API tools faq
paste
Advertisement
Guest User

xxx

a guest
Oct 24th, 2015
283
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 68.73 KB | None | 0 0
raw download clone embed print report
  1. OTL Extras logfile created on: 10/24/2015 1:58:43 PM - Run 1
  2. OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXX\Desktop
  3. Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
  4. Internet Explorer (Version = 8.0.7601.17514)
  5. Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
  6.  
  7. 1.87 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 63.01% Memory free
  8. 3.74 Gb Paging File | 1.72 Gb Available in Paging File | 45.90% Paging File free
  9. Paging file location(s): ?:\pagefile.sys [binary data]
  10.  
  11. %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
  12. Drive C: | 38.96 Gb Total Space | 14.14 Gb Free Space | 36.29% Space Free | Partition Type: NTFS
  13. Drive D: | 35.47 Gb Total Space | 16.36 Gb Free Space | 46.14% Space Free | Partition Type: NTFS
  14. Drive G: | 9.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
  15.  
  16. Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
  17. Boot Mode: Normal | Scan Mode: Current user
  18. Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
  19.  
  20. [color=#E56717]========== Extra Registry (SafeList) ==========[/color]
  21.  
  22.  
  23. [color=#E56717]========== File Associations ==========[/color]
  24.  
  25. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
  26. .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
  27. .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
  28.  
  29. [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
  30. .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
  31.  
  32. [color=#E56717]========== Shell Spawning ==========[/color]
  33.  
  34. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
  35. batfile [open] -- "%1" %*
  36. cmdfile [open] -- "%1" %*
  37. comfile [open] -- "%1" %*
  38. cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
  39. exefile [open] -- "%1" %*
  40. helpfile [open] -- Reg Error: Key error.
  41. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
  42. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
  43. piffile [open] -- "%1" %*
  44. regfile [merge] -- Reg Error: Key error.
  45. scrfile [config] -- "%1"
  46. scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
  47. scrfile [open] -- "%1" /S
  48. txtfile [edit] -- Reg Error: Key error.
  49. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
  50. Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
  51. Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
  52. Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
  53. Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
  54. Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
  55. Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
  56. Folder [explore] -- Reg Error: Value error.
  57. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
  58.  
  59. [color=#E56717]========== Security Center Settings ==========[/color]
  60.  
  61. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
  62. "cval" = 1
  63.  
  64. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
  65.  
  66. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
  67. "VistaSp1" = Reg Error: Unknown registry data type -- File not found
  68. "AntiVirusOverride" = 0
  69. "AntiSpywareOverride" = 0
  70. "FirewallOverride" = 0
  71.  
  72. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
  73.  
  74. [color=#E56717]========== Firewall Settings ==========[/color]
  75.  
  76. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
  77. "EnableFirewall" = 1
  78. "DisableNotifications" = 0
  79.  
  80. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
  81. "EnableFirewall" = 1
  82. "DisableNotifications" = 0
  83.  
  84. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
  85. "EnableFirewall" = 1
  86. "DisableNotifications" = 0
  87.  
  88. [color=#E56717]========== Authorized Applications List ==========[/color]
  89.  
  90.  
  91. [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
  92.  
  93. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
  94. "{00A8A93E-4F0B-4801-81BC-AD6C49E8A9BC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
  95. "{044A3CAA-305E-4DB0-94CC-47C02054F18F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
  96. "{087BE33B-96C9-4C4B-A3B6-28FAD35EF845}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
  97. "{0E2BE262-F0AF-4B00-81BF-6301F1B9C10C}" = lport=445 | protocol=6 | dir=in | app=system |
  98. "{542977AC-05BB-4788-BFD3-2CC43C5A1F5D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
  99. "{70151A8E-0C26-46AA-AD91-344030D95323}" = rport=138 | protocol=17 | dir=out | app=system |
  100. "{71B021B0-9183-4AAE-810C-029935E0C315}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
  101. "{73027A2B-9972-4CA1-BB8A-78D91A07F14A}" = rport=139 | protocol=6 | dir=out | app=system |
  102. "{7F433977-521A-482A-8897-0AE30CB9622D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
  103. "{A391A3E0-0950-43C8-8466-E002BFB293D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
  104. "{ACF3426A-9595-4D15-A930-AEB89567887E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
  105. "{B214C6D4-1997-4314-B9D2-F1102B308009}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
  106. "{C397835F-B7EA-4DF9-86D7-780A7A9E91D5}" = lport=138 | protocol=17 | dir=in | app=system |
  107. "{C8582D4C-0C5A-4932-9A52-0C48401B39BE}" = lport=139 | protocol=6 | dir=in | app=system |
  108. "{CA40CD29-80FB-4BD8-9D2E-7BE1D02E1A9D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
  109. "{CE860CC6-F58C-4DAD-8425-D62435DC2072}" = lport=137 | protocol=17 | dir=in | app=system |
  110. "{D4F8645C-9769-4DEB-9DAA-5C6537639CC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
  111. "{D814A2CF-4D73-44EB-8076-09E132559D9B}" = rport=445 | protocol=6 | dir=out | app=system |
  112. "{DAC6CF28-4963-4142-A890-AF1860AA663F}" = rport=137 | protocol=17 | dir=out | app=system |
  113. "{DAF1C3D8-DF2C-4035-9BB9-2EEE37AC7519}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
  114. "{F955E16C-DE1F-4D21-9E26-3923F9DDEEFA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
  115.  
  116. [color=#E56717]========== Vista Active Application Exception List ==========[/color]
  117.  
