Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop up Rundll taskengg.exe to much


  • This topic is locked This topic is locked
6 replies to this topic

#1 rafli1982

rafli1982

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 03 May 2014 - 07:44 PM

Dear Bleepingcomputer,

 

I have some problem every 1 or 2 minute got so much window pop up about RunDLL and the content is taskengg,exe. 

Pease find my posting for Log Combo fix as bellow:

 

ComboFix 14-04-30.01 - rafli 05/04/2014   6:37.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3878.2547 [GMT 7:00]
Running from: c:\users\rafli\Documents\My DAP Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE64.dll
c:\program files (x86)\DealPly\DealPlyUpdateVer.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\program files (x86)\MediaPlayerV1
c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha272\ch\MediaPlayerV1alpha272.crx
c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha272\ff\chrome.manifest
c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha272\ff\chrome\content\ffMediaPlayerV1alpha272.js
c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha272\ff\chrome\content\icons\default\MediaPlayerV1alpha272_32.png
c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha272\ff\chrome\content\icons\Thumbs.db
c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha272\ff\chrome\content\overlay.xul
c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha272\ff\install.rdf
c:\program files (x86)\MediaViewerV1
c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha7838\ch\MediaViewerV1alpha7838.crx
c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha7838\ff\chrome.manifest
c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha7838\ff\chrome\content\ffMediaViewerV1alpha7838.js
c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha7838\ff\chrome\content\icons\default\MediaViewerV1alpha7838_32.png
c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha7838\ff\chrome\content\icons\Thumbs.db
c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha7838\ff\chrome\content\overlay.xul
c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha7838\ff\install.rdf
c:\program files (x86)\MediaViewV1
c:\program files (x86)\MediaViewV1\MediaViewV1alpha1892\ch\MediaViewV1alpha1892.crx
c:\program files (x86)\MediaViewV1\MediaViewV1alpha1892\ff\chrome.manifest
c:\program files (x86)\MediaViewV1\MediaViewV1alpha1892\ff\chrome\content\ffMediaViewV1alpha1892.js
c:\program files (x86)\MediaViewV1\MediaViewV1alpha1892\ff\chrome\content\icons\default\MediaViewV1alpha1892_32.png
c:\program files (x86)\MediaViewV1\MediaViewV1alpha1892\ff\chrome\content\icons\Thumbs.db
c:\program files (x86)\MediaViewV1\MediaViewV1alpha1892\ff\chrome\content\overlay.xul
c:\program files (x86)\MediaViewV1\MediaViewV1alpha1892\ff\install.rdf
c:\program files (x86)\SearchProtect
c:\program files (x86)\SearchProtect\EULA.txt
c:\program files (x86)\SearchProtect\Main\bin\SPTool.dll
c:\program files (x86)\SearchProtect\Main\bin\uninstall.exe
c:\program files (x86)\SearchProtect\Main\rep\SystemRepository.dat
c:\program files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files (x86)\SearchProtect\UI\bin\cltmngui.exe
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.jpg
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\v.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\x.png
c:\program files (x86)\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\main.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.css
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.html
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.css
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.js
c:\program files (x86)\SearchProtect\UI\dialogs\style.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\program files (x86)\VideoPlayerV3
c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta136\ch\VideoPlayerV3beta136.crx
c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta136\ff\chrome.manifest
c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta136\ff\chrome\content\ffVideoPlayerV3beta136.js
c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta136\ff\chrome\content\icons\default\VideoPlayerV3beta136_32.png
c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta136\ff\chrome\content\icons\Thumbs.db
c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta136\ff\chrome\content\overlay.xul
c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta136\ff\install.rdf
c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta136\uninstall.exe
c:\program files (x86)\WebexpEnhancedV1
c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6693\ch\WebexpEnhancedV1alpha6693.crx
c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6693\ff\chrome.manifest
c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6693\ff\chrome\content\ffWebexpEnhancedV1alpha6693.js
c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6693\ff\chrome\content\icons\default\WebexpEnhancedV1alpha6693_32.png
c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6693\ff\chrome\content\icons\Thumbs.db
c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6693\ff\chrome\content\overlay.xul
c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6693\ff\install.rdf
c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6693\uninstall.exe
c:\program files\IB Updater\ExTEnsion32.dll
c:\programdata\saffe saove
c:\programdata\saffe saove\51bb24f5dea9c.dll
c:\programdata\saffe saove\51bb24f5dea9c.tlb
c:\programdata\saffe saove\data\saffe saove.dat
c:\programdata\SearchNewTab
c:\programdata\SearchNewTab\51a4c79c7c266.tlb
c:\programdata\SearchNewTab\51a4c8841552b.tlb
c:\programdata\SearchNewTab\51a4c889ba3ef.dll
c:\programdata\SearchNewTab\51a4c889ba3ef.tlb
c:\programdata\SearchNewTab\51bb257405596.dll
c:\programdata\SearchNewTab\51bb257405596.tlb
c:\programdata\SearchNewTab\51d984753e84b.dll
c:\programdata\SearchNewTab\51d984753e84b.tlb
c:\programdata\SearchNewTab\51f0fb1ea2826.tlb
c:\programdata\SearchNewTab\51f0ff989af10.dll
c:\programdata\SearchNewTab\51f0ff989af10.tlb
c:\programdata\SearchNewTab\51fe1d87bcebb.tlb
c:\programdata\SearchNewTab\51fe33e38bf0b.dll
c:\programdata\SearchNewTab\51fe33e38bf0b.tlb
c:\programdata\SearchNewTab\data\SearchNewTab.dat
c:\programdata\SearchNewTab\settings.ini
C:\setup.exe
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Extensions\oifmadcjmkkofmjkooahndbaiibkiaji
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Extensions\oifmadcjmkkofmjkooahndbaiibkiaji\2.3\background.html
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Extensions\oifmadcjmkkofmjkooahndbaiibkiaji\2.3\content.js
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Extensions\oifmadcjmkkofmjkooahndbaiibkiaji\2.3\lsdb.js
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Extensions\oifmadcjmkkofmjkooahndbaiibkiaji\2.3\manifest.json
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Extensions\oifmadcjmkkofmjkooahndbaiibkiaji\2.3\n97b1.js
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifmadcjmkkofmjkooahndbaiibkiaji
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifmadcjmkkofmjkooahndbaiibkiaji\000178.ldb
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifmadcjmkkofmjkooahndbaiibkiaji\000180.ldb
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifmadcjmkkofmjkooahndbaiibkiaji\000181.log
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifmadcjmkkofmjkooahndbaiibkiaji\CURRENT
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifmadcjmkkofmjkooahndbaiibkiaji\LOCK
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifmadcjmkkofmjkooahndbaiibkiaji\LOG
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifmadcjmkkofmjkooahndbaiibkiaji\LOG.old
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifmadcjmkkofmjkooahndbaiibkiaji\MANIFEST-000179
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oifmadcjmkkofmjkooahndbaiibkiaji_0.localstorage-journal
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oifmadcjmkkofmjkooahndbaiibkiaji_0.localstorage
c:\users\rafli\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\rafli\AppData\Roaming\facemoods.com
c:\users\rafli\AppData\Roaming\raflilog.dat
c:\windows\Install
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-03 to 2014-05-03  )))))))))))))))))))))))))))))))
.
.
2014-05-03 23:21 . 2014-05-03 23:21 -------- d-----w- C:\AdwCleaner
2014-05-03 20:39 . 2014-05-03 20:39 -------- d-sh--w- c:\users\rafli\AppData\Local\EmieUserList
2014-05-03 20:39 . 2014-05-03 20:39 -------- d-sh--w- c:\users\rafli\AppData\Local\EmieSiteList
2014-05-03 20:22 . 2014-05-03 20:22 -------- d-----w- c:\windows\Migration
2014-05-03 20:21 . 2013-10-14 11:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-05-03 20:10 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-05-03 20:10 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-05-03 20:10 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-05-03 20:10 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-05-03 20:10 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-05-03 20:10 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-03 18:38 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9C70AD5-A5C0-4762-B716-7FFB9BDD3A98}\mpengine.dll
2014-05-03 17:31 . 2014-05-03 23:23 -------- d-----w- c:\program files (x86)\SpeedBit Video Accelerator
2014-05-03 17:31 . 2014-05-03 17:31 -------- d-----w- c:\program files\Common Files\SpeedBit
2014-05-03 17:19 . 2014-05-03 17:31 -------- d-----w- c:\programdata\SpeedBit
2014-05-03 17:19 . 2014-05-03 17:19 -------- d-----w- c:\users\rafli\AppData\Roaming\SpeedBit
2014-05-03 17:19 . 2014-05-03 17:19 -------- d-----w- c:\program files (x86)\Common Files\SpeedBit
2014-05-03 17:19 . 2014-05-03 17:19 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2014-05-03 17:19 . 2014-05-03 17:19 109696 ----a-w- c:\windows\SysWow64\EasyHook64.dll
2014-05-03 17:19 . 2014-05-03 17:19 -------- d-----w- c:\program files (x86)\DAP
2014-05-03 17:19 . 2014-05-03 17:19 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx
2014-05-03 15:09 . 2014-05-03 17:21 -------- d-----w- c:\programdata\SecTaskMan
2014-05-03 15:09 . 2014-05-03 15:09 -------- d-----w- c:\program files (x86)\Security Task Manager
2014-05-03 14:53 . 2014-05-03 21:30 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-03 14:52 . 2014-05-03 14:52 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-03 14:52 . 2014-05-03 14:52 -------- d-----w- c:\programdata\Malwarebytes
2014-05-03 14:52 . 2014-04-03 02:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-03 14:52 . 2014-04-03 02:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-03 14:52 . 2014-04-03 02:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-03 14:08 . 2014-05-03 14:08 -------- d-----w- c:\users\rafli\AppData\Roaming\Solvusoft
2014-05-03 14:08 . 2014-05-03 14:08 -------- d-----w- c:\program files (x86)\DriverDoc
2014-05-03 13:49 . 2014-05-03 13:49 -------- d-----w- c:\users\rafli\AppData\Local\SearchProtect
2014-05-03 13:45 . 2014-05-03 13:48 -------- d-----w- c:\program files (x86)\RCrawler
2014-05-03 12:01 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-03 11:53 . 2014-05-03 11:53 -------- d-----w- c:\program files (x86)\Additional Offer
2014-05-03 11:51 . 2014-05-03 11:51 -------- d-----w- c:\users\rafli\AppData\Roaming\SupTab
2014-05-03 11:51 . 2014-05-03 11:51 -------- d-----w- c:\programdata\IePluginService
2014-05-03 11:51 . 2014-05-03 17:37 -------- d-----w- c:\program files (x86)\SupTab
2014-05-03 11:51 . 2014-05-03 11:51 -------- d-----w- c:\users\rafli\AppData\Local\41
2014-05-03 11:51 . 2014-05-03 11:51 -------- d-----w- c:\programdata\WPM
2014-05-03 11:49 . 2014-05-03 11:49 -------- d-----w- c:\users\rafli\AppData\Roaming\qone8
2014-05-03 10:55 . 2013-10-02 00:15 1057280 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-05-03 10:55 . 2013-10-01 23:08 855552 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2014-05-03 10:55 . 2013-10-01 20:57 6578176 ----a-w- c:\windows\system32\mstscax.dll
2014-05-03 10:27 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-05-03 10:27 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-05-03 10:27 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-05-03 10:26 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-05-03 10:26 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-05-03 09:22 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-05-03 09:22 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-05-03 09:22 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-05-03 09:22 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-05-03 08:41 . 2014-05-03 08:41 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-05-03 08:31 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-05-03 08:31 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-05-03 08:31 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
2014-05-03 08:31 . 2014-02-04 02:35 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-05-03 08:31 . 2014-02-04 02:35 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-05-03 08:31 . 2014-02-04 02:28 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-05-03 08:31 . 2014-02-04 02:00 2048 ----a-w- c:\windows\SysWow64\iologmsg.dll
