013/02/16 03:22:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ts3overlay_hook_win64
  632.  
  633. [color=#E56717]========== Purity Check ==========[/color]
  634.  
  635.  
  636.  
  637. [color=#E56717]========== Alternate Data Streams ==========[/color]
  638.  
  639. @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F13A05F6
  640. @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:BEE4BB97
  641.  
  642. < End of report >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!