  118. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
  119. "{18BF649E-5A2A-44E3-8ED8-8417FFA91636}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
  120. "{1BEC5C63-E782-45BF-BFD2-B31377C28CC5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
  121. "{3017F33B-1BF5-46D2-91B8-3C3030019A83}" = protocol=17 | dir=in | app=c:\programdata\opivikr\vuscafud.exe |
  122. "{3CB01ED0-F58A-4351-98F3-93BE820829E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
  123. "{49022280-F95A-4206-BFF7-C3996CF251D0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
  124. "{5956B448-A464-41FE-A4CE-18108A05FF1F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
  125. "{615EFAA3-109D-48C1-9BB4-B8455045575C}" = protocol=6 | dir=in | app=c:\programdata\opivikr\vuscafud.exe |
  126. "{7E8BC34F-D78C-4032-9BFD-B1E0D47D9DBF}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
  127. "{7EA34CC8-C865-409D-BF6A-E0E84EE00739}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
  128. "{8626D355-7846-4167-9EEB-90E89B3ECD6D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
  129. "{86A3A247-E4AA-4FB5-B3E0-5095CC34A298}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
  130. "{905FE768-7C03-4BCD-8D40-27901BFA7374}" = protocol=6 | dir=in | app=c:\programdata\opivikr\vuscafud.exe |
  131. "{93ABE07A-C18D-4557-B991-768825861B35}" = protocol=17 | dir=in | app=c:\programdata\opivikr\vuscafud.exe |
  132. "{B30CB51B-DC94-4C2F-A05D-A74B5B771704}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
  133. "{B782AD2E-1654-43D5-92A8-CF44CB146992}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
  134. "{C98D9518-AAEB-4BD2-8C49-CE5D70E14BFF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
  135. "{CB582AC7-36AA-412C-B475-3827B95ACB73}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
  136. "TCP Query User{1A020B6D-FA4D-4C26-8F42-102120C811C4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
  137. "TCP Query User{4C4EBAC1-669F-4F00-86E7-6ABA90FE9CD2}D:\my games\warcraft\war3.exe" = protocol=6 | dir=in | app=d:\my games\warcraft\war3.exe |
  138. "TCP Query User{78F02D6D-7B8C-422E-8C57-BE072AEC75ED}D:\warcraft\war3.exe" = protocol=6 | dir=in | app=d:\warcraft\war3.exe |
  139. "TCP Query User{89AA58C2-1DD1-4667-A7A1-2E909654CFD0}D:\my games\warcraft\gwar3.exe" = protocol=6 | dir=in | app=d:\my games\warcraft\gwar3.exe |
  140. "TCP Query User{96B5A104-0CDC-4D80-99F8-8EB9150C7431}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
  141. "TCP Query User{E953BA3E-72C4-4BC2-9F95-79EB3C5C0647}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
  142. "TCP Query User{F5516DC1-C09A-40DA-AAEE-907BA8F4675E}C:\program files\opera\launcher.exe" = protocol=6 | dir=in | app=c:\program files\opera\launcher.exe |
  143. "UDP Query User{095D02A3-E283-40CB-87ED-73BA9F2447B6}D:\warcraft\war3.exe" = protocol=17 | dir=in | app=d:\warcraft\war3.exe |
  144. "UDP Query User{0D24DEA5-A9F5-407E-9B6E-BE8412007310}C:\program files\opera\launcher.exe" = protocol=17 | dir=in | app=c:\program files\opera\launcher.exe |
  145. "UDP Query User{312B289C-763F-48F1-BEAB-9754EE16EFB1}D:\my games\warcraft\war3.exe" = protocol=17 | dir=in | app=d:\my games\warcraft\war3.exe |
  146. "UDP Query User{71721025-FDDC-42B0-8F6B-CF8BA742C5A2}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
  147. "UDP Query User{96B7A025-252D-40D0-8F76-1338014EA4B2}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
  148. "UDP Query User{B34D0AF4-B28A-4F17-9D40-DE8CB9B1ABE9}D:\my games\warcraft\gwar3.exe" = protocol=17 | dir=in | app=d:\my games\warcraft\gwar3.exe |
  149. "UDP Query User{C9430C41-3265-4468-AB07-2FC41378185E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
  150.  
  151. [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
  152.  
  153. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
  154. "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
  155. "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP230_series" = Canon MP230 series MP Drivers
  156. "{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
  157. "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
  158. "{3F7D597C-7512-F73C-B0F3-5D711BC91948}" = QR Code Maker and Decoder
  159. "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
  160. "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
  161. "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
  162. "{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1" = SMADAV version 10.3.1
  163. "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
  164. "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
  165. "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
  166. "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
  167. "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
  168. "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
  169. "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
  170. "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
  171. "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
  172. "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
  173. "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
  174. "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
  175. "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
  176. "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
  177. "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
  178. "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
  179. "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
  180. "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
  181. "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
  182. "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
  183. "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
  184. "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
  185. "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
  186. "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
  187. "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
  188. "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
  189. "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
  190. "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
  191. "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
  192. "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
  193. "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
  194. "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
  195. "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
  196. "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
  197. "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
  198. "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
  199. "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
  200. "{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1" = RAR Password Unlocker 4.2.0.0
  201. "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
  202. "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
  203. "{E1527582-8509-4011-B922-29E3FB548882}_is1" = DNS Unlocker version 1.4
  204. "{E9AD2F38-EF9C-B9DA-048A-A92FBC17701E}" = NiiceOOffErs
  205. "Adobe Flash Player ActiveX" = Adobe Flash Player 17 ActiveX
  206. "Adobe Flash Player NPAPI" = Adobe Flash Player 17 NPAPI
  207. "Adobe Flash Player PPAPI" = Adobe Flash Player 18 PPAPI
  208. "Adobe Shockwave Player" = Adobe Shockwave Player 12.1
  209. "ALSTOM - System Configuration Editor 5.12.0.0" = ALSTOM - System Configuration Editor 5.12.0.0
  210. "Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
  211. "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
  212. "CanonMyPrinter" = Canon My Printer
  213. "Counter-Strike Source 1.9.1" = Counter-Strike Source 1.9.1
  214. "DIgSILENT License Server 5.3.2" = DIgSILENT License Server 5.3.2
  215. "DIgSILENT PowerFactory 14.1" = DIgSILENT PowerFactory 14.1
  216. "DIgSILENT Preinstaller" = DIgSILENT Preinstaller
  217. "ENTERPRISE" = Microsoft Office Enterprise 2007
  218. "Firefox CCPB 37.0.1" = Firefox CCPB 37.0.1
  219. "HotspotShield" = Hotspot Shield 5.0.2
  220. "Internet Download Manager" = Internet Download Manager
  221. "iSafe" = YAC(Yet Another Cleaner!)