2014-05-03 08:31 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-05-03 08:31 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-05-03 08:31 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-05-03 08:31 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-05-03 08:29 . 2014-03-04 09:44 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-05-03 08:29 . 2014-03-04 09:44 243712 ----a-w- c:\windows\system32\wow64.dll
2014-05-03 08:29 . 2014-03-04 09:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-05-03 08:29 . 2014-03-04 09:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-05-03 08:29 . 2014-03-04 09:44 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-05-03 08:29 . 2014-03-04 09:17 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-05-03 08:29 . 2014-03-04 09:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-05-03 08:29 . 2014-03-04 09:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-05-03 08:29 . 2014-03-04 08:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-05-03 08:29 . 2014-03-04 08:09 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-05-03 08:29 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-05-03 08:29 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-05-02 00:43 . 2014-05-02 00:42 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01C057FC-CBF2-4FF7-BB1C-96260721887B}\gapaengine.dll
2014-04-24 00:39 . 2014-04-24 00:39 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2014-04-24 00:37 . 2008-04-06 22:38 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2014-04-17 22:35 . 2014-04-17 22:35 -------- d-----w- c:\users\rafli\AppData\Roaming\Oracle
2014-04-17 22:30 . 2014-04-14 13:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 12:46 . 2014-04-19 21:39 -------- d-----w- c:\users\rafli\AppData\Local\Adobe
2014-04-10 01:24 . 2014-04-10 01:24 -------- d-----w- c:\users\rafli\AppData\Local\Skype
2014-04-10 01:23 . 2014-04-18 21:20 -------- d-----w- c:\users\rafli\AppData\Roaming\Skype
2014-04-10 01:23 . 2014-04-10 01:23 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-04-10 01:23 . 2014-04-17 03:05 -------- d-----r- c:\program files (x86)\Skype
2014-04-10 01:23 . 2014-04-17 03:04 -------- d-----w- c:\programdata\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-03 21:28 . 2013-08-01 13:56 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2014-05-03 20:34 . 2012-12-16 15:46 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-03 20:34 . 2012-12-16 15:46 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-19 21:51 . 2012-12-22 22:11 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-03-11 02:52 . 2012-08-30 14:03 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-09 13:55 . 2014-03-09 13:55 34032 ----a-w- c:\windows\system32\drivers\seehcri.sys
2014-03-09 12:42 . 2014-03-09 12:42 34840 ----a-w- c:\windows\system32\drivers\cnnctfy3.sys
2014-03-04 09:17 . 2014-05-03 08:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-21 01:16 . 2013-03-13 07:47 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
2014-05-03 17:19 442472 ----a-w- c:\program files (x86)\DAP\LinkVerifier.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-30 00:22 130736 ----a-w- c:\users\rafli\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-30 00:22 130736 ----a-w- c:\users\rafli\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-30 00:22 130736 ----a-w- c:\users\rafli\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-30 00:22 130736 ----a-w- c:\users\rafli\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2014-05-03 4110992]
"SpeedBitVideoAccelerator"="c:\program files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe" [2014-05-03 1517224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"mobilegeni daemon"="c:\program files (x86)\Mobogenie\DaemonProcess.exe" [2014-04-08 748736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SweetIM"=c:\program files (x86)\SweetIM\Messenger\SweetIM.exe
"Sweetpacks Communicator"=c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
.
R1 MpKslb904eae2;MpKslb904eae2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9C70AD5-A5C0-4762-B716-7FFB9BDD3A98}\MpKslb904eae2.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9C70AD5-A5C0-4762-B716-7FFB9BDD3A98}\MpKslb904eae2.sys [x]
R1 ubayfcia;ubayfcia;c:\windows\system32\drivers\ubayfcia.sys;c:\windows\SYSNATIVE\drivers\ubayfcia.sys [x]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys;c:\windows\SYSNATIVE\DRIVERS\wcmvcam64.sys [x]
R2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe [x]
R2 Wpm;Wpm Service;c:\programdata\WPM\wprotectmanager.exe;c:\programdata\WPM\wprotectmanager.exe [x]
R3 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 ATP;ASUS PS/2 Port Input Device;c:\windows\system32\DRIVERS\AsusTP.sys;c:\windows\SYSNATIVE\DRIVERS\AsusTP.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R3 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
R3 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe;c:\program files\IB Updater\ExtensionUpdaterService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IePluginService;IePlugin Service;c:\programdata\IePluginService\PluginService.exe;c:\programdata\IePluginService\PluginService.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R3 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
R3 plkusbser;PROLiNKU6 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\plkusbser.sys;c:\windows\SYSNATIVE\DRIVERS\plkusbser.sys [x]
R3 PROLiNKusbdiag;PROLiNK DataCard Diagnostic Port;c:\windows\system32\DRIVERS\PROLiNKusbdiag.sys;c:\windows\SYSNATIVE\DRIVERS\PROLiNKusbdiag.sys [x]
R3 PROLiNKusbmodem;PROLiNK DataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\PROLiNKusbmodem.sys;c:\windows\SYSNATIVE\DRIVERS\PROLiNKusbmodem.sys [x]
R3 PROLiNKusbnmea;PROLiNK DataCard NMEA Port;c:\windows\system32\DRIVERS\PROLiNKusbnmea.sys;c:\windows\SYSNATIVE\DRIVERS\PROLiNKusbnmea.sys [x]
R3 PROLiNKusbvoice;PROLiNK DataCard Voice Port;c:\windows\system32\DRIVERS\PROLiNKusbvoice.sys;c:\windows\SYSNATIVE\DRIVERS\PROLiNKusbvoice.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R4 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link.exe;c:\program files\Samsung\Samsung Link\Samsung Link.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 SBUpd;SpeedBit Update;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe [x]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SpeedBit Video Accelerator\VideoAcceleratorService.exe;c:\progra~2\SpeedBit Video Accelerator\VideoAcceleratorService.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MgAssistService;MgAssist Service;c:\program files (x86)\Mobogenie\MgAssist.exe;c:\program files (x86)\Mobogenie\MgAssist.exe [x]
S3 SBUpdd;SpeedBit UpdateD;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
S4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
*Deregistered* - MBAMWebAccessControl
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-03 16:11 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-16 20:34]
.
2014-05-03 c:\windows\Tasks\AmiUpdXp.job
- c:\users\rafli\AppData\Local\41\a18467.exe [2014-05-03 11:46]
.
2014-05-03 c:\windows\Tasks\DriverDoc_UPDATES.job
- c:\program files (x86)\DriverDoc\Solvusoftdd.exe [2014-05-03 12:06]
.
2014-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-16 14:56]
.
2014-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-16 14:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-30 00:22 164016 ----a-w- c:\users\rafli\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-30 00:22 164016 ----a-w- c:\users\rafli\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-30 00:22 164016 ----a-w- c:\users\rafli\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-30 00:22 164016 ----a-w- c:\users\rafli\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-09 03:51 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-09 03:51 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-09 03:51 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-09 03:51 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-09 03:51 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-09 03:51 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
uDefault_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG&q={searchTerms}
mDefault_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG&q={searchTerms}
mDefault_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG
mStart Page = hxxp://start.qone8.com/?type=hp&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG
mSearch Page = hxxp://www.qone8.com/web/?type=ds&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
LSP: c:\program files (x86)\SpeedBit Video Accelerator\sblsp.dll
TCP: DhcpNameServer = 202.73.96.40 202.73.96.36 202.73.99.4 202.73.99.2
TCP: Interfaces\{21CF256A-B6AD-49F7-BFDA-DF4B420C9624}: NameServer = 192.168.64.1
TCP: Interfaces\{2E541FF7-D62F-4237-A20F-12E7DA71E0DF}\271666C6962E08993702960586F6E656: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{2E541FF7-D62F-4237-A20F-12E7DA71E0DF}\34550505140234F46464545402A4144594E45474142514: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{2E541FF7-D62F-4237-A20F-12E7DA71E0DF}\B4257402247435: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{44604161-2335-4815-9597-1F30DE864187}: NameServer = 192.168.104.1
TCP: Interfaces\{788F592A-2651-49C3-AC3E-724C26ADD327}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{918ED925-B301-4ECD-B116-649EFEFBC3DC}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{9BAA60ED-756D-4004-A16D-744F6FF3F3AD}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{D8F13777-25BA-4064-AA09-EDDA5EB5CC91}: NameServer = 192.168.132.1
TCP: Interfaces\{ED0501C5-A5AC-40D6-972E-74BDCF94D721}: NameServer = 192.168.240.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1754B7B7-905D-5BDA-0C7E-6748677FE87D} - c:\programdata\SearchNewTab\51f0fb1ea2826.dll
BHO-{2C2AC3F9-EBF5-2448-91E8-1A60C1552B81} - c:\programdata\SearchNewTab\51fe1d87bcebb.dll
BHO-{336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\IB Updater\Extension32.dll
BHO-{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - c:\program files (x86)\SupTab\SupTab.dll
BHO-{590D1460-116F-4208-78CE-794BF0054AFD} - c:\programdata\saFFe  SSavoe\51f0fa3441aa7.dll
BHO-{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - c:\program files (x86)\AmiExt\flashEnhancer\ie\AmiBho.dll
BHO-{74C8A523-929B-3ADA-EA88-5636477D3876} - c:\programdata\ConttiNuetuosavEE\51a4c74d3401b.dll
BHO-{91677AC5-D331-BFBD-9088-26A7AFC7D628} - c:\programdata\ConttiNuetuosavEE\51a4c869a43f4.dll
BHO-{9CBBCCF2-A751-BAA6-9EF4-5E1E9B3D6AA5} - c:\programdata\SearchNewTab\51a4c79c7c266.dll
BHO-{B7C3D8B6-45E4-8C33-3CF6-337DFDAFDE2E} - c:\programdata\SearchNewTab\51a4c8841552b.dll
BHO-{C0A6D7BF-3E5D-43D8-5E65-32E2BF9B9726} - c:\programdata\SavEnsohhare\51fe1d3758e67.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
Toolbar-Locked - (no file)
WebBrowser-{4B4D5056-3700-A76A-76A7-7A786E7484D7} - (no file)
AddRemove-Cole2k Media - Codec Pack - c:\windows\SysWOW64\C2MP\Uninst.exe
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-flash-Enhancer - c:\program files (x86)\AmiExt\flashEnhancer\uninstall.exe
AddRemove-MediaPlayerV1alpha272 - c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha272\uninstall.exe
AddRemove-MediaViewerV1alpha7838 - c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha7838\uninstall.exe
AddRemove-MediaViewV1alpha1892 - c:\program files (x86)\MediaViewV1\MediaViewV1alpha1892\uninstall.exe
AddRemove-SearchProtect - c:\progra~2\SearchProtect\Main\bin\uninstall.exe
AddRemove-SpeedAnalysis2 - c:\program files (x86)\Speed Analysis 2\uninst.exe
AddRemove-Video Player - c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta136\uninstall.exe
AddRemove-Webexp Enhanced - c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6693\uninstall.exe
AddRemove-DealPly - c:\users\rafli\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:de,4a,79,d1,c2,e0,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,6a,27,00,50,68,ac,4d,83,fc,27,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,6a,27,00,50,68,ac,4d,83,fc,27,\
.
[HKEY_USERS\S-1-5-21-1204630230-2287014720-1312876162-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]
@Denied: (Full) (Everyone)
.
[HKEY_USERS\S-1-5-21-1204630230-2287014720-1312876162-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{807a8dbb-47ff-11e2-b69c-806e6f6e6963}\shell]
@="None"
.
[HKEY_USERS\S-1-5-21-1204630230-2287014720-1312876162-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{baf4384e-4782-11e2-a16e-74f06daf1b66}\shell]
@="AutoRun"
.
[HKEY_USERS\S-1-5-21-1204630230-2287014720-1312876162-1000_Classes\Wow6432Node\CLSID\{4bb4ca6a-2a7a-4cdd-b126-9e23c798cca2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000071
"Therad"=dword:00000019
"SpecVersion"=dword:000000d4
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1204630230-2287014720-1312876162-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):5a,77,8d,30,bf,d3,80,d9,f7,2f,20,d1,94,7d,39,bb,76,40,ea,6d,1b,
   04,e4,24,91,3e,73,97,2c,41,c2,da,d2,e9,c7,e4,5b,78,47,26,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-04  06:54:29
ComboFix-quarantined-files.txt  2014-05-03 23:54
.
Pre-Run: 16,158,699,520 bytes free
Post-Run: 16,646,189,056 bytes free
.
- - End Of File - - 4ABC91D8A2DB20294804E95BE9231315

 

 

 

 

 

As the additional data please find  the attachment for  Extras.TXT

and the OTL.TXT I wil attached in the next post

 

 
< End of report

Attached File  Extras.Txt   490.19KB   0 downloads

 

 

 

 

 

 

 

Please your advise to solve this problem

I would be very appreciate for your reply.

