Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remove 127.0.0.1/proxy.pac virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 ivanchibi

ivanchibi

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 23 December 2015 - 12:19 PM

I got infected by 127.0.0.1/proxy.pac virus and I have scaned my computer with FSRT

Here is the FSRT.txt file generted after scanning

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
Ran by Ivan (administrator) on IVAN-PC (24-12-2015 00:00:54)
Running from C:\Users\Ivan\Downloads
Loaded Profiles: Ivan (Available Profiles: Ivan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\pg_ctl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(InstallShield®) Cf:\Program Files (x86)\Common Files\InstallShield\Update\updatesvc.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
() C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\TrayTipAgentE.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [683352 2013-06-27] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [TortoiseHgOverlayIconServer] => C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe [101128 2015-06-03] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-01] (Avast Software s.r.o.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM\...\RunOnce: [NCInstallQueue] => rundll32 netman.dll,ProcessQueue
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4284830272-390631534-2935517633-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4284830272-390631534-2935517633-1000\...\Run: [ApacheTomcatMonitor8.0_Tomcat8] => C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8w.exe [110208 2015-10-08] (Apache Software Foundation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-07] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-08-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-08-25] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-30] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-12-04]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM-x32] => hxxp://127.0.0.1:8080/proxy.pac
ProxyServer: [S-1-5-21-4284830272-390631534-2935517633-1000] => cache.itb.ac.id:8080
Winsock: Catalog5 08 C:\Windows\SysWOW64\PrxerNsp.dll [56424 2012-11-22] ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\PrxerDrv.dll [70248 2012-11-22] (Initex)
Winsock: Catalog9 02 C:\Windows\SysWOW64\PrxerDrv.dll [70248 2012-11-22] (Initex)
Winsock: Catalog9 07 C:\Windows\SysWOW64\PrxerDrv.dll [70248 2012-11-22] (Initex)
Winsock: Catalog9 08 C:\Windows\SysWOW64\PrxerDrv.dll [70248 2012-11-22] (Initex)
Winsock: Catalog9 16 C:\Windows\SysWOW64\PrxerDrv.dll [70248 2012-11-22] (Initex)
Winsock: Catalog5-x64 08 C:\Windows\system32\PrxerNsp.dll [57448 2012-11-22] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\PrxerDrv.dll [76392 2012-11-22] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\PrxerDrv.dll [76392 2012-11-22] (Initex)
Winsock: Catalog9-x64 07 C:\Windows\system32\PrxerDrv.dll [76392 2012-11-22] (Initex)
Winsock: Catalog9-x64 08 C:\Windows\system32\PrxerDrv.dll [76392 2012-11-22] (Initex)
Winsock: Catalog9-x64 16 C:\Windows\system32\PrxerDrv.dll [76392 2012-11-22] (Initex)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{51AE2BF4-52A4-40A6-B04D-AF56F71E7F90}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{60E3870A-08C3-40DD-B133-18B5524A3D46}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{7E17E884-20FA-4ED0-8851-8781E8951899}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{944BF13F-C06F-4F25-A70E-1123EC60932F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9C51B0DB-6C0E-435A-BD87-6CA593A65729}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-07] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-30] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-07] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-30] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\z6whzc3a.default
FF NetworkProxy: "ftp", "cache.itb.ac.id"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "cache.itb.ac.id"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, .arc.itb.ac.id"
FF NetworkProxy: "socks", "cache.itb.ac.id"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "cache.itb.ac.id"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 4
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Extension: LocalLink - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\z6whzc3a.default\extensions\{15756614-ffb8-498b-b961-bce537ea94fe}.xpi [2015-06-03]
FF Extension: SQLite Manager - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\z6whzc3a.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2015-08-13]
FF Extension: No Name - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\z6whzc3a.default\Extensions\client@anonymox.net.xpi [2015-11-02] [not signed]
FF Extension: Firebug - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\z6whzc3a.default\Extensions\firebug@software.joehewitt.com.xpi [2015-11-02]
FF Extension: SaveFrom.net - helper - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\z6whzc3a.default\Extensions\helper-sig@savefrom.net.xpi [2015-12-06]
FF Extension: SeoQuake - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\z6whzc3a.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}.xpi [2015-12-23]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-12]

Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SEOquake) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2015-12-23]
CHR Extension: (Google Docs) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Postman) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2015-12-19]
CHR Extension: (Google Docs Offline) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Avast Online Security) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKU\S-1-5-21-4284830272-390631534-2935517633-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-30] (Avast Software s.r.o.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [1008344 2013-03-29] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2013-08-22] (The OpenVPN Project)
R2 postgresql-x64-9.4; C:\Program Files\PostgreSQL\9.4\bin\pg_ctl.exe [92160 2015-07-13] (PostgreSQL Global Development Group) [File not signed]
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [368128 2015-02-17] (Razer Inc.) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 Tomcat8; C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe [109696 2015-10-08] (Apache Software Foundation)
R2 updatesvc.exe; C:\Program Files (x86)\Common Files\InstallShield\Update\updatesvc.exe [346624 2015-12-08] (InstallShield®) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14405200 2013-10-18] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-30] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-30] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-30] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-01] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-30] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-30] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2015-02-12] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-05-08] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-23] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RoboMatterVBus; C:\Windows\System32\DRIVERS\robovbus.sys [27976 2014-01-03] (Robomatter)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-24 00:00 - 2015-12-24 00:00 - 00044179 _____ C:\Users\Ivan\Downloads\FRST (1).txt
2015-12-23 23:58 - 2015-12-23 23:58 - 02370560 _____ (Farbar) C:\Users\Ivan\Downloads\FRST64.exe
2015-12-23 23:54 - 2015-12-23 23:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-23 23:53 - 2015-12-23 23:53 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-23 23:53 - 2015-12-23 23:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-23 23:53 - 2015-12-23 23:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-23 23:53 - 2015-12-23 23:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-23 23:53 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-23 23:53 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-23 23:53 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-23 23:52 - 2015-12-23 23:53 - 22908888 _____ (Malwarebytes ) C:\Users\Ivan\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-23 23:47 - 2015-12-23 23:47 - 00781312 _____ C:\Users\Ivan\Downloads\delfix_1.010.exe
2015-12-23 23:07 - 2015-12-23 23:07 - 00927824 _____ (Google Inc.) C:\Users\Ivan\Downloads\ChromeSetup.exe
2015-12-23 22:52 - 2015-12-23 22:52 - 00077921 _____ C:\Users\Ivan\Downloads\satellite_radius12_P25W-C2304-4K.pdf
2015-12-23 22:25 - 2015-12-23 22:25 - 02162766 _____ C:\Users\Ivan\Downloads\inspiron-15-3559-laptop_Reference Guide_en-us.pdf
2015-12-21 19:30 - 2015-12-21 19:30 - 00044965 _____ C:\Users\Ivan\Downloads\0A3021AB15784A9AB06F934B5DAC3C21.pdf
2015-12-20 18:32 - 2015-12-20 18:43 - 16567420 _____ C:\Users\Ivan\Downloads\Zivilia Aibleeperu 3 (Official Music video).mp4
2015-12-19 18:34 - 2015-12-19 19:13 - 48968413 _____ C:\Users\Ivan\Downloads\Hello - Dua Cincin - Official Video Music HD.mp4
2015-12-19 08:47 - 2015-12-19 08:55 - 74672894 _____ C:\Users\Ivan\Downloads\mini (2) (1).mp4
2015-12-19 08:39 - 2015-12-19 08:46 - 74672894 _____ C:\Users\Ivan\Downloads\mini (2).mp4
2015-12-18 23:34 - 2015-12-18 23:34 - 00000000 ____D C:\Users\Ivan\Downloads\Final_Report_Group_04 (1)
2015-12-18 23:30 - 2015-12-18 23:34 - 11461705 _____ C:\Users\Ivan\Downloads\Final_Report_Group_04 (1).zip
2015-12-18 23:20 - 2015-12-19 15:52 - 00000000 ____D C:\Users\Ivan\Documents\Final_Report_Group_04