  222. "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.6.6
  223. "LINE" = LINE
  224. "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
  225. "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
  226. "MiniLyrics" = MiniLyrics
  227. "Mobile Partner" = Mobile Partner
  228. "Mozilla Firefox 37.0.1 (x86 en-US)" = Mozilla Firefox 37.0.1 (x86 en-US)
  229. "MozillaMaintenanceService" = Mozilla Maintenance Service
  230. "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
  231. "SynTPDeinstKey" = Synaptics Pointing Device Driver
  232. "Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
  233. "VISPRO" = Microsoft Office Visio Professional 2007
  234. "Visual Basic 6.0 Enterprise Edition" = Microsoft Visual Basic 6.0 Enterprise Edition
  235. "WebPost" = Microsoft Web Publishing Wizard 1.53
  236. "Winamp" = Winamp
  237. "WinRAR archiver" = WinRAR archiver
  238. "WinZipper" = WinZipper
  239. "Yahoo! Companion" = Yahoo! Toolbar
  240. "Yahoo! Messenger" = Yahoo! Messenger
  241. "Yahoo! Software Update" = Yahoo! Software Update
  242.  
  243. [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
  244.  
  245. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
  246. "Winamp Detect" = Winamp Detector Plug-in
  247.  
  248. [color=#E56717]========== Last 20 Event Log Errors ==========[/color]
  249.  
  250. [ Application Events ]
  251. Error - 10/24/2015 1:06:17 AM | Computer Name = XXX-PC | Source = RasClient | ID = 20227
  252. Description =
  253.  
  254. Error - 10/24/2015 1:06:17 AM | Computer Name = XXX-PC | Source = RasClient | ID = 20227
  255. Description =
  256.  
  257. Error - 10/24/2015 1:06:17 AM | Computer Name = XXX-PC | Source = RasClient | ID = 20227
  258. Description =
  259.  
  260. Error - 10/24/2015 1:06:17 AM | Computer Name = XXX-PC | Source = RasClient | ID = 20227
  261. Description =
  262.  
  263. Error - 10/24/2015 1:06:17 AM | Computer Name = XXX-PC | Source = RasClient | ID = 20227
  264. Description =
  265.  
  266. Error - 10/24/2015 1:06:17 AM | Computer Name = XXX-PC | Source = RasClient | ID = 20227
  267. Description =
  268.  
  269. Error - 10/24/2015 1:06:18 AM | Computer Name = XXX-PC | Source = RasClient | ID = 20227
  270. Description =
  271.  
  272. Error - 10/24/2015 1:06:18 AM | Computer Name = XXX-PC | Source = RasClient | ID = 20227
  273. Description =
  274.  
  275. Error - 10/24/2015 1:06:18 AM | Computer Name = XXX-PC | Source = RasClient | ID = 20227
  276. Description =
  277.  
  278. Error - 10/24/2015 2:05:13 AM | Computer Name = XXX-PC | Source = RasClient | ID = 20227
  279. Description =
  280.  
  281. [ System Events ]
  282. Error - 10/24/2015 12:48:51 AM | Computer Name = XXX-PC | Source = EventLog | ID = 6008
  283. Description = The previous system shutdown at 10:21:17 AM on ?10/?24/?2015 was unexpected.
  284.  
  285. Error - 10/24/2015 12:49:08 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
  286. Description = The DIgLiseService service failed to start due to the following error:
  287. %%5
  288.  
  289. Error - 10/24/2015 12:49:22 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
  290. Description = The Util Any Angle service failed to start due to the following error:
  291. %%2
  292.  
  293. Error - 10/24/2015 12:50:51 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7022
  294. Description = The SSFK service hung on starting.
  295.  
  296. Error - 10/24/2015 12:55:10 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
  297. Description = The DIgLiseService service failed to start due to the following error:
  298. %%5
  299.  
  300. Error - 10/24/2015 12:55:21 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
  301. Description = The Util Any Angle service failed to start due to the following error:
  302. %%2
  303.  
  304. Error - 10/24/2015 12:56:51 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7022
  305. Description = The SSFK service hung on starting.
  306.  
  307. Error - 10/24/2015 1:00:07 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7034
  308. Description = The Hotspot Shield Monitoring Service service terminated unexpectedly.
  309. It has done this 1 time(s).
  310.  
  311. Error - 10/24/2015 1:00:30 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7031
  312. Description = The SSFK service terminated unexpectedly. It has done this 1 time(s).
  313. The following corrective action will be taken in 0 milliseconds: Restart the service.
  314.  
  315. Error - 10/24/2015 1:00:41 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7034
  316. Description = The IhPul service terminated unexpectedly. It has done this 1 time(s).
  317.  
  318.  
  319. < End of report >
  320.  
  321. OTL logfile created on: 10/24/2015 1:58:43 PM - Run 1
  322. OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXX\Desktop
  323. Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
  324. Internet Explorer (Version = 8.0.7601.17514)
  325. Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
  326.  
  327. 1.87 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 63.01% Memory free
  328. 3.74 Gb Paging File | 1.72 Gb Available in Paging File | 45.90% Paging File free
  329. Paging file location(s): ?:\pagefile.sys [binary data]
  330.  
  331. %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
  332. Drive C: | 38.96 Gb Total Space | 14.14 Gb Free Space | 36.29% Space Free | Partition Type: NTFS
  333. Drive D: | 35.47 Gb Total Space | 16.36 Gb Free Space | 46.14% Space Free | Partition Type: NTFS
  334. Drive G: | 9.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
  335.  