Thanks

 

Rafli Hermanto

 

 


Edited by rafli1982, 03 May 2014 - 10:19 PM.


BC AdBot (Login to Remove)

 


#2 rafli1982

rafli1982
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 03 May 2014 - 10:35 PM

Hi guys,
 
Regarding my previous posting , please find the OTL.TXT as bellow
 
OTL logfile created on: 5/4/2014 8:15:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\rafli\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.79 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 70.31% Memory free
7.57 Gb Paging File | 5.69 Gb Available in Paging File | 75.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.13 Gb Total Space | 15.36 Gb Free Space | 12.89% Space Free | Partition Type: NTFS
Drive D: | 100.71 Gb Total Space | 13.81 Gb Free Space | 13.71% Space Free | Partition Type: NTFS
Drive E: | 78.15 Gb Total Space | 8.68 Gb Free Space | 11.10% Space Free | Partition Type: NTFS
 
Computer Name: RAFLI-PC | User Name: rafli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\rafli\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SPEEDbit)
PRC - C:\Program Files (x86)\Mobogenie\MgAssist.exe ()
PRC - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe ()
PRC - C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\SpeedBit\SBUpdate\sbei32.dll ()
MOD - C:\Program Files (x86)\Mobogenie\DCR.dll ()
MOD - C:\Program Files (x86)\Mobogenie\Device.dll ()
MOD - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()
MOD - C:\Program Files (x86)\DAEMON Tools Pro\msimg32.dll ()
MOD - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IB Updater) -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe File not found
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (SBUpd) -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe (Speedbit Ltd.)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Samsung Link Service) -- C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Copyright 2013 SAMSUNG)
SRV:64bit: - (AllShare Framework DMS) -- C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe (Samsung)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (iprip) -- C:\Windows\SysNative\iprip.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV - (VideoAcceleratorService) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SPEEDbit)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Wpm) -- C:\ProgramData\WPM\wprotectmanager.exe (Cherished Technololgy LIMITED)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (IePluginService) -- C:\ProgramData\IePluginService\PluginService.exe (Cherished Technololgy LIMITED)
SRV - (MgAssistService) -- C:\Program Files (x86)\Mobogenie\MgAssist.exe ()
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Mobile Partner. RunOuc) -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (PanService) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\asus\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (SBUpdd) -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys ()
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbmbb) -- C:\Windows\SysNative\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ATP) -- C:\Windows\SysNative\drivers\AsusTP.sys (ASUS Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (WCMVCAM) -- C:\Windows\SysNative\drivers\wcmvcam64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PROLiNKusbvoice) -- C:\Windows\SysNative\drivers\PROLiNKusbvoice.sys (PROLINK Corporation)
DRV:64bit: - (PROLiNKusbnmea) -- C:\Windows\SysNative\drivers\PROLiNKusbnmea.sys (PROLINK Corporation)
DRV:64bit: - (PROLiNKusbmodem) -- C:\Windows\SysNative\drivers\PROLiNKusbmodem.sys (PROLINK Corporation)
DRV:64bit: - (PROLiNKusbdiag) -- C:\Windows\SysNative\drivers\PROLiNKusbdiag.sys (PROLINK Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (plkusbser) -- C:\Windows\SysNative\drivers\plkusbser.sys (QUALCOMM Incorporated)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (plkusbser) -- C:\Windows\SysWOW64\drivers\plkusbser.sys (QUALCOMM Incorporated)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.qone8.com/web/?type=ds&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://go.speedbit.com/search.aspx?s=E53b&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easylifeapp.com/?q={searchTerms}&pid=377&src=ie2&r=2013/03/16&hid=4062206649&lg=EN&cc=ID
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.qone8.com/web/?type=ds&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://go.speedbit.com/search.aspx?s=E53b&q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchesplace.info/?l=1&q={searchTerms}&pid=727&r=2013/08/04&hid=4062206649&lg=EN&cc=ID&unqvl=30
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005&barid={27C362FF-4DF3-11E2-8317-74F06DAF1B66}
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG&q={searchTerms}
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?gd=&ctid=CT3302872&octid=EB_ORIGINAL_CTID&ISID=M1D477AC8-15FD-457B-BD72-A1098CCB33BC&SearchSource=58&CUI=&UM=5&UP=SP25764B53-1569-4186-AEC3-95B1EF41C9DA&q={searchTerms}&SSPV=
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.qone8.com/web/?type=ds&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG&q={searchTerms}
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://go.speedbit.com/search.aspx?s=E53b&q={searchTerms}
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\..\SearchScopes\{E9FF3A44-738C-48EA-AD1A-8434ACFF3042}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll File not found
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013/05/25 10:51:39 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013/05/25 10:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ntfdsaftsfdfdxx@mozilla.org: C:\Users\rafli\AppData\Roaming\iPumper\extension_firefox.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013/05/25 10:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\qfxeoui@uih.net: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\qfxeoui@uih.net
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013/05/25 10:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\xss.zkuu@eyuy-eyii.net: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\xss.zkuu@eyuy-eyii.net
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\kzc9e@oeyuaai.com: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\kzc9e@oeyuaai.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\vbq5sql@iivu-s.net: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\vbq5sql@iivu-s.net
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\aqb-lblrcl@zuvwk.co.uk: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\aqb-lblrcl@zuvwk.co.uk
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wqqpvyaa@hsfzjhgo.org: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\wqqpvyaa@hsfzjhgo.org
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\uoey_ay@ttw-iay.org: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\uoey_ay@ttw-iay.org
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\mlt_jlt@hmswaoyevb-.edu: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\mlt_jlt@hmswaoyevb-.edu
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m2tquwue@ytsabpra.com: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\m2tquwue@ytsabpra.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ghcdk.4e@bkshjpm.net: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\ghcdk.4e@bkshjpm.net
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\iieio.9r@qbs-wypmeeue.org: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\iieio.9r@qbs-wypmeeue.org
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\yh4.ds@uqgqsyuii-.edu: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\yh4.ds@uqgqsyuii-.edu
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\oarceyi@iygo.com: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\oarceyi@iygo.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\lhodo@ajflkp.org: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\lhodo@ajflkp.org
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\hgpg6elt@uxntp.net: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\hgpg6elt@uxntp.net
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\aoaea@yiacfao.co.uk: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\aoaea@yiacfao.co.uk [2014/03/11 16:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\my55tfzm@tmfdqvx.org: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\my55tfzm@tmfdqvx.org
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\pxvhmh_sk@hgexk-i.edu: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\pxvhmh_sk@hgexk-i.edu
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dac0w8csb@rv-ygzi.com: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\dac0w8csb@rv-ygzi.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dzwvykz@mhqltmbg.com: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\dzwvykz@mhqltmbg.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\eaa6tpdxh@uog.net: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\eaa6tpdxh@uog.net
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@flash-Enhancer.com: C:\Program Files (x86)\AmiExt\flashEnhancer\ff [2013/12/04 14:16:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha6693.net: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6693\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta136.net: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta136\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaPlayerV1alpha272.net: C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha272\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaViewerV1alpha7838.net: C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha7838\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaViewV1alpha1892.net: C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1892\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\daplinkchecker@speedbit.com: C:\Program Files (x86)\DAP\daplinkchecker [2014/05/04 00:19:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\viralix@viralix.com: C:\Users\rafli\AppData\Local\ViralixVideo\FF\
 
[2013/08/01 15:33:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/06/24 15:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins
[2014/03/11 16:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions
[2014/03/11 16:08:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\aoaea@yiacfao.co.uk
[2013/02/11 17:58:00 | 000,197,603 | ---- | M] () (No name found) -- C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader2@ftdownloader.com.xpi
[2014/02/28 09:41:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/28 09:41:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2013/01/01 15:31:23 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchostpl.xml
 