2015-12-18 23:20 - 2015-12-18 23:20 - 09685122 _____ C:\Users\Ivan\Documents\Final_Report_Group_04.zip
2015-12-18 23:16 - 2015-12-18 23:27 - 11461705 _____ C:\Users\Ivan\Downloads\Final_Report_Group_04.zip
2015-12-18 23:08 - 2015-12-18 23:08 - 03557132 _____ C:\Users\Ivan\Downloads\Group 04 - ClickCatCompare.pptx
2015-12-18 23:05 - 2015-12-18 23:20 - 00000000 ____D C:\Users\Ivan\Downloads\Final_Report_Group_04
2015-12-18 22:55 - 2015-12-18 22:56 - 01483677 _____ C:\Users\Ivan\Downloads\Final_Report_13513039.pdf
2015-12-18 21:49 - 2015-12-18 21:49 - 00000000 ____D C:\Users\Ivan\Downloads\analytic_evaluation_group_03
2015-12-18 21:42 - 2015-12-18 21:45 - 01253858 _____ C:\Users\Ivan\Downloads\analytic_evaluation_group_03.zip
2015-12-18 20:39 - 2015-12-18 20:59 - 109859743 _____ C:\Users\Ivan\Downloads\mini (5).mp4
2015-12-18 15:12 - 2015-12-18 15:13 - 00000000 ____D C:\Users\Ivan\Documents\gila_mbd
2015-12-18 14:57 - 2015-12-04 18:54 - 02546745 _____ C:\Users\Ivan\Documents\IF3140_TugasBesar_K1-G01.pdf
2015-12-17 20:11 - 2015-12-17 20:11 - 00001124 _____ C:\Users\Ivan\Downloads\bahan uas jarkom.txt
2015-12-16 09:40 - 2015-12-16 09:40 - 02095539 _____ C:\Users\Ivan\Downloads\IF3170 Intelegensi Buatan.pdf
2015-12-15 14:06 - 2015-12-15 14:10 - 28691458 _____ C:\Users\Ivan\Downloads\Taylor Swift - Red(Lyrics).mp4
2015-12-15 14:05 - 2015-12-15 14:06 - 08091451 _____ C:\Users\Ivan\Downloads\Love Story-Taylor Swift Lyrics.mp4
2015-12-15 13:42 - 2015-12-15 13:45 - 36786649 _____ C:\Users\Ivan\Downloads\Back to December- Taylor Swift lyrics.mp4
2015-12-15 12:43 - 2015-12-15 12:43 - 11234132 _____ C:\Users\Ivan\Downloads\Taylor Swift - I Knew You Were Trouble Lyrics (HD).mp4
2015-12-15 10:49 - 2015-12-15 10:49 - 00549964 _____ C:\Users\Ivan\Downloads\MateriMinggu14b_1516_AI_PRS.pdf
2015-12-15 10:49 - 2015-12-15 10:49 - 00316495 _____ C:\Users\Ivan\Downloads\MateriMinggu14a_1516_AI_ReinforcementLearning.pdf
2015-12-13 02:39 - 2015-12-13 02:39 - 00607441 _____ C:\Users\Ivan\Downloads\MPPL-09-13-Prj Human Resource Mgt.pdf
2015-12-13 02:39 - 2015-12-13 02:39 - 00203180 _____ C:\Users\Ivan\Downloads\MPPL-11-13-Project Risk Management.pdf
2015-12-13 02:39 - 2015-12-13 02:39 - 00086732 _____ C:\Users\Ivan\Downloads\MPPL-12-13-Project Quality Management.pdf
2015-12-13 02:39 - 2015-12-13 02:39 - 00083578 _____ C:\Users\Ivan\Downloads\MPPL-10-13-Prj Communication Mgt.pdf
2015-12-13 02:38 - 2015-12-13 02:39 - 00236743 _____ C:\Users\Ivan\Downloads\MPPL-08-13 Project Cost Management.pdf
2015-12-12 18:54 - 2015-12-12 18:54 - 00865280 _____ C:\Users\Ivan\Downloads\topic11_bayesian_networks.ppt
2015-12-11 21:59 - 2015-12-11 22:01 - 00289822 _____ C:\Users\Ivan\Downloads\[IF3130] Situs Web yang Lemah - Ivan  - 13513039.pdf
2015-12-11 12:04 - 2015-12-20 12:01 - 00000334 _____ C:\Windows\Tasks\InstallShield Update Task.job
2015-12-11 12:04 - 2015-12-11 12:04 - 00002998 _____ C:\Windows\System32\Tasks\InstallShield Update Task
2015-12-11 11:23 - 2015-12-23 23:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-11 08:54 - 2015-12-11 08:56 - 00000000 ____D C:\Users\Ivan\OWASP ZAP
2015-12-10 23:20 - 2015-12-10 23:47 - 75764259 _____ (psiinon@gmail.com ) C:\Users\Ivan\Downloads\ZAP_2.4.3_Windows.exe
2015-12-09 12:57 - 2015-12-09 12:57 - 00779600 _____ C:\Users\Ivan\Downloads\IF3110-06a-eng-Pemrograman PHP.pdf
2015-12-09 10:11 - 2015-11-12 04:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 10:11 - 2015-11-12 03:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 10:11 - 2015-11-11 23:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 10:11 - 2015-11-11 23:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 10:11 - 2015-11-11 22:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-09 10:11 - 2015-11-11 22:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 10:11 - 2015-11-11 22:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 10:11 - 2015-11-11 22:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 10:11 - 2015-11-11 21:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-09 10:11 - 2015-11-10 07:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-09 10:11 - 2015-11-10 07:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 10:11 - 2015-11-10 07:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-09 10:11 - 2015-11-10 07:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-09 10:11 - 2015-11-10 07:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-09 10:11 - 2015-11-10 07:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 10:11 - 2015-11-10 07:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 10:11 - 2015-11-10 07:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-09 10:11 - 2015-11-10 07:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-09 10:11 - 2015-11-10 07:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 10:11 - 2015-11-10 07:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-09 10:11 - 2015-11-10 07:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 10:11 - 2015-11-10 07:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-09 10:11 - 2015-11-10 06:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-09 10:11 - 2015-11-10 06:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-09 10:11 - 2015-11-10 06:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 10:11 - 2015-11-10 06:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-09 10:11 - 2015-11-10 06:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 10:11 - 2015-11-10 06:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 10:11 - 2015-11-10 06:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 10:11 - 2015-11-10 06:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-09 10:11 - 2015-11-10 06:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 10:11 - 2015-11-10 06:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 10:11 - 2015-11-10 06:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 10:11 - 2015-11-09 05:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-09 10:11 - 2015-11-09 05:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-09 10:11 - 2015-11-09 05:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-09 10:11 - 2015-11-09 05:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 10:11 - 2015-11-09 05:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 10:11 - 2015-11-09 05:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-09 10:11 - 2015-11-09 05:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-09 10:11 - 2015-11-09 05:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-09 10:11 - 2015-11-09 05:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-09 10:11 - 2015-11-09 05:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-09 10:11 - 2015-11-09 05:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 10:11 - 2015-11-09 05:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 10:11 - 2015-11-09 05:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 10:11 - 2015-11-09 05:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-09 10:11 - 2015-11-09 05:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-09 10:11 - 2015-11-09 05:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-09 10:11 - 2015-11-09 04:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-09 10:11 - 2015-11-09 04:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-09 10:11 - 2015-11-09 04:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 10:11 - 2015-11-09 04:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-09 10:11 - 2015-11-09 04:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 10:11 - 2015-11-09 04:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-09 10:11 - 2015-11-09 04:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 10:11 - 2015-11-09 04:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 10:11 - 2015-11-09 04:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 10:11 - 2015-11-09 04:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 10:11 - 2015-11-09 04:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-09 10:11 - 2015-11-09 04:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 10:11 - 2015-11-09 03:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 10:11 - 2015-11-09 03:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 10:11 - 2015-11-09 03:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 10:10 - 2015-11-21 01:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 10:10 - 2015-11-21 01:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 10:10 - 2015-11-21 01:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 10:10 - 2015-11-21 01:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 10:10 - 2015-11-21 01:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 10:10 - 2015-11-21 01:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 10:10 - 2015-11-21 01:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-09 10:10 - 2015-11-21 01:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 10:10 - 2015-11-21 01:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 10:10 - 2015-11-21 01:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-09 10:10 - 2015-11-21 01:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-09 10:10 - 2015-11-21 01:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 10:10 - 2015-11-21 01:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 10:10 - 2015-11-21 01:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 10:10 - 2015-11-21 01:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-09 10:10 - 2015-11-21 01:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 10:10 - 2015-11-12 01:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 10:10 - 2015-11-12 01:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 10:10 - 2015-11-12 01:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 10:10 - 2015-11-12 01:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 10:10 - 2015-11-11 01:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 10:10 - 2015-11-11 01:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 10:10 - 2015-11-11 01:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 10:10 - 2015-11-11 01:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 10:10 - 2015-11-11 01:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 10:10 - 2015-11-11 00:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 10:10 - 2015-11-06 02:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 10:10 - 2015-11-06 02:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 10:10 - 2015-11-06 02:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-09 10:10 - 2015-11-06 02:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-09 10:10 - 2015-11-05 16:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 10:10 - 2015-11-04 02:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-09 10:10 - 2015-11-04 01:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-09 10:10 - 2015-10-09 06:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-09 10:10 - 2015-10-09 06:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-09 10:10 - 2015-10-09 06:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-09 10:10 - 2015-10-09 06:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-09 10:10 - 2015-10-09 06:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-09 10:10 - 2015-10-09 06:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-09 10:10 - 2015-10-09 06:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-09 10:10 - 2015-10-09 06:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-09 10:10 - 2015-10-09 02:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-09 10:10 - 2015-10-09 01:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-09 10:06 - 2015-11-04 02:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-09 10:06 - 2015-11-04 01:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-09 04:32 - 2015-12-09 04:32 - 01775426 _____ C:\Users\Ivan\Downloads\IF3110-15-ReactJS.pdf
2015-12-09 04:32 - 2015-12-09 04:32 - 00421006 _____ C:\Users\Ivan\Downloads\IF3110-06b-CGI.pdf
2015-12-09 04:32 - 2015-12-09 04:32 - 00352437 _____ C:\Users\Ivan\Downloads\IF3110-15-Ruby on Rails.pdf
2015-12-08 16:42 - 2015-12-08 16:42 - 03772361 _____ C:\Users\Ivan\Downloads\IF3110-13-WebSecurity-Threat.pdf
2015-12-08 16:42 - 2015-12-08 16:42 - 01976948 _____ C:\Users\Ivan\Downloads\IF3110-12b-eng-JS Framework-2014.pdf
2015-12-08 16:42 - 2015-12-08 16:42 - 00860629 _____ C:\Users\Ivan\Downloads\IF3110-12a-eng-Google Web Toolkit-2014.pdf
2015-12-08 16:42 - 2015-12-08 16:42 - 00696925 _____ C:\Users\Ivan\Downloads\IF3110-11-eng-Google App Engine 2014.pdf
2015-12-08 16:08 - 2015-12-08 16:08 - 00016060 ____H C:\Users\Ivan\Documents\~WRL0238.tmp
2015-12-07 15:46 - 2015-12-07 15:47 - 01776128 _____ C:\Users\Ivan\Downloads\ch20.ppt
2015-12-06 01:04 - 2015-12-06 01:04 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-05 10:05 - 2015-12-05 10:05 - 00000000 ____D C:\Tubes WBD 2