  336. Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
  337. Boot Mode: Normal | Scan Mode: Current user
  338. Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
  339.  
  340. [color=#E56717]========== Processes (SafeList) ==========[/color]
  341.  
  342. PRC - C:\Users\XXX\Desktop\OTL.com (OldTimer Tools)
  343. PRC - C:\Program Files\WinZipper\winzipersvc.exe (Taiwan Shui Mu Chih Ching Technology Limited)
  344. PRC - C:\Program Files\Hotspot Shield\bin\cmw_srv.exe (AnchorFree Inc.)
  345. PRC - C:\Program Files\Hotspot Shield\bin\HSSCP.exe (AnchorFree Inc.)
  346. PRC - C:\Program Files\SFK\SSFK.exe (TODO: <公司名>)
  347. PRC - C:\ProgramData\nWdsManPron\WdsManPro.exe (DTools LIMITED)
  348. PRC - C:\Program Files\DNS Unlocker\dnswaskom.exe ()
  349. PRC - C:\Program Files\SMADAV\SMΔRTP.exe (Smadsoft)
  350. PRC - C:\Program Files\Elex-tech\YAC\iSafeTray.exe (Elex do Brasil Participações Ltda)
  351. PRC - C:\Program Files\Elex-tech\YAC\iSafeSvc.exe (Elex do Brasil Participações Ltda)
  352. PRC - C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe (Elex do Brasil Participações Ltda)
  353. PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
  354. PRC - C:\Program Files\Rs\Rs.exe (Windows APP)
  355. PRC - C:\Users\XXX\AppData\Roaming\Ground.exe ()
  356. PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
  357. PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
  358. PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
  359. PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
  360. PRC - C:\Windows\explorer.exe (Microsoft Corporation)
  361. PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
  362. PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
  363. PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
  364.  
  365.  
  366. [color=#E56717]========== Modules (No Company Name) ==========[/color]
  367.  
  368. MOD - C:\Program Files\Hotspot Shield\bin\CrashRpt1403.dll ()
  369. MOD - C:\Program Files\DNS Unlocker\dnswaskom.exe ()
  370. MOD - C:\Program Files\SMADAV\SM?RTP.exe ()
  371. MOD - C:\Program Files\Elex-tech\YAC\libpng.dll ()
  372. MOD - C:\Program Files\Elex-tech\YAC\zlib1.dll ()
  373. MOD - C:\Users\XXX\AppData\Roaming\Ground.exe ()
  374. MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll ()
  375. MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll ()
  376. MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll ()
  377. MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\92cccedc7cda413ff6fc6492cb256b58\System.Data.ni.dll ()
  378. MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll ()
  379. MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll ()
  380. MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll ()
  381. MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll ()
  382. MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll ()
  383. MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll ()
  384. MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll ()
  385. MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll ()
  386. MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll ()
  387. MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\b07f0d26a34ad53fc369248f289d1126\System.Numerics.ni.dll ()
  388. MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll ()
  389. MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
  390. MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
  391. MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
  392. MOD - C:\Program Files\WinRAR\RarExt.dll ()
  393.  
  394.  
  395. [color=#E56717]========== Services (SafeList) ==========[/color]
  396.  
  397. SRV - (Util Any Angle) -- C:\Program Files\Any Angle\bin\utilAnyAngle.exe File not found
  398. SRV - (winzipersvc) -- C:\Program Files\WinZipper\winzipersvc.exe (Taiwan Shui Mu Chih Ching Technology Limited)
  399. SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe ()
  400. SRV - (hshld) -- C:\Program Files\Hotspot Shield\bin\cmw_srv.exe (AnchorFree Inc.)
  401. SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
  402. SRV - (SSFK) -- C:\Program Files\SFK\SSFK.exe (TODO: <公司名>)
  403. SRV - (WdsManPro) -- C:\ProgramData\nWdsManPron\WdsManPro.exe (DTools LIMITED)
  404. SRV - (IhPul) -- C:\Users\XXX\AppData\Roaming\TSv\TSvr.exe (tsvr.com)
  405. SRV - (iSafeService) -- C:\Program Files\Elex-tech\YAC\iSafeSvc.exe (Elex do Brasil Participações Ltda)
  406. SRV - (DIgLiseService) -- C:\DIgSILENT\License Server\diglise.exe ()
  407. SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
  408. SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
  409. SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
  410. SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
  411. SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
  412. SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
  413. SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
  414. SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
  415.  
  416.  
  417. [color=#E56717]========== Driver Services (SafeList) ==========[/color]
  418.  
  419. DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
  420. DRV - (Tosrfcom) -- File not found
  421. DRV - (iSafeKrnlMon) -- C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys (Elex do Brasil Participações Ltda)
  422. DRV - (iSafeKrnlKit) -- C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys (Elex do Brasil Participações Ltda)
  423. DRV - (iSafeKrnlBoot) -- C:\Windows\System32\drivers\iSafeKrnlBoot.sys (Elex do Brasil Participações Ltda)
  424. DRV - (iSafeKrnlR3) -- C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys (Elex do Brasil Participações Ltda)
  425. DRV - ({699bd245-8d10-4e76-8ffa-df6cfdf0e2bc}Gw) -- C:\Windows\System32\drivers\{699bd245-8d10-4e76-8ffa-df6cfdf0e2bc}Gw.sys (StdLib)
  426. DRV - (iSafeNetFilter) -- C:\Windows\System32\drivers\iSafeNetFilter.sys (Elex do Brasil Participações Ltda)
  427. DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.)
  428. DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.)
  429. DRV - (iSafeKrnl) -- C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys (Elex do Brasil Participações Ltda)
  430. DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
  431. DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
  432. DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
  433. DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
  434. DRV - (SmbDrvI) -- C:\Windows\System32\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
  435. DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
  436. DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
  437. DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
  438. DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
  439. DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
  440. DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
  441. DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
  442. DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
  443. DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
  444. DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
  445. DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
  446. DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
  447. DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
  448. DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
  449. DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
  450. DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
  451.  