O1 HOSTS File: ([2014/05/04 06:49:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SearchNewTab) - {1754B7B7-905D-5BDA-0C7E-6748677FE87D} - C:\ProgramData\SearchNewTab\51f0fb1ea2826.dll File not found
O2 - BHO: (SearchNewTab) - {2C2AC3F9-EBF5-2448-91E8-1A60C1552B81} - C:\ProgramData\SearchNewTab\51fe1d87bcebb.dll File not found
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll File not found
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll File not found
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DealPly Shopping) - {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found
O2 - BHO: (saFFe  SSavoe) - {590D1460-116F-4208-78CE-794BF0054AFD} - C:\ProgramData\saFFe  SSavoe\51f0fa3441aa7.dll File not found
O2 - BHO: (flash-Enhancer) - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiBho.dll File not found
O2 - BHO: (ConttiNuetuosavEE) - {74C8A523-929B-3ADA-EA88-5636477D3876} - C:\ProgramData\ConttiNuetuosavEE\51a4c74d3401b.dll File not found
O2 - BHO: (ConttiNuetuosavEE) - {91677AC5-D331-BFBD-9088-26A7AFC7D628} - C:\ProgramData\ConttiNuetuosavEE\51a4c869a43f4.dll File not found
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (SearchNewTab) - {9CBBCCF2-A751-BAA6-9EF4-5E1E9B3D6AA5} - C:\ProgramData\SearchNewTab\51a4c79c7c266.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (SearchNewTab) - {B7C3D8B6-45E4-8C33-3CF6-337DFDAFDE2E} - C:\ProgramData\SearchNewTab\51a4c8841552b.dll File not found
O2 - BHO: (SavEnsohhare ) - {C0A6D7BF-3E5D-43D8-5E65-32E2BF9B9726} - C:\ProgramData\SavEnsohhare\51fe1d3758e67.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
O4 - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000..\Run: [DownloadAccelerator] C:\Program Files (x86)\DAP\DAP.EXE (Speedbit Ltd.)
O4 - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000..\Run: [SpeedBitVideoAccelerator] C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe (SPEEDbit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O7 - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm ()
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab (Java Plug-in 1.7.0_55)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab (Java Plug-in 1.7.0_55)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.73.96.40 202.73.96.36 202.73.99.4 202.73.99.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21CF256A-B6AD-49F7-BFDA-DF4B420C9624}: NameServer = 192.168.64.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E541FF7-D62F-4237-A20F-12E7DA71E0DF}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43188E1A-BA68-46C1-9841-71DD20DB97B7}: DhcpNameServer = 192.168.4.28
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44604161-2335-4815-9597-1F30DE864187}: NameServer = 192.168.104.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{788F592A-2651-49C3-AC3E-724C26ADD327}: DhcpNameServer = 202.73.96.40 202.73.96.36 202.73.99.4 202.73.99.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{788F592A-2651-49C3-AC3E-724C26ADD327}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{918ED925-B301-4ECD-B116-649EFEFBC3DC}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{918ED925-B301-4ECD-B116-649EFEFBC3DC}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BAA60ED-756D-4004-A16D-744F6FF3F3AD}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BAA60ED-756D-4004-A16D-744F6FF3F3AD}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8F13777-25BA-4064-AA09-EDDA5EB5CC91}: NameServer = 192.168.132.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED0501C5-A5AC-40D6-972E-74BDCF94D721}: NameServer = 192.168.240.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/12/20 02:38:35 | 000,000,000 | -H-D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/12/20 02:38:44 | 000,000,000 | ---D | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/12/20 02:38:44 | 000,000,000 | ---D | M] - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/04 08:00:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/05/04 07:59:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\rafli\Desktop\OTL.exe
[2014/05/04 07:01:22 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/05/04 06:54:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/05/04 06:35:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/05/04 06:35:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/05/04 06:35:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/05/04 06:35:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/05/04 06:34:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/05/04 06:32:51 | 005,197,895 | R--- | C] (Swearware) -- C:\Users\rafli\Desktop\ComboFix.exe
[2014/05/04 06:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedBit Video Accelerator
[2014/05/04 06:21:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/04 03:39:15 | 000,000,000 | -HSD | C] -- C:\Users\rafli\AppData\Local\EmieUserList
[2014/05/04 03:39:15 | 000,000,000 | -HSD | C] -- C:\Users\rafli\AppData\Local\EmieSiteList
[2014/05/04 03:22:44 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/05/04 03:21:13 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2014/05/04 03:19:22 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/04 03:19:22 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/05/04 03:19:18 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/05/04 03:19:18 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/05/04 03:19:18 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/04 03:19:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/05/04 03:19:17 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/04 03:19:17 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/05/04 03:19:17 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/04 03:19:17 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/05/04 03:19:17 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/05/04 03:19:17 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/04 03:19:17 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/05/04 03:19:17 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/05/04 03:19:17 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/05/04 03:19:17 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/05/04 03:19:17 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/05/04 03:19:17 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/04 03:19:17 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/05/04 03:19:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/04 03:19:17 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/05/04 03:19:17 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/05/04 03:19:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/05/04 03:19:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/04 03:19:17 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/05/04 03:19:17 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/04 03:19:17 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/04 03:19:17 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/04 03:19:17 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/05/04 03:19:16 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/05/04 03:19:16 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/04 03:19:16 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/05/04 03:19:16 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/05/04 03:19:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/05/04 03:19:16 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/05/04 03:19:16 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/05/04 03:19:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/05/04 03:19:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/05/04 03:19:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/05/04 03:19:15 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/04 03:19:15 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/04 03:19:15 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/04 03:19:15 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/04 03:19:15 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/05/04 03:19:15 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/04 03:19:15 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/04 03:19:15 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/05/04 03:19:15 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/05/04 03:19:15 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/05/04 03:19:15 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/05/04 03:19:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/05/04 03:19:15 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/04 03:19:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/05/04 03:19:14 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/04 03:19:14 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/05/04 03:19:14 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/05/04 03:19:14 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/04 03:19:14 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/05/04 03:19:14 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/04 03:19:14 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/04 03:19:14 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/05/04 03:19:14 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/05/04 03:19:14 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/05/04 03:19:14 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/05/04 03:19:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/04 03:19:14 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/05/04 03:19:14 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/04 03:19:14 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/05/04 03:19:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/04 03:19:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/04 03:19:14 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/05/04 03:19:13 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/05/04 03:19:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/05/04 03:19:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/04 03:19:13 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/05/04 03:19:13 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/05/04 03:19:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/04 03:19:13 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/05/04 03:19:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/05/04 03:19:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/04 03:10:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/05/04 03:10:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2014/05/04 03:10:28 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2014/05/04 03:10:27 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2014/05/04 03:10:27 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2014/05/04 03:10:26 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/05/04 00:31:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit
[2014/05/04 00:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedBit Video Accelerator
[2014/05/04 00:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedBit
[2014/05/04 00:19:59 | 000,000,000 | ---D | C] -- C:\Users\rafli\Documents\My DAP Downloads
[2014/05/04 00:19:58 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Roaming\SpeedBit
[2014/05/04 00:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2014/05/04 00:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
[2014/05/04 00:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedBit
[2014/05/04 00:19:45 | 000,172,032 | ---- | C] (Jin Hui    E-mail: jinhui@jcomsoft.com   Web: http://www.jcomsoft.com) -- C:\Windows\SysWow64\AniGIF.ocx
[2014/05/04 00:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAP
[2014/05/03 22:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2014/05/03 22:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2014/05/03 22:09:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2014/05/03 21:53:49 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/03 21:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/03 21:52:52 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/03 21:52:52 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/03 21:52:52 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/03 21:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/03 21:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/05/03 21:08:38 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Roaming\Solvusoft
[2014/05/03 21:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDoc
[2014/05/03 21:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverDoc
[2014/05/03 20:49:25 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Local\SearchProtect
[2014/05/03 20:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RCrawler
[2014/05/03 18:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Additional Offer
[2014/05/03 18:52:15 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
[2014/05/03 18:51:44 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Roaming\SupTab
[2014/05/03 18:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginService
[2014/05/03 18:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupTab
[2014/05/03 18:51:40 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Local\41
[2014/05/03 18:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\WPM
[2014/05/03 18:49:24 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Roaming\qone8
[2014/05/03 17:56:04 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2014/05/03 17:56:02 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2014/05/03 17:56:01 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2014/05/03 17:56:01 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2014/05/03 17:56:00 | 005,698,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/05/03 17:56:00 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/05/03 17:56:00 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/05/03 17:56:00 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2014/05/03 17:56:00 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014/05/03 17:56:00 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2014/05/03 17:56:00 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2014/05/03 17:56:00 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2014/05/03 17:56:00 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2014/05/03 17:56:00 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2014/05/03 17:56:00 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2014/05/03 17:55:59 | 006,578,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/05/03 17:55:59 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2014/05/03 17:55:59 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2014/05/03 17:27:00 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2014/05/03 17:26:59 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2014/05/03 17:26:59 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014/05/03 17:26:57 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014/05/03 16:28:35 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/05/03 16:28:34 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/05/03 16:28:34 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/05/03 16:28:34 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/05/03 16:28:33 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/05/03 16:28:33 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/05/03 16:28:33 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/05/03 16:28:33 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/05/03 16:28:33 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/05/03 16:28:33 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/05/03 16:28:32 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/05/03 16:28:32 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/05/03 16:28:32 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/05/03 16:28:32 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/05/03 16:28:32 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/05/03 16:28:32 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/05/03 16:28:31 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/05/03 16:22:47 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/05/03 16:22:46 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/05/03 15:31:51 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/05/03 15:31:50 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/05/03 15:31:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/05/03 15:31:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/05/03 15:31:26 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/05/03 15:31:26 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/05/03 15:31:22 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/05/03 15:31:22 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/05/03 15:30:41 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/05/03 15:30:41 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/05/03 15:30:39 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/05/03 15:30:38 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/05/03 15:30:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/05/03 15:30:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/05/03 15:30:18 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/05/03 15:30:18 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/05/03 15:30:17 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2014/05/03 15:30:17 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2014/05/03 15:30:17 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2014/05/03 15:30:16 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2014/05/03 15:30:16 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2014/05/03 15:30:16 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2014/05/03 15:30:16 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2014/05/03 15:30:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2014/05/03 15:30:15 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2014/05/03 15:30:08 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/05/03 15:30:08 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2014/05/03 15:30:08 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2014/05/03 15:29:54 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/05/03 15:29:54 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/05/03 15:29:54 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/05/03 15:29:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/05/03 15:29:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/05/03 15:29:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/05/03 15:29:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/05/03 15:29:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/05/03 15:29:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/05/03 15:29:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/05/03 15:29:46 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/04/29 10:46:50 | 000,000,000 | ---D | C] -- C:\Users\rafli\Desktop\Procedure SOP mengemudi
[2014/04/28 15:38:36 | 000,000,000 | ---D | C] -- C:\Users\rafli\Desktop\Jawaban Lia
[2014/04/25 12:38:42 | 000,000,000 | ---D | C] -- C:\Users\rafli\Desktop\Upgrading PHE Metana Suban
[2014/04/24 07:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2014/04/24 07:37:59 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2014/04/20 05:02:41 | 000,000,000 | R--D | C] -- C:\Users\rafli\Desktop\Tender
[2014/04/19 04:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
[2014/04/18 05:35:52 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Roaming\Oracle
[2014/04/18 05:30:38 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/04/18 05:30:25 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/04/18 05:30:24 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/04/18 05:30:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/04/12 19:50:23 | 000,000,000 | ---D | C] -- C:\Users\rafli\Documents\Presentation1
[2014/04/12 19:46:17 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Local\Adobe
[2014/04/12 17:56:14 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Roaming\Adobe
[2014/04/10 08:24:21 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Local\Skype
[2014/04/10 08:23:59 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Roaming\Skype
[2014/04/10 08:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/04/10 08:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/04/10 08:23:36 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/04/10 08:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/04 08:12:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/04 07:58:28 | 000,001,284 | ---- | M] () -- C:\Users\rafli\Desktop\SecurityCheck.exe - Shortcut.lnk
[2014/05/04 07:55:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rafli\Desktop\OTL.exe
[2014/05/04 07:54:44 | 000,001,583 | ---- | M] () -- C:\Users\rafli\Desktop\My DAP Downloads.lnk
[2014/05/04 07:35:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/04 06:49:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/05/04 06:33:37 | 005,197,895 | R--- | M] (Swearware) -- C:\Users\rafli\Desktop\ComboFix.exe