2015-12-03 19:14 - 2015-12-03 19:14 - 00001686 _____ C:\Users\Ivan\Documents\query trigger.txt
2015-12-03 15:00 - 2015-11-25 12:38 - 00000000 ____D C:\jarkomt2
2015-12-01 20:13 - 2015-12-01 20:13 - 00083875 _____ C:\Users\Ivan\Downloads\_KNN.rar
2015-12-01 20:13 - 2015-12-01 20:13 - 00000000 ____D C:\Users\Ivan\Downloads\_KNN
2015-12-01 14:32 - 2015-12-01 14:32 - 01026270 _____ C:\Users\Ivan\Downloads\hw2_dataPreproc (2).pdf
2015-12-01 14:30 - 2015-12-01 14:31 - 01026270 _____ C:\Users\Ivan\Downloads\hw2_dataPreproc (1).pdf
2015-12-01 14:30 - 2015-12-01 14:30 - 01026270 _____ C:\Users\Ivan\Downloads\hw2_dataPreproc.pdf
2015-12-01 06:31 - 2015-12-01 06:31 - 00106019 _____ C:\Users\Ivan\Downloads\ListofPrioritizeRisk.pdf
2015-11-30 21:59 - 2015-11-30 21:59 - 00655360 _____ C:\Users\Ivan\Downloads\Project_Garuda_Citra_Buana.mpp
2015-11-30 17:34 - 2015-11-30 17:34 - 00000000 ____D C:\Users\Ivan\Downloads\collective-classification-b6fd5d0a9d9a
2015-11-30 17:31 - 2015-11-30 17:33 - 09287662 _____ C:\Users\Ivan\Downloads\collective-classification-b6fd5d0a9d9a.zip
2015-11-30 11:44 - 2015-11-30 11:44 - 00909312 _____ C:\Users\Ivan\Downloads\NaiveBayesforIvam.ppt
2015-11-30 11:24 - 2015-11-30 11:24 - 00055474 _____ C:\Users\Ivan\Downloads\car.arff
2015-11-30 10:38 - 2015-11-30 10:38 - 00000000 ____D C:\Users\Ivan\Documents\zzzgila
2015-11-30 10:38 - 2015-11-30 10:35 - 00011679 ____N C:\Users\Ivan\Documents\DialogDemo.java
2015-11-30 10:38 - 2015-11-30 10:35 - 00007049 ____N C:\Users\Ivan\Documents\CustomDialog.java
2015-11-30 10:35 - 2015-11-30 10:35 - 00000075 _____ C:\Users\Ivan\SqlViewerHistory.props
2015-11-29 23:54 - 2015-11-29 23:54 - 02945874 _____ C:\Users\Ivan\Downloads\analytic_evaluation_group_004.zip
2015-11-29 23:52 - 2015-11-29 23:52 - 02945874 _____ C:\Users\Ivan\Documents\analytic_evaluation_group_004.zip
2015-11-29 23:52 - 2015-11-29 23:51 - 00514060 _____ C:\Users\Ivan\Documents\analytic_evaulation_group_004.pdf
2015-11-29 23:52 - 2015-11-29 23:41 - 01196354 _____ C:\Users\Ivan\Documents\analytic_evaluation_group_004.pptx
2015-11-29 23:52 - 2015-11-29 23:40 - 00251659 _____ C:\Users\Ivan\Documents\13513055_TifaniWarnita.pdf
2015-11-29 23:52 - 2015-11-29 23:40 - 00233891 _____ C:\Users\Ivan\Documents\13513021_ErickChandra.pdf
2015-11-29 23:52 - 2015-11-29 23:40 - 00227949 _____ C:\Users\Ivan\Documents\13513039_Ivan.pdf
2015-11-29 23:52 - 2015-11-29 23:40 - 00227365 _____ C:\Users\Ivan\Documents\13513071_WilhelmusAndrianTanujaya.pdf
2015-11-29 23:52 - 2015-11-29 23:40 - 00225561 _____ C:\Users\Ivan\Documents\13513003_JonathanBenedict.pdf
2015-11-29 23:52 - 2015-11-29 23:40 - 00223790 _____ C:\Users\Ivan\Documents\13513087_RandiChilyonAlfianto.pdf
2015-11-29 23:51 - 2015-11-29 23:51 - 02945888 _____ C:\Users\Ivan\Downloads\analytic_evaluation_group.zip
2015-11-29 23:50 - 2015-11-29 23:51 - 00514060 _____ C:\Users\Ivan\Downloads\analytic_evaulation_group_004.pdf
2015-11-29 23:41 - 2015-11-30 09:03 - 01603517 _____ C:\Users\Ivan\Downloads\analytic_evaluation_group_004.pptx
2015-11-29 23:40 - 2015-11-29 23:40 - 00251659 _____ C:\Users\Ivan\Downloads\13513055_TifaniWarnita.pdf
2015-11-29 23:40 - 2015-11-29 23:40 - 00233891 _____ C:\Users\Ivan\Downloads\13513021_ErickChandra.pdf
2015-11-29 23:40 - 2015-11-29 23:40 - 00227949 _____ C:\Users\Ivan\Downloads\13513039_Ivan.pdf
2015-11-29 23:40 - 2015-11-29 23:40 - 00227365 _____ C:\Users\Ivan\Downloads\13513071_WilhelmusAndrianTanujaya.pdf
2015-11-29 23:40 - 2015-11-29 23:40 - 00223790 _____ C:\Users\Ivan\Downloads\13513087_RandiChilyonAlfianto.pdf
2015-11-29 23:39 - 2015-11-29 23:40 - 00225561 _____ C:\Users\Ivan\Downloads\13513003_JonathanBenedict.pdf
2015-11-29 12:11 - 2015-11-29 12:11 - 00035235 _____ C:\Users\Ivan\Downloads\pic
2015-11-29 10:08 - 2015-11-29 10:08 - 00482674 _____ C:\Users\Ivan\Downloads\1540-4902-1-PB.pdf
2015-11-29 10:07 - 2015-11-29 10:07 - 00900096 _____ C:\Users\Ivan\Downloads\NaiveBayes.ppt
2015-11-29 10:07 - 2015-11-29 10:07 - 00900096 _____ C:\Users\Ivan\Downloads\NaiveBayes (1).ppt
2015-11-27 11:02 - 2015-11-27 11:07 - 00000000 _____ C:\Users\Ivan\AppData\Local\{1656E36C-A101-4651-88E7-FE50ED682F2F}
2015-11-24 11:51 - 2015-11-24 11:51 - 00007822 _____ C:\Users\Ivan\Downloads\java-property-utils-1.9.jar