  452.  
  453. [color=#E56717]========== Standard Registry (All) ==========[/color]
  454.  
  455.  
  456. [color=#E56717]========== Internet Explorer ==========[/color]
  457.  
  458. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
  459. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1436933152&z=d7ca3ed36f60a63a4b1a927gcz3c1q5t6c9c8g9c0c&from=obw&uid=HitachiXHTS541680J9SA00_SB22MFKGJP8ALEJP8ALEX&q={searchTerms}
  460. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
  461. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
  462. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
  463. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1436933152&z=d7ca3ed36f60a63a4b1a927gcz3c1q5t6c9c8g9c0c&from=obw&uid=HitachiXHTS541680J9SA00_SB22MFKGJP8ALEJP8ALEX&q={searchTerms}
  464. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
  465. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
  466. IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  467. IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  468.  
  469. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
  470. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
  471. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  472. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
  473. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://u.msn.com/id-id/?ocid=iehp
  474. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
  475. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 9F B4 DE 9F 8B D0 01 [binary data]
  476. IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
  477. IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
  478. IE - HKCU\..\SearchScopes,DefaultScope = {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
  479. IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=HitachiXHTS541680J9SA00_SB22MFKGJP8ALEJP8ALEX&ts=1436933195&type=default&q={searchTerms}
  480. IE - HKCU\..\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}: "URL" = http://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=HitachiXHTS541680J9SA00_SB22MFKGJP8ALEJP8ALEX&ts=1436933195&type=default&q={searchTerms}
  481. IE - HKCU\..\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}: "URL" = http://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=HitachiXHTS541680J9SA00_SB22MFKGJP8ALEJP8ALEX&ts=1436933195&type=default&q={searchTerms}
  482. IE - HKCU\..\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}: "URL" = http://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=HitachiXHTS541680J9SA00_SB22MFKGJP8ALEJP8ALEX&ts=1436933195&type=default&q={searchTerms}
  483. IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  484.  
  485. [color=#E56717]========== FireFox ==========[/color]
  486.  
  487. FF - prefs.js..browser.search.countryCode: "ID"
  488. FF - prefs.js..browser.search.defaultenginename: "delta-homes"
  489. FF - prefs.js..browser.search.region: "ID"
  490. FF - prefs.js..browser.search.searchengine.alias: "delta-homes"
  491. FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine"
  492. FF - prefs.js..browser.search.searchengine.iconURL: "http://search.delta-homes.com/favicon.ico"
  493. FF - prefs.js..browser.search.searchengine.name: "delta-homes"
  494. FF - prefs.js..browser.search.searchengine.ptid: "wpm07163"
  495. FF - prefs.js..browser.search.searchengine.uid: "HitachiXHTS541680J9SA00_SB22MFKGJP8ALEJP8ALEX"
  496. FF - prefs.js..browser.search.searchengine.url: "http://search.delta-homes.com/web/?type=ds&ts=1444915779&z=c6cf487da40332b9ede37c9gdzbz9z8t7g8w4m6mbb&from=wpm07163&uid=HitachiXHTS541680J9SA00_SB22MFKGJP8ALEJP8ALEX&q={searchTerms}"
  497. FF - prefs.js..browser.search.selectedEngine: "delta-homes"
  498. FF - prefs.js..browser.search.update: false
  499. FF - prefs.js..browser.search.useDBForOrder: true
  500. FF - prefs.js..browser.startup.homepage: "about:home"
  501. FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.98
  502. FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
  503. FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.3.5
  504. FF - prefs.js..extensions.enabledAddons: kaskusmenu%40win7indo.com:22.01.2015
  505. FF - prefs.js..extensions.enabledAddons: VacuumPlacesImproved%40lultimouomo-gmail.com:1.2
  506. FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.6.12
  507. FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:2.0.2
  508. FF - prefs.js..extensions.enabledAddons: %7B76C80A11-FAD4-406c-8246-F5ED4F9367B5%7D:0.1.7
  509. FF - prefs.js..extensions.enabledAddons: %7Bc36177c0-224a-11da-8cd6-0800200c9a91%7D:3.9.85
  510. FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0017-0000-0000-ABCDEFFEDCBA%7D:7.0
  511. FF - prefs.js..extensions.enabledAddons: %7BDAD0F81A-CF67-4eed-98D6-26F6E47274CA%7D:1.5.5
  512. FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:3.1
  513. FF - prefs.js..extensions.enabledAddons: %7Bea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99%7D:0.3.8.1
  514. FF - prefs.js..extensions.enabledAddons: default_newtabff%40gmail.com:5.5.21
  515. FF - prefs.js..extensions.enabledAddons: defsearchp%40gmail.com:1.0.0.1069
  516. FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1
  517. FF - prefs.js..network.proxy.type: 4
  518. FF - user.js - File not found
  519.  
  520. FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll ()
  521. FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll (Adobe Systems, Inc.)
  522. FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
  523. FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
  524. FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  525. FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
  526. FF - HKLM\Software\MozillaPlugins\@rising.com.cn/nprising: File not found
  527. FF - HKCU\Software\MozillaPlugins\@rising.com.cn/nprising: File not found
  528.  
  529. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchffv2@gmail.com: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\jvjyqh5q.default\extensions\searchffv2@gmail.com
  530. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\default_newtabff@gmail.com: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rf7x0svu.default\extensions\default_newtabff@gmail.com [2015/10/21 09:34:39 | 000,000,000 | ---D | M]
  531. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\defsearchp@gmail.com: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rf7x0svu.default\extensions\defsearchp@gmail.com
  532. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
  533. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
  534. FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\XXX\AppData\Roaming\IDM\idmmzcc5 [2015/07/18 20:55:18 | 000,000,000 | ---D | M]
  535. FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\XXX\AppData\Roaming\IDM\idmmzcc5 [2015/07/18 20:55:18 | 000,000,000 | ---D | M]
  536.  