[2014/05/04 06:23:09 | 000,002,091 | ---- | M] () -- C:\Users\rafli\Desktop\SpeedBit Video Accelerator.lnk
[2014/05/04 04:36:02 | 000,034,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/04 04:36:02 | 000,034,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/04 04:35:14 | 000,830,362 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/04 04:35:14 | 000,698,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/04 04:35:14 | 000,133,012 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/04 04:30:15 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/05/04 04:30:12 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/04 04:29:12 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/04 04:27:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/04 04:27:18 | 3050,127,360 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/04 03:34:15 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/04 03:34:15 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/04 03:25:39 | 000,822,976 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/04 03:19:22 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/04 03:19:22 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/05/04 03:19:18 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/05/04 03:19:18 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/04 03:19:18 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/05/04 03:19:18 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/04 03:19:18 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/05/04 03:19:17 | 001,967,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/04 03:19:17 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/05/04 03:19:17 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/04 03:19:17 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/05/04 03:19:17 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/05/04 03:19:17 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/05/04 03:19:17 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/05/04 03:19:17 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/05/04 03:19:17 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/05/04 03:19:17 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/05/04 03:19:17 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/05/04 03:19:17 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/04 03:19:17 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/05/04 03:19:17 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/04 03:19:17 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/05/04 03:19:17 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/05/04 03:19:17 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/05/04 03:19:17 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/04 03:19:17 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/05/04 03:19:17 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/04 03:19:17 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/04 03:19:17 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/04 03:19:17 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/05/04 03:19:17 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/05/04 03:19:16 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/05/04 03:19:16 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/04 03:19:16 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/05/04 03:19:16 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/05/04 03:19:16 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/05/04 03:19:16 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/05/04 03:19:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/05/04 03:19:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/05/04 03:19:16 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/05/04 03:19:15 | 005,784,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/04 03:19:15 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/04 03:19:15 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/05/04 03:19:15 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/04 03:19:15 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/04 03:19:15 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/05/04 03:19:15 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/04 03:19:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/04 03:19:15 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/05/04 03:19:15 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/05/04 03:19:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/05/04 03:19:15 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/05/04 03:19:15 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/05/04 03:19:15 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/04 03:19:15 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/05/04 03:19:14 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/04 03:19:14 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/05/04 03:19:14 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/05/04 03:19:14 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/04 03:19:14 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/04 03:19:14 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/04 03:19:14 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/05/04 03:19:14 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/05/04 03:19:14 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/05/04 03:19:14 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/05/04 03:19:14 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/04 03:19:14 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/05/04 03:19:14 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/04 03:19:14 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/05/04 03:19:14 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/04 03:19:14 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/05/04 03:19:14 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/04 03:19:14 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/05/04 03:19:14 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/05/04 03:19:13 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/05/04 03:19:13 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/05/04 03:19:13 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/04 03:19:13 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/05/04 03:19:13 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/04 03:19:13 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/05/04 03:19:13 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/05/04 03:19:13 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/04 00:20:51 | 000,000,899 | ---- | M] () -- C:\Users\rafli\Desktop\Download Accelerator Plus (DAP).lnk
[2014/05/04 00:19:46 | 000,109,696 | ---- | M] () -- C:\Windows\SysWow64\EasyHook64.dll
[2014/05/04 00:19:46 | 000,091,264 | ---- | M] () -- C:\Windows\SysWow64\EasyHook32.dll
[2014/05/04 00:19:45 | 000,172,032 | ---- | M] (Jin Hui    E-mail: jinhui@jcomsoft.com   Web: http://www.jcomsoft.com) -- C:\Windows\SysWow64\AniGIF.ocx
[2014/05/03 21:53:01 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/03 21:31:39 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\DriverDoc_UPDATES.job
[2014/05/03 21:08:38 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\DriverDoc.lnk
[2014/05/03 18:53:45 | 000,000,989 | ---- | M] () -- C:\Users\rafli\Desktop\Internet Download Manager.lnk
[2014/05/03 18:51:31 | 000,000,983 | ---- | M] () -- C:\Users\rafli\Desktop\Mobogenie.lnk
[2014/05/03 18:49:06 | 000,001,635 | ---- | M] () -- C:\Users\rafli\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/03 18:20:20 | 000,012,677 | ---- | M] () -- C:\Windows\PROLINK HSDPA Modem.INI
[2014/05/03 17:25:11 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/05/03 15:49:37 | 000,598,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/29 09:49:00 | 000,061,124 | ---- | M] () -- C:\Users\rafli\Desktop\Dewatering pump cummins.jpg
[2014/04/29 08:25:23 | 000,542,184 | ---- | M] () -- C:\Users\rafli\Desktop\compressor foto 685 cfm.pdf
[2014/04/28 08:28:00 | 000,148,267 | ---- | M] () -- C:\Users\rafli\Desktop\FOI - Total (Accepted).pdf
[2014/04/28 07:40:00 | 000,637,551 | ---- | M] () -- C:\Users\rafli\Desktop\FOI_Air Compressor Rental.pdf
[2014/04/27 11:19:19 | 000,545,696 | ---- | M] () -- C:\Users\rafli\Desktop\ERP Layout.skp
[2014/04/27 11:13:46 | 000,135,457 | ---- | M] () -- C:\Users\rafli\Desktop\Emergency Evacuation Layout.jpg
[2014/04/25 14:54:00 | 000,113,254 | ---- | M] () -- C:\Users\rafli\Desktop\IMG-20140424-007391.jpg
[2014/04/25 14:48:00 | 000,164,662 | ---- | M] () -- C:\Users\rafli\Desktop\CGS-CBMVICO-IV-14-766 Tehnik Nusantara - Rental Compressor for Rig Location.pdf
[2014/04/24 16:10:00 | 000,214,666 | ---- | M] () -- C:\Users\rafli\Desktop\img-424143620-0001.pdf
[2014/04/24 07:37:41 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2014/04/20 05:18:22 | 000,007,600 | ---- | M] () -- C:\Users\rafli\AppData\Local\resmon.resmoncfg
[2014/04/20 04:51:40 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2014/04/18 05:55:00 | 003,432,915 | ---- | M] () -- C:\Users\rafli\Documents\billboard.jpg
[2014/04/18 05:17:54 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2014/04/14 20:13:43 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/04/14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/04/14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/04/14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/04/12 19:50:34 | 000,143,565 | ---- | M] () -- C:\Users\rafli\Documents\Presentation1.pdf
[2014/04/12 16:23:13 | 011,079,113 | ---- | M] () -- C:\Users\rafli\Desktop\Sign Board TN -new ws.psd
[2014/04/10 08:23:39 | 000,002,727 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/04 07:58:28 | 000,001,284 | ---- | C] () -- C:\Users\rafli\Desktop\SecurityCheck.exe - Shortcut.lnk
[2014/05/04 06:35:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/05/04 06:35:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/05/04 06:35:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/05/04 06:35:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/05/04 06:35:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/05/04 03:19:17 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/05/04 03:19:14 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/05/04 00:31:37 | 000,002,091 | ---- | C] () -- C:\Users\rafli\Desktop\SpeedBit Video Accelerator.lnk
[2014/05/04 00:20:51 | 000,001,583 | ---- | C] () -- C:\Users\rafli\Desktop\My DAP Downloads.lnk
[2014/05/04 00:20:51 | 000,000,899 | ---- | C] () -- C:\Users\rafli\Desktop\Download Accelerator Plus (DAP).lnk
[2014/05/04 00:19:50 | 000,109,696 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2014/05/04 00:19:50 | 000,091,264 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2014/05/03 21:53:01 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/03 21:08:45 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\DriverDoc_UPDATES.job
[2014/05/03 21:08:38 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\DriverDoc.lnk
[2014/05/03 18:53:45 | 000,000,989 | ---- | C] () -- C:\Users\rafli\Desktop\Internet Download Manager.lnk
[2014/05/03 18:51:40 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/05/03 18:51:31 | 000,000,983 | ---- | C] () -- C:\Users\rafli\Desktop\Mobogenie.lnk
[2014/04/29 09:49:00 | 000,061,124 | ---- | C] () -- C:\Users\rafli\Desktop\Dewatering pump cummins.jpg
[2014/04/29 08:23:20 | 000,542,184 | ---- | C] () -- C:\Users\rafli\Desktop\compressor foto 685 cfm.pdf
[2014/04/28 08:28:00 | 000,148,267 | ---- | C] () -- C:\Users\rafli\Desktop\FOI - Total (Accepted).pdf
[2014/04/28 07:40:00 | 000,637,551 | ---- | C] () -- C:\Users\rafli\Desktop\FOI_Air Compressor Rental.pdf
[2014/04/27 11:19:18 | 000,545,696 | ---- | C] () -- C:\Users\rafli\Desktop\ERP Layout.skp
[2014/04/27 11:07:51 | 000,135,457 | ---- | C] () -- C:\Users\rafli\Desktop\Emergency Evacuation Layout.jpg
[2014/04/26 14:01:04 | 000,873,916 | ---- | C] () -- C:\Users\rafli\Desktop\Air-Compressors-Oil-Free-NHP 1500.pdf
[2014/04/25 14:54:00 | 000,113,254 | ---- | C] () -- C:\Users\rafli\Desktop\IMG-20140424-007391.jpg
[2014/04/25 14:48:00 | 000,164,662 | ---- | C] () -- C:\Users\rafli\Desktop\CGS-CBMVICO-IV-14-766 Tehnik Nusantara - Rental Compressor for Rig Location.pdf
[2014/04/24 16:10:00 | 000,214,666 | ---- | C] () -- C:\Users\rafli\Desktop\img-424143620-0001.pdf
[2014/04/24 07:37:41 | 000,002,499 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
[2014/04/24 07:37:41 | 000,002,485 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk
[2014/04/24 07:37:41 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2014/04/18 05:55:00 | 003,432,915 | ---- | C] () -- C:\Users\rafli\Documents\billboard.jpg
[2014/04/12 19:50:34 | 000,143,565 | ---- | C] () -- C:\Users\rafli\Documents\Presentation1.pdf
[2014/04/12 10:59:09 | 011,079,113 | ---- | C] () -- C:\Users\rafli\Desktop\Sign Board TN -new ws.psd
[2014/04/10 08:23:39 | 000,002,727 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/01/30 09:21:49 | 000,000,812 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/19 07:06:04 | 000,000,104 | ---- | C] () -- C:\Users\rafli\AppData\Roaming\WB.CFG
[2013/11/07 17:22:05 | 000,005,632 | ---- | C] () -- C:\Users\rafli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/06 10:34:42 | 000,000,132 | ---- | C] () -- C:\Users\rafli\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2013/08/06 10:16:06 | 000,001,456 | ---- | C] () -- C:\Users\rafli\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/08/01 02:47:16 | 000,001,456 | ---- | C] () -- C:\Users\rafli\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013/07/22 16:16:08 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\ContentDirectoryPresenter.dll
[2013/07/20 22:49:52 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/06/27 12:37:24 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\MediaDB.dll
[2013/06/26 13:16:20 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\boost_thread-vc90-mt-1_47.dll
[2013/06/26 13:16:14 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\boost_date_time-vc90-mt-1_47.dll
[2013/06/26 13:16:08 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\boost_regex-vc90-mt-1_47.dll
[2013/06/26 13:16:08 | 000,227,840 | ---- | C] () -- C:\Windows\SysWow64\boost_serialization-vc90-mt-1_47.dll
[2013/06/26 13:16:06 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\boost_system-vc90-mt-1_47.dll
[2013/06/26 13:16:04 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll
[2013/04/27 03:01:13 | 000,000,600 | ---- | C] () -- C:\Users\rafli\PUTTY.RND
[2013/04/16 13:33:15 | 000,190,124 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/03/29 12:31:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2013/03/28 22:35:51 | 000,000,963 | ---- | C] () -- C:\Users\rafli\AppData\Roaming\private.key
[2013/03/28 22:35:51 | 000,000,692 | ---- | C] () -- C:\Users\rafli\AppData\Roaming\certificate.csr
[2013/03/12 12:41:45 | 000,000,055 | ---- | C] () -- C:\Windows\SpeedGear.INI
[2013/03/09 18:29:47 | 000,013,501 | ---- | C] () -- C:\Users\rafli\AppData\Local\Temp10.html
[2013/03/09 14:32:48 | 000,001,955 | ---- | C] () -- C:\Users\rafli\AppData\Local\Temp1.html
[2013/02/10 21:15:02 | 007,833,552 | ---- | C] () -- C:\Windows\SysWow64\avcodec-53.dll
[2013/02/10 21:15:02 | 000,247,920 | ---- | C] () -- C:\Windows\SysWow64\avutil-51.dll
[2013/01/01 20:09:19 | 000,000,029 | ---- | C] () -- C:\Windows\SysWow64\config.ini
[2012/12/23 05:13:33 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2012/12/18 21:32:07 | 000,001,234 | RHS- | C] () -- C:\Users\rafli\ntuser.pol
[2012/12/18 20:17:37 | 000,034,816 | ---- | C] () -- C:\Windows\StmClean.exe
[2012/12/17 00:54:21 | 000,822,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/16 20:25:09 | 000,012,677 | ---- | C] () -- C:\Windows\PROLINK HSDPA Modem.INI
[2012/12/16 20:08:02 | 000,007,600 | ---- | C] () -- C:\Users\rafli\AppData\Local\resmon.resmoncfg
[2012/07/30 13:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/07/30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/07/30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/07/30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/07/30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/18 04:15:04 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\spdif_test.exe
[2012/06/18 04:14:58 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2012/06/18 04:14:42 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 11:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 09:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 08:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 08:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 10:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 08:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/17 10:41:54 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\4shared Desktop
[2012/12/17 14:28:03 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\ACD Systems
[2013/03/23 10:16:40 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\AdamOutler
[2013/03/28 23:18:16 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Audacity
[2013/06/03 22:03:41 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\BabSolution
[2012/12/22 23:38:32 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Babylon
[2013/01/01 20:09:28 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Baidu
[2013/06/03 22:09:38 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Baidu Security
[2013/01/02 05:17:56 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\BaiduPcFaster
[2013/10/28 00:18:16 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Camfrog
[2013/12/10 14:47:25 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Canon
[2013/03/22 19:30:04 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/12/25 01:11:48 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\CometPlayer
[2013/03/12 06:01:54 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\DAEMON Tools Pro
[2013/07/21 03:31:26 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Dealply
[2014/05/03 16:47:00 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\DMCache
[2013/11/16 06:08:01 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Dropbox
[2013/07/21 03:30:00 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\ExpressFiles
[2012/12/23 05:33:46 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\ExtremeCopy
[2014/04/14 11:27:09 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\File Scout
[2013/01/02 04:20:29 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\FileOpen
[2013/09/06 20:45:40 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\iFunbox_UserCache
[2012/12/18 20:46:54 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\ImgBurn
[2014/04/18 14:59:01 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\newnext.me
[2013/01/02 04:20:29 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Nitro
[2013/01/16 18:30:04 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Nitro PDF
[2013/05/19 06:25:51 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\ODIN
[2013/01/01 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\OpenCandy
[2013/08/08 06:10:18 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Opera
[2013/08/31 21:07:22 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Opera Software
[2014/04/18 05:35:52 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Oracle
[2013/01/01 20:09:19 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\PCF
[2013/06/04 01:34:54 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\PerformerSoft
[2014/05/03 18:49:24 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\qone8
[2013/08/10 17:29:54 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\redsn0w
[2013/06/02 19:07:30 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\rockbox.org
[2013/07/12 22:49:33 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Samsung
[2013/01/25 07:53:57 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Smadav
[2014/05/03 21:08:38 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Solvusoft
[2014/02/23 20:18:37 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Sony
[2013/05/31 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\SpeedAnalysis2
[2014/05/04 00:19:58 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\SpeedBit
[2013/05/22 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Subtitles-1.3
[2014/05/03 18:51:44 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\SupTab
[2013/08/06 23:16:45 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\systweak
[2012/12/25 00:20:07 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\tigerplayer
[2012/12/16 20:59:51 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\TuneUp Software
[2014/04/10 07:57:43 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Updater
[2012/12/27 04:06:29 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\WebcamMax
[2013/06/29 07:54:59 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Woodward
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:AD022376
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:56E2E879
< End of report >
Please your advise to solve this problem
I would be very appreciate for your reply.
Thanks
 