2015-11-24 11:26 - 2015-11-24 11:55 - 00000000 ____D C:\Users\Ivan\Downloads\cors-filter-1.7.1.jar
2015-11-24 11:26 - 2015-11-24 11:26 - 00021908 _____ C:\Users\Ivan\Downloads\cors-filter-1.7.1.jar.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-24 00:00 - 2015-11-03 18:14 - 00000000 ____D C:\FRST
2015-12-24 00:00 - 2015-11-03 18:12 - 00028622 _____ C:\Users\Ivan\Downloads\FRST.txt
2015-12-23 23:37 - 2014-12-04 21:42 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-23 22:48 - 2009-07-14 11:45 - 00013952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-23 22:48 - 2009-07-14 11:45 - 00013952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-23 22:35 - 2015-06-06 20:32 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\TortoiseHg
2015-12-23 22:33 - 2015-09-29 12:30 - 00000000 ____D C:\ProgramData\VMware
2015-12-23 22:32 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-23 22:31 - 2014-12-04 22:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-23 11:02 - 2014-12-05 19:58 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Adobe
2015-12-23 08:50 - 2009-07-14 11:45 - 05076424 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-23 08:45 - 2015-04-05 01:06 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-23 08:45 - 2015-04-05 01:06 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-23 08:45 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\inf
2015-12-21 23:22 - 2014-12-04 23:39 - 00000000 ____D C:\Windows\system32\MRT
2015-12-21 23:12 - 2014-12-05 06:52 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-18 14:59 - 2009-07-14 12:13 - 00788582 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-18 01:15 - 2015-11-01 16:24 - 00000000 ____D C:\Users\Ivan\AppData\Local\Axure
2015-12-14 01:03 - 2014-12-04 22:06 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-11 12:04 - 2014-12-04 21:37 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\InstallShield
2015-12-11 08:54 - 2014-12-04 21:17 - 00000000 ____D C:\Users\Ivan
2015-12-06 20:23 - 2015-11-06 11:43 - 00000000 ____D C:\Users\Ivan\AppData\Local\Eclipse
2015-12-06 19:56 - 2015-11-17 17:21 - 00000000 ____D C:\twbd
2015-12-06 01:04 - 2015-11-03 12:37 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-05 14:26 - 2015-11-16 12:56 - 00002027 _____ C:\Users\Ivan\.bash_history
2015-12-02 13:18 - 2014-12-06 02:22 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-01 21:02 - 2014-12-07 18:20 - 00000000 ____D C:\Users\Ivan\workspace
2015-11-30 11:55 - 2015-07-10 18:32 - 00000000 ____D C:\Users\Ivan\.config
2015-11-30 10:39 - 2015-10-09 13:18 - 00000000 ____D C:\Users\Ivan\Documents\ai_robot
2015-11-29 15:57 - 2015-11-16 12:56 - 00006254 ____H C:\Users\Ivan\_viminfo
2015-11-29 15:12 - 2015-11-17 12:39 - 00000000 ____D C:\backup tubes_wbd
2015-11-29 01:18 - 2015-05-21 15:28 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Composer
2015-11-27 21:46 - 2015-04-03 12:59 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\uTorrent
2015-11-27 20:03 - 2015-10-07 19:33 - 00000000 ____D C:\Users\Ivan\AppData\LocalLow\uTorrent
2015-11-24 10:44 - 2014-12-04 21:54 - 00000000 ____D C:\xampp
2015-11-24 04:42 - 2014-12-04 21:25 - 00781196 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-24 04:39 - 2009-07-14 14:45 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2015-02-21 12:49 - 2015-08-05 16:17 - 0000600 _____ () C:\Users\Ivan\AppData\Roaming\winscp.rnd
2015-06-14 19:58 - 2015-06-14 20:02 - 0000296 _____ () C:\Users\Ivan\AppData\Local\.meteorsession
2015-03-28 04:55 - 2015-03-28 04:55 - 0000000 _____ () C:\Users\Ivan\AppData\Local\debuggee.mdmp
2014-12-18 15:43 - 2015-08-05 14:43 - 0000600 _____ () C:\Users\Ivan\AppData\Local\PUTTY.RND
2015-11-01 16:25 - 2015-11-04 11:38 - 0000032 ____H () C:\Users\Ivan\AppData\Local\t70rc.dat
2015-11-27 11:02 - 2015-11-27 11:07 - 0000000 _____ () C:\Users\Ivan\AppData\Local\{1656E36C-A101-4651-88E7-FE50ED682F2F}
2015-10-19 08:08 - 2015-10-19 08:08 - 0000000 _____ () C:\Users\Ivan\AppData\Local\{76915626-BB48-43B6-BC40-72F55FBFF767}
2014-12-04 21:21 - 2014-12-04 21:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-02 23:57 - 2015-09-03 00:15 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Ivan\.mongorc.js
C:\Windows\Tasks\{005A07FF-E8FF-415E-B1FD-C31962A8E902}.job