  537. [2015/09/19 10:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\Mozilla\Extensions
  538. [2015/10/24 13:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rf7x0svu.default\extensions
  539. [2015/10/21 09:34:39 | 000,000,000 | ---D | M] ("Default NewTab") -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rf7x0svu.default\extensions\default_newtabff@gmail.com
  540. [2015/10/24 13:06:50 | 000,044,911 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rf7x0svu.default\extensions\defsearchp@gmail.com.xpi
  541. [2015/10/24 13:53:19 | 000,002,198 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rf7x0svu.default\searchplugins\delta-homes.xml
  542. [2015/09/19 10:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
  543. [2015/09/19 10:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{d7ba87f4-c901-47b7-af80-18d75313aad1}
  544. [2015/09/19 10:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{e2e88b93-1685-4966-b6a4-180d7ba2f6d9}
  545. [2015/09/19 10:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
  546. [2015/09/19 10:04:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
  547. [2015/09/19 10:04:07 | 000,000,000 | ---D | M] (Tweak Network) -- C:\Program Files\Mozilla Firefox\browser\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA}
  548. [2015/09/19 10:04:07 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Program Files\Mozilla Firefox\browser\extensions\foxmarks@kei.com
  549. [2015/04/06 10:31:36 | 000,393,588 | ---- | M] () (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
  550. [2015/04/06 10:32:26 | 000,202,627 | ---- | M] () (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
  551. [2013/09/19 09:30:04 | 000,010,060 | ---- | M] () (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{76C80A11-FAD4-406C-8246-F5ED4F9367B5}.XPI
  552. [2014/04/02 08:17:34 | 000,102,696 | ---- | M] () (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{C36177C0-224A-11DA-8CD6-0800200C9A91}.XPI
  553. [2012/02/15 17:54:18 | 000,006,902 | ---- | M] () (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}.XPI
  554. [2013/10/17 12:27:12 | 000,014,082 | ---- | M] () (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{DAD0F81A-CF67-4EED-98D6-26F6E47274CA}.XPI
  555. [2015/04/06 10:31:36 | 000,322,179 | ---- | M] () (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
  556. [2012/02/15 17:45:22 | 000,041,411 | ---- | M] () (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{EA2B95C2-9BE8-48ED-BDD1-5FCD2AD0FF99}.XPI
  557. [2015/01/22 16:03:21 | 000,133,000 | ---- | M] () (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
  558. [2015/01/22 17:45:29 | 000,053,561 | ---- | M] () (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\KASKUSMENU@WIN7INDO.COM.XPI
  559. [2012/02/15 17:56:06 | 000,024,133 | ---- | M] () (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\VACUUMPLACESIMPROVED@LULTIMOUOMO-GMAIL.COM.XPI
  560. [2015/07/18 20:55:18 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\XXX\APPDATA\ROAMING\IDM\IDMMZCC5
  561.  
  562. O1 HOSTS File: ([2009/06/11 04:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
  563. O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
  564. O2 - BHO: (NiiceOOffErs) - {A74C00B9-1D70-4E6C-833B-3739D821EF67} - C:\Program Files\NiiceOOffErs\QxUUxW4EbEMgcu.dll ()
  565. O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
  566. O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
  567. O4 - HKLM..\Run: [Rs] C:\Program Files\Rs\Rs.exe (Windows APP)
  568. O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
  569. O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
  570. O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
  571. O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
  572. O4 - HKCU..\Run: [Web Companion] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize File not found
  573. O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ground.lnk = C:\Users\XXX\AppData\Roaming\Ground.exe ()
  574. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
  575. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
  576. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
  577. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
  578. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
  579. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
  580. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
  581. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
  582. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
  583. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
  584. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
  585. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
  586. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
  587. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
  588. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
  589. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
  590. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
  591. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
  592. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
  593. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
  594. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
  595. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
  596. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
  597. O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
  598. O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
  599. O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
  600. O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
  601. O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
  602. O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
  603. O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
  604. O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
  605. O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
  606. O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
  607. O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
  608. O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
  609. O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
  610. O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  611. O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
  612. O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  613. O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  614. O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  615. O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  616. O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  617. O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  618. O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  619. O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  620. O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  621. O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  622. O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  623. O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  624. O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  625. O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  626. O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  627. O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  628. O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  629. O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  630. O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  631. O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  632. O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  633. O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  634. O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  635. O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
  636. O13 - gopher Prefix: missing
  637. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
  638. O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
  639. O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
  640. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{236EA6A3-7E2F-4625-A90E-DB73AB221392}: NameServer = 82.163.143.169,199.203.131.145
  641. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{514D181B-A03E-485D-A383-CD86C759FC22}: DhcpNameServer = 8.8.8.8
  642. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{514D181B-A03E-485D-A383-CD86C759FC22}: NameServer = 82.163.143.169,82.163.142.171
  643. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87E00022-5C82-4C79-9576-A9570B5E6354}: NameServer = 10.0.28.226 10.0.28.227
  644. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3FD3750-824B-45F4-83BC-BC9D81E8CB39}: NameServer = 82.163.143.169,82.163.142.171
  645. O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
  646. O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  647. O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
  648. O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  649. O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  650. O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  651. O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  652. O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
  653. O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
  654. O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  655. O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
  656. O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
  657. O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  658. O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
  659. O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
  660. O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
  661. O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
  662. O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
  663. O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
  664. O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
  665. O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
  666. O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  667. O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
  668. O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
  669. O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
  670. O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
  671. O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
  672. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  673. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
  674. O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
  675. O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
  676. O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
  677. O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
  678. O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
  679. O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
  680. O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
  681. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
  682. O31 - SafeBoot: AlternateShell - cmd.exe
  683. O32 - HKLM CDRom: AutoRun - 1
  684. O32 - AutoRun File - [2009/06/11 04:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
  685. O32 - AutoRun File - [2008/04/24 04:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
  686. O32 - AutoRun File - [2007/11/06 22:41:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
  687. O33 - MountPoints2\{08d01fc2-72d2-11e5-9b3f-00266cbe3bf1}\Shell - "" = AutoRun
  688. O33 - MountPoints2\{08d01fc2-72d2-11e5-9b3f-00266cbe3bf1}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008/04/24 04:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
  689. O33 - MountPoints2\{08d01fc7-72d2-11e5-9b3f-00266cbe3bf1}\Shell - "" = AutoRun
  690. O33 - MountPoints2\{08d01fc7-72d2-11e5-9b3f-00266cbe3bf1}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008/04/24 04:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