Rafli Hermanto

Edit: Merged two topics into one for continuity of content for Malware Removal team. Also deleted reply by OP consisting of quote of original topic with no additional information.~ Animal

#3 rafli1982

rafli1982
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 03 May 2014 - 10:36 PM

Regarding my previous posting, please find the OTL.txt as attached.

 

OTL logfile created on: 5/4/2014 8:15:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\rafli\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.79 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 70.31% Memory free
7.57 Gb Paging File | 5.69 Gb Available in Paging File | 75.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.13 Gb Total Space | 15.36 Gb Free Space | 12.89% Space Free | Partition Type: NTFS
Drive D: | 100.71 Gb Total Space | 13.81 Gb Free Space | 13.71% Space Free | Partition Type: NTFS
Drive E: | 78.15 Gb Total Space | 8.68 Gb Free Space | 11.10% Space Free | Partition Type: NTFS
 
Computer Name: RAFLI-PC | User Name: rafli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\rafli\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SPEEDbit)
PRC - C:\Program Files (x86)\Mobogenie\MgAssist.exe ()
PRC - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe ()
PRC - C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\SpeedBit\SBUpdate\sbei32.dll ()
MOD - C:\Program Files (x86)\Mobogenie\DCR.dll ()
MOD - C:\Program Files (x86)\Mobogenie\Device.dll ()
MOD - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()
MOD - C:\Program Files (x86)\DAEMON Tools Pro\msimg32.dll ()
MOD - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IB Updater) -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe File not found
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (SBUpd) -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe (Speedbit Ltd.)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Samsung Link Service) -- C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Copyright 2013 SAMSUNG)
SRV:64bit: - (AllShare Framework DMS) -- C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe (Samsung)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (iprip) -- C:\Windows\SysNative\iprip.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV - (VideoAcceleratorService) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SPEEDbit)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Wpm) -- C:\ProgramData\WPM\wprotectmanager.exe (Cherished Technololgy LIMITED)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (IePluginService) -- C:\ProgramData\IePluginService\PluginService.exe (Cherished Technololgy LIMITED)
SRV - (MgAssistService) -- C:\Program Files (x86)\Mobogenie\MgAssist.exe ()
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Mobile Partner. RunOuc) -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (PanService) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\asus\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\asus\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (SBUpdd) -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys ()
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbmbb) -- C:\Windows\SysNative\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ATP) -- C:\Windows\SysNative\drivers\AsusTP.sys (ASUS Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (WCMVCAM) -- C:\Windows\SysNative\drivers\wcmvcam64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PROLiNKusbvoice) -- C:\Windows\SysNative\drivers\PROLiNKusbvoice.sys (PROLINK Corporation)
DRV:64bit: - (PROLiNKusbnmea) -- C:\Windows\SysNative\drivers\PROLiNKusbnmea.sys (PROLINK Corporation)
DRV:64bit: - (PROLiNKusbmodem) -- C:\Windows\SysNative\drivers\PROLiNKusbmodem.sys (PROLINK Corporation)
DRV:64bit: - (PROLiNKusbdiag) -- C:\Windows\SysNative\drivers\PROLiNKusbdiag.sys (PROLINK Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (plkusbser) -- C:\Windows\SysNative\drivers\plkusbser.sys (QUALCOMM Incorporated)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (plkusbser) -- C:\Windows\SysWOW64\drivers\plkusbser.sys (QUALCOMM Incorporated)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.qone8.com/web/?type=ds&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://go.speedbit.com/search.aspx?s=E53b&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easylifeapp.com/?q={searchTerms}&pid=377&src=ie2&r=2013/03/16&hid=4062206649&lg=EN&cc=ID
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.qone8.com/web/?type=ds&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://go.speedbit.com/search.aspx?s=E53b&q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchesplace.info/?l=1&q={searchTerms}&pid=727&r=2013/08/04&hid=4062206649&lg=EN&cc=ID&unqvl=30
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005&barid={27C362FF-4DF3-11E2-8317-74F06DAF1B66}
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG&q={searchTerms}
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?gd=&ctid=CT3302872&octid=EB_ORIGINAL_CTID&ISID=M1D477AC8-15FD-457B-BD72-A1098CCB33BC&SearchSource=58&CUI=&UM=5&UP=SP25764B53-1569-4186-AEC3-95B1EF41C9DA&q={searchTerms}&SSPV=
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.qone8.com/web/?type=ds&ts=1399117745&from=sfpsnew1&uid=ST9320325AS_6VD71JCGXXXX6VD71JCG&q={searchTerms}
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://go.speedbit.com/search.aspx?s=E53b&q={searchTerms}
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\..\SearchScopes\{E9FF3A44-738C-48EA-AD1A-8434ACFF3042}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll File not found
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013/05/25 10:51:39 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013/05/25 10:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ntfdsaftsfdfdxx@mozilla.org: C:\Users\rafli\AppData\Roaming\iPumper\extension_firefox.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013/05/25 10:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\qfxeoui@uih.net: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\qfxeoui@uih.net
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013/05/25 10:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\xss.zkuu@eyuy-eyii.net: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\xss.zkuu@eyuy-eyii.net
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\kzc9e@oeyuaai.com: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\kzc9e@oeyuaai.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\vbq5sql@iivu-s.net: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\vbq5sql@iivu-s.net
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\aqb-lblrcl@zuvwk.co.uk: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\aqb-lblrcl@zuvwk.co.uk
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wqqpvyaa@hsfzjhgo.org: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\wqqpvyaa@hsfzjhgo.org
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\uoey_ay@ttw-iay.org: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\uoey_ay@ttw-iay.org
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\mlt_jlt@hmswaoyevb-.edu: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\mlt_jlt@hmswaoyevb-.edu
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m2tquwue@ytsabpra.com: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\m2tquwue@ytsabpra.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ghcdk.4e@bkshjpm.net: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\ghcdk.4e@bkshjpm.net
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\iieio.9r@qbs-wypmeeue.org: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\iieio.9r@qbs-wypmeeue.org
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\yh4.ds@uqgqsyuii-.edu: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\yh4.ds@uqgqsyuii-.edu
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\oarceyi@iygo.com: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\oarceyi@iygo.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\lhodo@ajflkp.org: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\lhodo@ajflkp.org
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\hgpg6elt@uxntp.net: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\hgpg6elt@uxntp.net
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\aoaea@yiacfao.co.uk: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\aoaea@yiacfao.co.uk [2014/03/11 16:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\my55tfzm@tmfdqvx.org: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\my55tfzm@tmfdqvx.org
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\pxvhmh_sk@hgexk-i.edu: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\pxvhmh_sk@hgexk-i.edu
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dac0w8csb@rv-ygzi.com: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\dac0w8csb@rv-ygzi.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dzwvykz@mhqltmbg.com: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\dzwvykz@mhqltmbg.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\eaa6tpdxh@uog.net: C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\eaa6tpdxh@uog.net
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@flash-Enhancer.com: C:\Program Files (x86)\AmiExt\flashEnhancer\ff [2013/12/04 14:16:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha6693.net: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha6693\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta136.net: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta136\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaPlayerV1alpha272.net: C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha272\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaViewerV1alpha7838.net: C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha7838\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaViewV1alpha1892.net: C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1892\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\daplinkchecker@speedbit.com: C:\Program Files (x86)\DAP\daplinkchecker [2014/05/04 00:19:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\viralix@viralix.com: C:\Users\rafli\AppData\Local\ViralixVideo\FF\
 
[2013/08/01 15:33:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/06/24 15:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins
[2014/03/11 16:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions
[2014/03/11 16:08:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\cli2epmw.default\extensions\aoaea@yiacfao.co.uk
[2013/02/11 17:58:00 | 000,197,603 | ---- | M] () (No name found) -- C:\Users\rafli\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader2@ftdownloader.com.xpi
[2014/02/28 09:41:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/28 09:41:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2013/01/01 15:31:23 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchostpl.xml
 