Some files in TEMP:
====================
C:\Users\Ivan\AppData\Local\Temp\7za.exe
C:\Users\Ivan\AppData\Local\Temp\92bd526e-6ac9-4db6-99b8-bbaa600a41f2.exe
C:\Users\Ivan\AppData\Local\Temp\amt_oursurfing.exe
C:\Users\Ivan\AppData\Local\Temp\dateinj01.dll
C:\Users\Ivan\AppData\Local\Temp\DeltaTB.exe
C:\Users\Ivan\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Ivan\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Ivan\AppData\Local\Temp\Execute2App.exe
C:\Users\Ivan\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Ivan\AppData\Local\Temp\msvcp90.dll
C:\Users\Ivan\AppData\Local\Temp\msvcr90.dll
C:\Users\Ivan\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Ivan\AppData\Local\Temp\ose00000.exe
C:\Users\Ivan\AppData\Local\Temp\RVWLevelPack_FTCBlockParty200v2.exe
C:\Users\Ivan\AppData\Local\Temp\RVWLevelPack_FTCCascadeEffect201.exe
C:\Users\Ivan\AppData\Local\Temp\RVWLevelPack_OperationReset_373n.exe
C:\Users\Ivan\AppData\Local\Temp\RVWLevelPack_PalmIslandLuauEdition_271n.exe
C:\Users\Ivan\AppData\Local\Temp\RVWLevelPack_RuinsOfAtlantis271n.exe
C:\Users\Ivan\AppData\Local\Temp\RVWLevelPack_RVWLevelBuilder273.exe
C:\Users\Ivan\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Ivan\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Ivan\AppData\Local\Temp\setup_mbot_id.exe
C:\Users\Ivan\AppData\Local\Temp\Social Club v1.1.5.6 Setup.exe
C:\Users\Ivan\AppData\Local\Temp\sqlite3.dll
C:\Users\Ivan\AppData\Local\Temp\tmp1E2A.exe
C:\Users\Ivan\AppData\Local\Temp\UmmyVideoDownloader.exe
C:\Users\Ivan\AppData\Local\Temp\VideoConverter.exe
C:\Users\Ivan\AppData\Local\Temp\VLX_Player.exe
C:\Users\Ivan\AppData\Local\Temp\wVx4rt.exe
C:\Users\Ivan\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-02 01:02

==================== End of FRST.txt ============================

 

How to generate fixlist.txt and what should I do else?


Edited by ivanchibi, 23 December 2015 - 12:43 PM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 AM

Posted 24 December 2015 - 10:52 AM

Welcome.  Please do this:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

HKU\S-1-5-21-4284830272-390631534-2935517633-1000\...\Run: [AdobeBridge] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM-x32] => hxxp://127.0.0.1:8080/proxy.pac
ProxyServer: [S-1-5-21-4284830272-390631534-2935517633-1000] => cache.itb.ac.id:8080
FF NetworkProxy: "ftp", "cache.itb.ac.id"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "cache.itb.ac.id"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, .arc.itb.ac.id"
FF NetworkProxy: "socks", "cache.itb.ac.id"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "cache.itb.ac.id"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 4
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Ivan\.mongorc.js
C:\Windows\Tasks\{005A07FF-E8FF-415E-B1FD-C31962A8E902}.job
EmptyTemp:

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.


  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Please include the following in your next post:

  • Fixlog.txt report
  • adwCleaner log

 


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 AM

Posted 31 December 2015 - 12:29 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users