Scribd
Upload
109 views17 pages

FRST Indo Disini

The document is a scan result from Farbar Recovery Scan Tool (FRST) that was run on a Windows 7 Professional x64 system. It lists processes, registry items, and internet settings that were found on the system. Over 50 whitelisted processes were detected along with several registry keys under HKLM and HKU runs. Several proxy and internet settings were also listed including the default Internet Explorer start page.

Uploaded by

Dedy Chasan Aflah Mutohar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
109 views17 pages

FRST Indo Disini

The document is a scan result from Farbar Recovery Scan Tool (FRST) that was run on a Windows 7 Professional x64 system. It lists processes, registry items, and internet settings that were found on the system. Over 50 whitelisted processes were detected along with several registry keys under HKLM and HKU runs. Several proxy and internet settings were also listed including the default Internet Explorer start page.

Uploaded by

Dedy Chasan Aflah Mutohar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 17

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017

Ran by TIP-GRESIK (administrator) on L32002 (05-01-2017 13:36:04)


Running from C:\Users\Administrator\Downloads
Loaded Profiles: TIP-GRESIK (Available Profiles: TIP-GRESIK)
Platform: Windows 7 Professional (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335
081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file wi
ll not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Secu
rity 10 for Windows SP1\avpsus.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRu
n\OfficeClickToRun.exe
() C:\Program Files (x86)\filter\2\CppWindowsService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipat
ion\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP
B.EXE
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.1000040\CalendarServ.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe
() C:\Users\Administrator\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
(Microsoft Corporation) C:\Program Files\XBox\XBLive.exe
(hxxp://ytdownloader.biz/) C:\Program Files (x86)\Common Files\YT Updater\ytupda
ter.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Secu
rity 10 for Windows SP1\avp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.1000040\calendar.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATII2E.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMPE.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Hos
t Controller Driver\Application\iusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.
exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Secu
rity 10 for Windows SP1\avp.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EE
ventManager.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHe
lp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.ex
e
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.e
xe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64
.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EX
CEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to d
efault or removed. The file will not be moved.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.ex
e [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe
\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Inc
orporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXt
ensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Int
el Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1
.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acroba
t 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoi
nt Security 10 for Windows SP1\avp.exe [1194320 2015-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event
Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCc
Boot.exe [139264 2013-04-08] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMo
nW.exe [4522496 2013-03-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\Brothe
rHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4138589922-3624382964-1443858226-500\...\Run: [EPLTarget\P000000000
0000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII2E.EXE [283232 2012-0
2-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4138589922-3624382964-1443858226-500\...\Run: [EPLTarget\P000000000
0000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMPE.EXE [298560 2014-0
3-20] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A5
24} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F36062
82} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F
30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA
5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF2
0E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F22
74A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3
606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D
2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA
96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCC
AEF20E} => -> No File
Startup: C:\Users\arief.hidayat\AppData\Roaming\Microsoft\Windows\Start Menu\Pro
grams\Startup\Send to OneNote.lnk [2016-09-01]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\r
oot\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be remo
ved or restored to default.)
ProxyEnable: [S-1-5-21-4138589922-3624382964-1443858226-500] => Proxy is enabled
.
ProxyServer: [S-1-5-21-4138589922-3624382964-1443858226-500] => http=127.0.0.1:8
080;https=127.0.0.1:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1039648D-DE96-440E-B004-1310056E9151}: [DhcpNameServer] 192
.168.184.1
Tcpip\..\Interfaces\{1433D95E-2389-427B-BCA4-5756D464B1A0}: [DhcpNameServer] 192
.168.231.2
Tcpip\..\Interfaces\{58BEFCD9-090F-4939-B17E-2ECAA4487BF3}: [DhcpNameServer] 192
.168.1.1
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://id.hao123.com
/?tn=sdkc_inner_hp_23_hao123_id&guid=92d81e64deb03cbf774db189df8d38e2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://i
d.hao123.com/?tn=sdkc_inner_hp_23_hao123_id&guid=92d81e64deb03cbf774db189df8d38e
2
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program
Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16
\OCHelper.dll [2016-12-04] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -
> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavCli
ent.dll [2013-12-20] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} ->
C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Offic
e\Office16\URLREDIR.DLL [2016-12-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-
ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX6
4\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-04] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE
6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\Acro
IEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Fil
es (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPOR
ATION)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Pro
gram Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-04] (Micro