  691. O34 - HKLM BootExecute: (autocheck autochk *)
  692. O35 - HKLM\..comfile [open] -- "%1" %*
  693. O35 - HKLM\..exefile [open] -- "%1" %*
  694. O37 - HKLM\...com [@ = comfile] -- "%1" %*
  695. O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  696. O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
  697. O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
  698. O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  699.  
  700. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
  701.  
  702. [2015/10/24 13:56:31 | 005,637,412 | ---- | C] (Swearware) -- C:\Users\XXX\Desktop\ComboFix.exe
  703. [2015/10/24 13:49:36 | 022,908,888 | ---- | C] (Malwarebytes ) -- C:\Users\XXX\Desktop\mbam-setup-techspot.31794-2.2.0.1024.exe
  704. [2015/10/24 13:47:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.com
  705. [2015/10/24 13:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
  706. [2015/10/21 16:38:10 | 000,044,712 | ---- | C] (Elex do Brasil Participações Ltda) -- C:\Windows\System32\drivers\iSafeNetFilter.sys
  707. [2015/10/21 16:38:09 | 000,050,280 | ---- | C] (Elex do Brasil Participações Ltda) -- C:\Windows\System32\drivers\iSafeKrnlBoot.sys
  708. [2015/10/21 16:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Elex-tech
  709. [2015/10/21 16:37:57 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Elex-tech
  710. [2015/10/20 16:30:54 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\CrashRpt
  711. [2015/10/15 20:33:13 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\WinZipper
  712. [2015/10/15 20:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
  713. [2015/10/15 20:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinZipper
  714. [2015/10/15 20:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\SFK
  715. [2015/10/15 20:31:26 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\TSv
  716. [2015/10/15 20:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\nWdsManPron
  717. [2015/10/15 19:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
  718. [2015/10/15 19:38:40 | 000,872,192 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
  719. [2015/10/15 19:38:40 | 000,103,680 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbfake.sys
  720. [2015/10/15 19:38:40 | 000,101,632 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
  721. [2015/10/15 19:38:40 | 000,100,864 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
  722. [2015/10/15 19:38:40 | 000,023,424 | R--- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
  723. [2015/10/15 19:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mobile Partner
  724. [2015/09/28 08:16:35 | 000,000,000 | --SD | C] -- C:\Users\XXX\Documents\My Shapes
  725. [2015/09/28 08:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
  726. [2015/09/26 21:25:05 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
  727. [2015/09/26 21:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
  728. [2015/09/26 21:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\Counter-Strike Source
  729. [1 C:\Users\XXX\Desktop\*.tmp files -> C:\Users\XXX\Desktop\*.tmp -> ]
  730.  
  731. [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
  732.  
  733. [2015/10/24 13:57:11 | 005,637,412 | ---- | M] (Swearware) -- C:\Users\XXX\Desktop\ComboFix.exe
  734. [2015/10/24 13:50:37 | 022,908,888 | ---- | M] (Malwarebytes ) -- C:\Users\XXX\Desktop\mbam-setup-techspot.31794-2.2.0.1024.exe
  735. [2015/10/24 13:47:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.com
  736. [2015/10/24 13:39:05 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\SeriesShark.job
  737. [2015/10/24 12:07:14 | 000,659,818 | ---- | M] () -- C:\Windows\System32\perfh009.dat
  738. [2015/10/24 12:07:14 | 000,120,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
  739. [2015/10/24 12:05:13 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  740. [2015/10/24 12:05:12 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  741. [2015/10/24 12:01:18 | 000,778,693 | ---- | M] () -- C:\Users\XXX\Documents\surat keterangan bekerja.jpg
  742. [2015/10/24 12:01:17 | 000,216,824 | ---- | M] () -- C:\Users\XXX\Documents\ktp.jpg
  743. [2015/10/24 12:01:16 | 002,377,839 | ---- | M] () -- C:\Users\XXX\Documents\IMG_20151021_0001.jpg
  744. [2015/10/24 12:01:15 | 000,132,898 | ---- | M] () -- C:\Users\XXX\Desktop\trafo 60mva.jpg
  745. [2015/10/24 12:01:14 | 000,186,516 | ---- | M] () -- C:\Users\XXX\Desktop\Bukti Pembayaran.jpg
  746. [2015/10/24 11:55:40 | 000,000,684 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ground.lnk
  747. [2015/10/24 11:54:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
  748. [2015/10/24 11:54:47 | 1506,779,136 | -HS- | M] () -- C:\hiberfil.sys
  749. [2015/10/22 17:28:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\NetArmyTools.job
  750. [2015/10/22 17:18:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\FatBurn.job
  751. [2015/10/22 17:08:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AlphaGear.job
  752. [2015/10/22 16:58:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\MathEmu.job
  753. [2015/10/22 16:58:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\FunFaces.job
  754. [2015/10/22 16:58:01 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\QuickStream.job
  755. [2015/10/21 17:16:03 | 000,876,891 | ---- | M] () -- C:\Users\XXX\Desktop\body building.png
  756. [2015/10/21 15:44:59 | 000,000,720 | ---- | M] () -- C:\bar.emf
  757. [2015/10/20 16:11:41 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
  758. [2015/10/15 20:29:42 | 000,001,433 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
  759. [2015/10/15 20:29:21 | 000,000,102 | ---- | M] () -- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
  760. [2015/10/15 19:38:58 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
  761. [2015/10/01 19:43:09 | 000,408,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
  762. [2015/09/28 08:14:53 | 000,000,422 | ---- | M] () -- C:\Windows\ODBC.INI
  763. [2015/09/26 21:25:05 | 000,001,095 | ---- | M] () -- C:\Users\XXX\Desktop\Counter-Strike Source.lnk
  764. [1 C:\Users\XXX\Desktop\*.tmp files -> C:\Users\XXX\Desktop\*.tmp -> ]
  765.  