O1 HOSTS File: ([2014/05/04 06:49:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SearchNewTab) - {1754B7B7-905D-5BDA-0C7E-6748677FE87D} - C:\ProgramData\SearchNewTab\51f0fb1ea2826.dll File not found
O2 - BHO: (SearchNewTab) - {2C2AC3F9-EBF5-2448-91E8-1A60C1552B81} - C:\ProgramData\SearchNewTab\51fe1d87bcebb.dll File not found
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll File not found
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll File not found
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DealPly Shopping) - {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found
O2 - BHO: (saFFe  SSavoe) - {590D1460-116F-4208-78CE-794BF0054AFD} - C:\ProgramData\saFFe  SSavoe\51f0fa3441aa7.dll File not found
O2 - BHO: (flash-Enhancer) - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiBho.dll File not found
O2 - BHO: (ConttiNuetuosavEE) - {74C8A523-929B-3ADA-EA88-5636477D3876} - C:\ProgramData\ConttiNuetuosavEE\51a4c74d3401b.dll File not found
O2 - BHO: (ConttiNuetuosavEE) - {91677AC5-D331-BFBD-9088-26A7AFC7D628} - C:\ProgramData\ConttiNuetuosavEE\51a4c869a43f4.dll File not found
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (SearchNewTab) - {9CBBCCF2-A751-BAA6-9EF4-5E1E9B3D6AA5} - C:\ProgramData\SearchNewTab\51a4c79c7c266.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (SearchNewTab) - {B7C3D8B6-45E4-8C33-3CF6-337DFDAFDE2E} - C:\ProgramData\SearchNewTab\51a4c8841552b.dll File not found
O2 - BHO: (SavEnsohhare ) - {C0A6D7BF-3E5D-43D8-5E65-32E2BF9B9726} - C:\ProgramData\SavEnsohhare\51fe1d3758e67.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
O4 - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000..\Run: [DownloadAccelerator] C:\Program Files (x86)\DAP\DAP.EXE (Speedbit Ltd.)
O4 - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000..\Run: [SpeedBitVideoAccelerator] C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe (SPEEDbit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O7 - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-21-1204630230-2287014720-1312876162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm ()
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (SPEEDbit)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab (Java Plug-in 1.7.0_55)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab (Java Plug-in 1.7.0_55)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.73.96.40 202.73.96.36 202.73.99.4 202.73.99.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21CF256A-B6AD-49F7-BFDA-DF4B420C9624}: NameServer = 192.168.64.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E541FF7-D62F-4237-A20F-12E7DA71E0DF}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43188E1A-BA68-46C1-9841-71DD20DB97B7}: DhcpNameServer = 192.168.4.28
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44604161-2335-4815-9597-1F30DE864187}: NameServer = 192.168.104.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{788F592A-2651-49C3-AC3E-724C26ADD327}: DhcpNameServer = 202.73.96.40 202.73.96.36 202.73.99.4 202.73.99.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{788F592A-2651-49C3-AC3E-724C26ADD327}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{918ED925-B301-4ECD-B116-649EFEFBC3DC}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{918ED925-B301-4ECD-B116-649EFEFBC3DC}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BAA60ED-756D-4004-A16D-744F6FF3F3AD}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BAA60ED-756D-4004-A16D-744F6FF3F3AD}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8F13777-25BA-4064-AA09-EDDA5EB5CC91}: NameServer = 192.168.132.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED0501C5-A5AC-40D6-972E-74BDCF94D721}: NameServer = 192.168.240.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/12/20 02:38:35 | 000,000,000 | -H-D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/12/20 02:38:44 | 000,000,000 | ---D | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/12/20 02:38:44 | 000,000,000 | ---D | M] - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/04 08:00:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/05/04 07:59:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\rafli\Desktop\OTL.exe
[2014/05/04 07:01:22 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/05/04 06:54:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/05/04 06:35:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/05/04 06:35:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/05/04 06:35:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/05/04 06:35:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/05/04 06:34:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/05/04 06:32:51 | 005,197,895 | R--- | C] (Swearware) -- C:\Users\rafli\Desktop\ComboFix.exe
[2014/05/04 06:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedBit Video Accelerator
[2014/05/04 06:21:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/04 03:39:15 | 000,000,000 | -HSD | C] -- C:\Users\rafli\AppData\Local\EmieUserList
[2014/05/04 03:39:15 | 000,000,000 | -HSD | C] -- C:\Users\rafli\AppData\Local\EmieSiteList
[2014/05/04 03:22:44 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/05/04 03:21:13 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2014/05/04 03:19:22 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/04 03:19:22 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/05/04 03:19:18 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/05/04 03:19:18 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/05/04 03:19:18 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/04 03:19:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/05/04 03:19:17 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/04 03:19:17 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/05/04 03:19:17 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/04 03:19:17 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/05/04 03:19:17 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/05/04 03:19:17 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/04 03:19:17 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/05/04 03:19:17 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/05/04 03:19:17 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/05/04 03:19:17 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/05/04 03:19:17 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/05/04 03:19:17 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/04 03:19:17 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/05/04 03:19:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/04 03:19:17 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/05/04 03:19:17 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/05/04 03:19:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/05/04 03:19:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/04 03:19:17 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/05/04 03:19:17 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/04 03:19:17 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/04 03:19:17 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/04 03:19:17 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/05/04 03:19:16 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/05/04 03:19:16 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/04 03:19:16 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/05/04 03:19:16 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/05/04 03:19:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/05/04 03:19:16 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/05/04 03:19:16 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/05/04 03:19:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/05/04 03:19:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/05/04 03:19:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/05/04 03:19:15 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/04 03:19:15 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/04 03:19:15 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/04 03:19:15 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/04 03:19:15 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/05/04 03:19:15 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/04 03:19:15 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/04 03:19:15 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/05/04 03:19:15 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/05/04 03:19:15 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/05/04 03:19:15 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/05/04 03:19:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/05/04 03:19:15 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/04 03:19:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/05/04 03:19:14 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/04 03:19:14 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/05/04 03:19:14 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/05/04 03:19:14 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/04 03:19:14 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/05/04 03:19:14 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/04 03:19:14 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/04 03:19:14 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/05/04 03:19:14 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/05/04 03:19:14 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/05/04 03:19:14 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/05/04 03:19:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/04 03:19:14 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/05/04 03:19:14 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/04 03:19:14 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/05/04 03:19:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/04 03:19:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/04 03:19:14 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/05/04 03:19:13 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/05/04 03:19:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/05/04 03:19:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/04 03:19:13 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/05/04 03:19:13 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/05/04 03:19:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/04 03:19:13 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/05/04 03:19:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/05/04 03:19:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/04 03:10:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/05/04 03:10:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2014/05/04 03:10:28 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2014/05/04 03:10:27 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2014/05/04 03:10:27 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2014/05/04 03:10:26 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/05/04 00:31:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit
[2014/05/04 00:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedBit Video Accelerator
[2014/05/04 00:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedBit
[2014/05/04 00:19:59 | 000,000,000 | ---D | C] -- C:\Users\rafli\Documents\My DAP Downloads
[2014/05/04 00:19:58 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Roaming\SpeedBit
[2014/05/04 00:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2014/05/04 00:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
[2014/05/04 00:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedBit
[2014/05/04 00:19:45 | 000,172,032 | ---- | C] (Jin Hui    E-mail: jinhui@jcomsoft.com   Web: http://www.jcomsoft.com) -- C:\Windows\SysWow64\AniGIF.ocx
[2014/05/04 00:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAP
[2014/05/03 22:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2014/05/03 22:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2014/05/03 22:09:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2014/05/03 21:53:49 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/03 21:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/03 21:52:52 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/03 21:52:52 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/03 21:52:52 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/03 21:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/03 21:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/05/03 21:08:38 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Roaming\Solvusoft
[2014/05/03 21:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDoc
[2014/05/03 21:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverDoc
[2014/05/03 20:49:25 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Local\SearchProtect
[2014/05/03 20:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RCrawler
[2014/05/03 18:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Additional Offer
[2014/05/03 18:52:15 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
[2014/05/03 18:51:44 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Roaming\SupTab
[2014/05/03 18:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginService
[2014/05/03 18:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupTab
[2014/05/03 18:51:40 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Local\41
[2014/05/03 18:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\WPM
[2014/05/03 18:49:24 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Roaming\qone8
[2014/05/03 17:56:04 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2014/05/03 17:56:02 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2014/05/03 17:56:01 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2014/05/03 17:56:01 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2014/05/03 17:56:00 | 005,698,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/05/03 17:56:00 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/05/03 17:56:00 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/05/03 17:56:00 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2014/05/03 17:56:00 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014/05/03 17:56:00 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2014/05/03 17:56:00 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2014/05/03 17:56:00 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2014/05/03 17:56:00 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2014/05/03 17:56:00 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2014/05/03 17:56:00 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2014/05/03 17:55:59 | 006,578,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/05/03 17:55:59 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2014/05/03 17:55:59 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2014/05/03 17:27:00 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2014/05/03 17:26:59 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2014/05/03 17:26:59 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014/05/03 17:26:57 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014/05/03 16:28:35 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/05/03 16:28:34 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/05/03 16:28:34 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/05/03 16:28:34 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/05/03 16:28:33 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/05/03 16:28:33 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/05/03 16:28:33 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/05/03 16:28:33 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/05/03 16:28:33 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/05/03 16:28:33 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/05/03 16:28:32 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/05/03 16:28:32 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/05/03 16:28:32 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/05/03 16:28:32 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/05/03 16:28:32 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/05/03 16:28:32 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/05/03 16:28:31 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/05/03 16:22:47 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/05/03 16:22:46 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/05/03 15:31:51 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/05/03 15:31:50 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/05/03 15:31:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/05/03 15:31:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/05/03 15:31:26 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/05/03 15:31:26 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/05/03 15:31:22 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/05/03 15:31:22 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/05/03 15:30:41 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/05/03 15:30:41 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/05/03 15:30:39 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/05/03 15:30:38 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/05/03 15:30:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/05/03 15:30:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/05/03 15:30:18 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/05/03 15:30:18 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/05/03 15:30:17 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2014/05/03 15:30:17 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2014/05/03 15:30:17 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2014/05/03 15:30:16 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2014/05/03 15:30:16 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2014/05/03 15:30:16 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2014/05/03 15:30:16 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2014/05/03 15:30:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2014/05/03 15:30:15 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2014/05/03 15:30:08 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/05/03 15:30:08 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2014/05/03 15:30:08 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2014/05/03 15:29:54 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/05/03 15:29:54 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/05/03 15:29:54 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/05/03 15:29:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/05/03 15:29:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/05/03 15:29:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/05/03 15:29:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/05/03 15:29:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/05/03 15:29:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/05/03 15:29:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/05/03 15:29:46 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/04/29 10:46:50 | 000,000,000 | ---D | C] -- C:\Users\rafli\Desktop\Procedure SOP mengemudi
[2014/04/28 15:38:36 | 000,000,000 | ---D | C] -- C:\Users\rafli\Desktop\Jawaban Lia
[2014/04/25 12:38:42 | 000,000,000 | ---D | C] -- C:\Users\rafli\Desktop\Upgrading PHE Metana Suban
[2014/04/24 07:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2014/04/24 07:37:59 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2014/04/20 05:02:41 | 000,000,000 | R--D | C] -- C:\Users\rafli\Desktop\Tender
[2014/04/19 04:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
[2014/04/18 05:35:52 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Roaming\Oracle
[2014/04/18 05:30:38 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/04/18 05:30:25 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/04/18 05:30:24 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/04/18 05:30:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/04/12 19:50:23 | 000,000,000 | ---D | C] -- C:\Users\rafli\Documents\Presentation1
[2014/04/12 19:46:17 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Local\Adobe
[2014/04/12 17:56:14 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Roaming\Adobe
[2014/04/10 08:24:21 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Local\Skype
[2014/04/10 08:23:59 | 000,000,000 | ---D | C] -- C:\Users\rafli\AppData\Roaming\Skype
[2014/04/10 08:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/04/10 08:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/04/10 08:23:36 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/04/10 08:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/04 08:12:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/04 07:58:28 | 000,001,284 | ---- | M] () -- C:\Users\rafli\Desktop\SecurityCheck.exe - Shortcut.lnk
[2014/05/04 07:55:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rafli\Desktop\OTL.exe
[2014/05/04 07:54:44 | 000,001,583 | ---- | M] () -- C:\Users\rafli\Desktop\My DAP Downloads.lnk
[2014/05/04 07:35:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/04 06:49:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/05/04 06:33:37 | 005,197,895 | R--- | M] (Swearware) -- C:\Users\rafli\Desktop\ComboFix.exe
[2014/05/04 06:23:09 | 000,002,091 | ---- | M] () -- C:\Users\rafli\Desktop\SpeedBit Video Accelerator.lnk
[2014/05/04 04:36:02 | 000,034,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/04 04:36:02 | 000,034,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/04 04:35:14 | 000,830,362 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/04 04:35:14 | 000,698,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/04 04:35:14 | 000,133,012 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/04 04:30:15 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/05/04 04:30:12 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/04 04:29:12 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/04 04:27:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/04 04:27:18 | 3050,127,360 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/04 03:34:15 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/04 03:34:15 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/04 03:25:39 | 000,822,976 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/04 03:19:22 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/04 03:19:22 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/05/04 03:19:18 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/05/04 03:19:18 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/04 03:19:18 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/05/04 03:19:18 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/04 03:19:18 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/05/04 03:19:17 | 001,967,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/04 03:19:17 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/05/04 03:19:17 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/04 03:19:17 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/05/04 03:19:17 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/05/04 03:19:17 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/05/04 03:19:17 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/05/04 03:19:17 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/05/04 03:19:17 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/05/04 03:19:17 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/05/04 03:19:17 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/05/04 03:19:17 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/04 03:19:17 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/05/04 03:19:17 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/04 03:19:17 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/05/04 03:19:17 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/05/04 03:19:17 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/05/04 03:19:17 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/04 03:19:17 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/05/04 03:19:17 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/04 03:19:17 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/04 03:19:17 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/04 03:19:17 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/05/04 03:19:17 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/05/04 03:19:16 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/05/04 03:19:16 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/04 03:19:16 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/05/04 03:19:16 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/05/04 03:19:16 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/05/04 03:19:16 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/05/04 03:19:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/05/04 03:19:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/05/04 03:19:16 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/05/04 03:19:15 | 005,784,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/04 03:19:15 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/04 03:19:15 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/05/04 03:19:15 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/04 03:19:15 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/04 03:19:15 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/05/04 03:19:15 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/04 03:19:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/04 03:19:15 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/05/04 03:19:15 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/05/04 03:19:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/05/04 03:19:15 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/05/04 03:19:15 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/05/04 03:19:15 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/04 03:19:15 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/05/04 03:19:14 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/04 03:19:14 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/05/04 03:19:14 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/05/04 03:19:14 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/04 03:19:14 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/04 03:19:14 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/04 03:19:14 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/05/04 03:19:14 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/05/04 03:19:14 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/05/04 03:19:14 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/05/04 03:19:14 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/04 03:19:14 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/05/04 03:19:14 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/04 03:19:14 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/05/04 03:19:14 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/04 03:19:14 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/05/04 03:19:14 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/04 03:19:14 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/05/04 03:19:14 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/05/04 03:19:13 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/05/04 03:19:13 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/05/04 03:19:13 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/04 03:19:13 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/05/04 03:19:13 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/04 03:19:13 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/05/04 03:19:13 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/05/04 03:19:13 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/04 00:20:51 | 000,000,899 | ---- | M] () -- C:\Users\rafli\Desktop\Download Accelerator Plus (DAP).lnk
[2014/05/04 00:19:46 | 000,109,696 | ---- | M] () -- C:\Windows\SysWow64\EasyHook64.dll
[2014/05/04 00:19:46 | 000,091,264 | ---- | M] () -- C:\Windows\SysWow64\EasyHook32.dll
[2014/05/04 00:19:45 | 000,172,032 | ---- | M] (Jin Hui    E-mail: jinhui@jcomsoft.com   Web: http://www.jcomsoft.com) -- C:\Windows\SysWow64\AniGIF.ocx
[2014/05/03 21:53:01 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/03 21:31:39 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\DriverDoc_UPDATES.job
[2014/05/03 21:08:38 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\DriverDoc.lnk
[2014/05/03 18:53:45 | 000,000,989 | ---- | M] () -- C:\Users\rafli\Desktop\Internet Download Manager.lnk
[2014/05/03 18:51:31 | 000,000,983 | ---- | M] () -- C:\Users\rafli\Desktop\Mobogenie.lnk
[2014/05/03 18:49:06 | 000,001,635 | ---- | M] () -- C:\Users\rafli\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/03 18:20:20 | 000,012,677 | ---- | M] () -- C:\Windows\PROLINK HSDPA Modem.INI
[2014/05/03 17:25:11 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/05/03 15:49:37 | 000,598,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/29 09:49:00 | 000,061,124 | ---- | M] () -- C:\Users\rafli\Desktop\Dewatering pump cummins.jpg
[2014/04/29 08:25:23 | 000,542,184 | ---- | M] () -- C:\Users\rafli\Desktop\compressor foto 685 cfm.pdf
[2014/04/28 08:28:00 | 000,148,267 | ---- | M] () -- C:\Users\rafli\Desktop\FOI - Total (Accepted).pdf
[2014/04/28 07:40:00 | 000,637,551 | ---- | M] () -- C:\Users\rafli\Desktop\FOI_Air Compressor Rental.pdf
[2014/04/27 11:19:19 | 000,545,696 | ---- | M] () -- C:\Users\rafli\Desktop\ERP Layout.skp
[2014/04/27 11:13:46 | 000,135,457 | ---- | M] () -- C:\Users\rafli\Desktop\Emergency Evacuation Layout.jpg
[2014/04/25 14:54:00 | 000,113,254 | ---- | M] () -- C:\Users\rafli\Desktop\IMG-20140424-007391.jpg
[2014/04/25 14:48:00 | 000,164,662 | ---- | M] () -- C:\Users\rafli\Desktop\CGS-CBMVICO-IV-14-766 Tehnik Nusantara - Rental Compressor for Rig Location.pdf
[2014/04/24 16:10:00 | 000,214,666 | ---- | M] () -- C:\Users\rafli\Desktop\img-424143620-0001.pdf
[2014/04/24 07:37:41 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2014/04/20 05:18:22 | 000,007,600 | ---- | M] () -- C:\Users\rafli\AppData\Local\resmon.resmoncfg
[2014/04/20 04:51:40 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2014/04/18 05:55:00 | 003,432,915 | ---- | M] () -- C:\Users\rafli\Documents\billboard.jpg
[2014/04/18 05:17:54 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2014/04/14 20:13:43 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/04/14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/04/14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/04/14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/04/12 19:50:34 | 000,143,565 | ---- | M] () -- C:\Users\rafli\Documents\Presentation1.pdf
[2014/04/12 16:23:13 | 011,079,113 | ---- | M] () -- C:\Users\rafli\Desktop\Sign Board TN -new ws.psd
[2014/04/10 08:23:39 | 000,002,727 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/04 07:58:28 | 000,001,284 | ---- | C] () -- C:\Users\rafli\Desktop\SecurityCheck.exe - Shortcut.lnk
[2014/05/04 06:35:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/05/04 06:35:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/05/04 06:35:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/05/04 06:35:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/05/04 06:35:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/05/04 03:19:17 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/05/04 03:19:14 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/05/04 00:31:37 | 000,002,091 | ---- | C] () -- C:\Users\rafli\Desktop\SpeedBit Video Accelerator.lnk
[2014/05/04 00:20:51 | 000,001,583 | ---- | C] () -- C:\Users\rafli\Desktop\My DAP Downloads.lnk
[2014/05/04 00:20:51 | 000,000,899 | ---- | C] () -- C:\Users\rafli\Desktop\Download Accelerator Plus (DAP).lnk
[2014/05/04 00:19:50 | 000,109,696 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2014/05/04 00:19:50 | 000,091,264 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2014/05/03 21:53:01 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/03 21:08:45 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\DriverDoc_UPDATES.job
[2014/05/03 21:08:38 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\DriverDoc.lnk
[2014/05/03 18:53:45 | 000,000,989 | ---- | C] () -- C:\Users\rafli\Desktop\Internet Download Manager.lnk
[2014/05/03 18:51:40 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/05/03 18:51:31 | 000,000,983 | ---- | C] () -- C:\Users\rafli\Desktop\Mobogenie.lnk
[2014/04/29 09:49:00 | 000,061,124 | ---- | C] () -- C:\Users\rafli\Desktop\Dewatering pump cummins.jpg
[2014/04/29 08:23:20 | 000,542,184 | ---- | C] () -- C:\Users\rafli\Desktop\compressor foto 685 cfm.pdf
[2014/04/28 08:28:00 | 000,148,267 | ---- | C] () -- C:\Users\rafli\Desktop\FOI - Total (Accepted).pdf
[2014/04/28 07:40:00 | 000,637,551 | ---- | C] () -- C:\Users\rafli\Desktop\FOI_Air Compressor Rental.pdf
[2014/04/27 11:19:18 | 000,545,696 | ---- | C] () -- C:\Users\rafli\Desktop\ERP Layout.skp
[2014/04/27 11:07:51 | 000,135,457 | ---- | C] () -- C:\Users\rafli\Desktop\Emergency Evacuation Layout.jpg
[2014/04/26 14:01:04 | 000,873,916 | ---- | C] () -- C:\Users\rafli\Desktop\Air-Compressors-Oil-Free-NHP 1500.pdf
[2014/04/25 14:54:00 | 000,113,254 | ---- | C] () -- C:\Users\rafli\Desktop\IMG-20140424-007391.jpg
[2014/04/25 14:48:00 | 000,164,662 | ---- | C] () -- C:\Users\rafli\Desktop\CGS-CBMVICO-IV-14-766 Tehnik Nusantara - Rental Compressor for Rig Location.pdf
[2014/04/24 16:10:00 | 000,214,666 | ---- | C] () -- C:\Users\rafli\Desktop\img-424143620-0001.pdf
[2014/04/24 07:37:41 | 000,002,499 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
[2014/04/24 07:37:41 | 000,002,485 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk
[2014/04/24 07:37:41 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2014/04/18 05:55:00 | 003,432,915 | ---- | C] () -- C:\Users\rafli\Documents\billboard.jpg
[2014/04/12 19:50:34 | 000,143,565 | ---- | C] () -- C:\Users\rafli\Documents\Presentation1.pdf
[2014/04/12 10:59:09 | 011,079,113 | ---- | C] () -- C:\Users\rafli\Desktop\Sign Board TN -new ws.psd
[2014/04/10 08:23:39 | 000,002,727 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/01/30 09:21:49 | 000,000,812 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/19 07:06:04 | 000,000,104 | ---- | C] () -- C:\Users\rafli\AppData\Roaming\WB.CFG
[2013/11/07 17:22:05 | 000,005,632 | ---- | C] () -- C:\Users\rafli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/06 10:34:42 | 000,000,132 | ---- | C] () -- C:\Users\rafli\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2013/08/06 10:16:06 | 000,001,456 | ---- | C] () -- C:\Users\rafli\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/08/01 02:47:16 | 000,001,456 | ---- | C] () -- C:\Users\rafli\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013/07/22 16:16:08 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\ContentDirectoryPresenter.dll
[2013/07/20 22:49:52 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/06/27 12:37:24 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\MediaDB.dll
[2013/06/26 13:16:20 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\boost_thread-vc90-mt-1_47.dll
[2013/06/26 13:16:14 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\boost_date_time-vc90-mt-1_47.dll
[2013/06/26 13:16:08 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\boost_regex-vc90-mt-1_47.dll
[2013/06/26 13:16:08 | 000,227,840 | ---- | C] () -- C:\Windows\SysWow64\boost_serialization-vc90-mt-1_47.dll
[2013/06/26 13:16:06 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\boost_system-vc90-mt-1_47.dll
[2013/06/26 13:16:04 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll
[2013/04/27 03:01:13 | 000,000,600 | ---- | C] () -- C:\Users\rafli\PUTTY.RND
[2013/04/16 13:33:15 | 000,190,124 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/03/29 12:31:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2013/03/28 22:35:51 | 000,000,963 | ---- | C] () -- C:\Users\rafli\AppData\Roaming\private.key
[2013/03/28 22:35:51 | 000,000,692 | ---- | C] () -- C:\Users\rafli\AppData\Roaming\certificate.csr
[2013/03/12 12:41:45 | 000,000,055 | ---- | C] () -- C:\Windows\SpeedGear.INI
[2013/03/09 18:29:47 | 000,013,501 | ---- | C] () -- C:\Users\rafli\AppData\Local\Temp10.html
[2013/03/09 14:32:48 | 000,001,955 | ---- | C] () -- C:\Users\rafli\AppData\Local\Temp1.html
[2013/02/10 21:15:02 | 007,833,552 | ---- | C] () -- C:\Windows\SysWow64\avcodec-53.dll
[2013/02/10 21:15:02 | 000,247,920 | ---- | C] () -- C:\Windows\SysWow64\avutil-51.dll
[2013/01/01 20:09:19 | 000,000,029 | ---- | C] () -- C:\Windows\SysWow64\config.ini
[2012/12/23 05:13:33 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2012/12/18 21:32:07 | 000,001,234 | RHS- | C] () -- C:\Users\rafli\ntuser.pol
[2012/12/18 20:17:37 | 000,034,816 | ---- | C] () -- C:\Windows\StmClean.exe
[2012/12/17 00:54:21 | 000,822,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/16 20:25:09 | 000,012,677 | ---- | C] () -- C:\Windows\PROLINK HSDPA Modem.INI
[2012/12/16 20:08:02 | 000,007,600 | ---- | C] () -- C:\Users\rafli\AppData\Local\resmon.resmoncfg
[2012/07/30 13:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/07/30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/07/30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/07/30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/07/30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/18 04:15:04 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\spdif_test.exe
[2012/06/18 04:14:58 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2012/06/18 04:14:42 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 11:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 09:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 08:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 08:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 10:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 08:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/17 10:41:54 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\4shared Desktop
[2012/12/17 14:28:03 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\ACD Systems
[2013/03/23 10:16:40 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\AdamOutler
[2013/03/28 23:18:16 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Audacity
[2013/06/03 22:03:41 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\BabSolution
[2012/12/22 23:38:32 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Babylon
[2013/01/01 20:09:28 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Baidu
[2013/06/03 22:09:38 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Baidu Security
[2013/01/02 05:17:56 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\BaiduPcFaster
[2013/10/28 00:18:16 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Camfrog
[2013/12/10 14:47:25 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Canon
[2013/03/22 19:30:04 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/12/25 01:11:48 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\CometPlayer
[2013/03/12 06:01:54 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\DAEMON Tools Pro
[2013/07/21 03:31:26 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Dealply
[2014/05/03 16:47:00 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\DMCache
[2013/11/16 06:08:01 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Dropbox
[2013/07/21 03:30:00 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\ExpressFiles
[2012/12/23 05:33:46 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\ExtremeCopy
[2014/04/14 11:27:09 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\File Scout
[2013/01/02 04:20:29 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\FileOpen
[2013/09/06 20:45:40 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\iFunbox_UserCache
[2012/12/18 20:46:54 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\ImgBurn
[2014/04/18 14:59:01 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\newnext.me
[2013/01/02 04:20:29 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Nitro
[2013/01/16 18:30:04 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Nitro PDF
[2013/05/19 06:25:51 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\ODIN
[2013/01/01 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\OpenCandy
[2013/08/08 06:10:18 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Opera
[2013/08/31 21:07:22 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Opera Software
[2014/04/18 05:35:52 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Oracle
[2013/01/01 20:09:19 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\PCF
[2013/06/04 01:34:54 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\PerformerSoft
[2014/05/03 18:49:24 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\qone8
[2013/08/10 17:29:54 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\redsn0w
[2013/06/02 19:07:30 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\rockbox.org
[2013/07/12 22:49:33 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Samsung
[2013/01/25 07:53:57 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Smadav
[2014/05/03 21:08:38 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Solvusoft
[2014/02/23 20:18:37 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Sony
[2013/05/31 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\SpeedAnalysis2
[2014/05/04 00:19:58 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\SpeedBit
[2013/05/22 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Subtitles-1.3
[2014/05/03 18:51:44 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\SupTab
[2013/08/06 23:16:45 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\systweak
[2012/12/25 00:20:07 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\tigerplayer
[2012/12/16 20:59:51 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\TuneUp Software
[2014/04/10 07:57:43 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Updater
[2012/12/27 04:06:29 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\WebcamMax
[2013/06/29 07:54:59 | 000,000,000 | ---D | M] -- C:\Users\rafli\AppData\Roaming\Woodward
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:AD022376
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:56E2E879

< End of report >

 

 

I will be very appreciate  for your reply

 

Best Regards,

Rafli Hemanto


Edited by rafli1982, 03 May 2014 - 10:40 PM.


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 PM

Posted 08 May 2014 - 07:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/533191 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:37 PM

Posted 13 May 2014 - 07:45 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:37 PM

Posted 15 May 2014 - 08:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:37 PM

Posted 21 May 2014 - 07:54 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users