  766. [color=#E56717]========== Files Created - No Company Name ==========[/color]
  767.  
  768. [2015/10/21 17:16:02 | 000,876,891 | ---- | C] () -- C:\Users\XXX\Desktop\body building.png
  769. [2015/10/21 13:09:55 | 002,377,839 | ---- | C] () -- C:\Users\XXX\Documents\IMG_20151021_0001.jpg
  770. [2015/10/21 09:36:25 | 000,132,898 | ---- | C] () -- C:\Users\XXX\Desktop\trafo 60mva.jpg
  771. [2015/10/20 06:01:24 | 000,186,516 | ---- | C] () -- C:\Users\XXX\Desktop\Bukti Pembayaran.jpg
  772. [2015/10/15 20:29:21 | 000,000,102 | ---- | C] () -- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
  773. [2015/10/15 19:38:58 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
  774. [2015/09/28 08:29:15 | 000,000,720 | ---- | C] () -- C:\bar.emf
  775. [2015/09/26 21:25:05 | 000,001,095 | ---- | C] () -- C:\Users\XXX\Desktop\Counter-Strike Source.lnk
  776. [2015/07/20 15:13:04 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
  777. [2015/07/20 15:13:04 | 000,000,422 | ---- | C] () -- C:\Windows\ODBC.INI
  778. [2015/07/16 15:10:33 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
  779. [2015/07/16 15:10:32 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
  780. [2015/07/16 15:10:32 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
  781. [2015/07/16 15:10:31 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
  782. [2015/07/16 11:05:00 | 004,443,986 | ---- | C] () -- C:\Windows\shost.bin
  783. [2015/07/15 11:10:34 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Local\Temp.dat
  784. [2015/07/15 11:06:19 | 000,000,000 | ---- | C] () -- C:\Windows\prleth.sys
  785. [2015/07/15 11:06:19 | 000,000,000 | ---- | C] () -- C:\Windows\hgfs.sys
  786. [2015/07/15 11:04:53 | 000,004,728 | ---- | C] () -- C:\Windows\System32\Robesaimpi.ini
  787. [2015/07/15 11:04:53 | 000,002,448 | ---- | C] () -- C:\Windows\System32\RobesaimpiOff.ini
  788. [2015/07/15 11:04:42 | 000,286,720 | ---- | C] () -- C:\Windows\System32\Robesaimpi.dll
  789. [2015/06/05 09:31:40 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\chrtmp
  790. [2015/05/24 03:01:47 | 000,002,880 | ---- | C] () -- C:\Windows\System32\LavasoftTcpServiceOff.ini
  791. [2015/05/22 15:01:09 | 000,000,089 | ---- | C] () -- C:\Windows\comtrace.INI
  792. [2015/05/22 15:01:09 | 000,000,042 | ---- | C] () -- C:\Windows\Olereg.INI
  793. [2015/05/12 15:34:26 | 000,534,016 | -HS- | C] () -- C:\Users\XXX\AppData\Roaming\Ground.exe
  794. [2015/05/07 13:44:51 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
  795. [2015/04/30 14:26:20 | 000,000,410 | ---- | C] () -- C:\Users\XXX\SCE_DIRECTORY_HISTORY.cfg
  796. [2015/04/28 07:25:26 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
  797. [2005/03/28 12:14:24 | 010,071,644 | -H-- | C] () -- C:\Users\XXX\AppData\Roaming\logs.dat
  798.  
  799. [color=#E56717]========== ZeroAccess Check ==========[/color]
  800.  
  801. [2009/07/14 11:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
  802.  
  803. [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  804.  
  805. [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
  806.  
  807. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  808. "" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 04:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
  809. "ThreadingModel" = Apartment
  810.  
  811. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  812. "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
  813. "ThreadingModel" = Free
  814.  
  815. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  816. "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 08:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
  817. "ThreadingModel" = Both
  818.  
  819. [color=#E56717]========== LOP Check ==========[/color]
  820.  
  821. [2015/09/10 13:58:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Canon
  822. [2015/10/24 11:53:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DMCache
  823. [2015/10/21 16:37:57 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Elex-tech
  824. [2015/07/18 12:11:54 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Hotspot Shield
  825. [2015/09/21 18:36:05 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\IDM
  826. [2015/10/22 19:39:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\MiniLyrics
  827. [2015/09/19 09:41:35 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Opera Software
  828. [2015/05/24 02:54:46 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\RHEng
  829. [2015/04/28 13:55:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Smadav
  830. [2015/07/24 16:01:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thinstall
  831. [2015/10/15 20:31:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TSv
  832. [2015/04/28 09:21:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WinBatch
  833. [2015/10/21 16:34:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WinZipper
  834.  
  835. [color=#E56717]========== Purity Check ==========[/color]
  836.  
  837.  
  838.  
  839. [color=#E56717]========== Files - Unicode (All) ==========[/color]
  840. [2015/10/24 13:10:42 | 000,001,028 | ---- | M] ()(C:\Users\Public\Desktop\SMAD?V.lnk) -- C:\Users\Public\Desktop\SMADΔV.lnk
  841. [2015/04/28 13:55:58 | 000,001,028 | ---- | C] ()(C:\Users\Public\Desktop\SMAD?V.lnk) -- C:\Users\Public\Desktop\SMADΔV.lnk
  842.  
  843. < End of report >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!