soft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE16191
0} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavCli
ent.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF}
-> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-12-
04] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A
9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOV
EEX.DLL [2016-12-04] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665
D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\Acro
IEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819
E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\Ac
roIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-
0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\Ac
roIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Pr
ogram Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPS
ON CORPORATION)
Toolbar: HKU\S-1-5-21-4138589922-3624382964-1443858226-500 -> Adobe Acrobat Crea
te PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)
\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2013-12-20] (Ad
obe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\
Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Micro
soft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Cor
poration)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Progra
m Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft C
orporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files
(x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporati
on)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\u
rlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW
64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlm
on.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\
urlmon.dll [2009-07-14] (Microsoft Corporation)
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\
Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acroba
t 11.0\Acrobat\Browser\WCFirefoxExtn [2016-02-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x
86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\
Firefox Add-on [2016-12-20] [not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe
\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Go
ogle Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Micros
oft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinplugino
c.dll [2016-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\
Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x8
6)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x8
6)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acroba
t\Air\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\A
dobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems
)
Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Defaul
t [2017-01-05]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\Us
er Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-05]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\Us
er Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-05]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\Us
er Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-05]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\Us
er Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-05]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Administrator\AppData\Loc
al\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [
2017-01-05]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\Us
er Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-05]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\Us
er Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-05]
CHR Extension: (Planner 5D) - C:\Users\Administrator\AppData\Local\Google\Chrome
\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2017-01-05]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Administrator\AppData\Local\Goo
gle\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2017-0
1-05]
CHR Extension: (Shopping Mall Parking) - C:\Users\Administrator\AppData\Local\Go
ogle\Chrome\User Data\Default\Extensions\mjfoehokglnmbbnncflhhgapdfkhahle [2017-
01-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Loca
l\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2
017-01-05]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\Us
er Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-05]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Goog
le\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01
-05]
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://c
lients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Progr
am Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
[2013-12-21]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. T
he file will not be moved unless listed separately.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for
Windows SP1\avp.exe [1194320 2015-11-11] (Kaspersky Lab ZAO)
R2 avpsus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 f
or Windows SP1\avpsus.exe [2481072 2015-11-11] (Kaspersky Lab ZAO)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Bro
ther Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Offi
ceClickToRun.exe [3698888 2016-12-04] (Microsoft Corporation)
R2 CppWindowsService; C:\Program Files (x86)\filter\2\CppWindowsService.exe [109
056 2016-05-21] () [File not signed]
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResea
rchParticipation\EPCP.exe [677376 2016-08-02] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Eps
on Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EX
E [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [734912 2015-08-16]
(@ByELDI) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6887696
2015-11-30] (TeamViewer GmbH)
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.1000040\Calenda
rServ.exe [154224 2016-09-03] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (
Microsoft Corporation)
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1265664 201
6-10-26] (Microsoft Corporation) [File not signed] <==== ATTENTION
R2 WMPNetworkAcSvc; C:\Users\Administrator\AppData\Roaming\WMPNetworkAcSvc\WMPNe
tworkAcSvc.exe [5091840 2016-11-10] () [File not signed] <==== ATTENTION
R2 XBox; C:\Program Files\XBox\XBLive.exe [6342584 2016-06-13] (Microsoft Corpor
ation) [File not signed]
R2 YT Updater Service; C:\Program Files (x86)\Common Files\YT Updater\ytupdater.
exe [16384 2015-01-26] (hxxp://ytdownloader.biz/) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. T
he file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-28] (Advanc
ed Micro Devices, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Co
rporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-1
1-21] (EZB Systems, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-12] (Kaspersky Lab Z
AO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [111472 2015-10-01] (Kaspersky L
ab ZAO)
R1 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [39096 2015-10-05] (Kasper
sky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [703368 2015-10-01] (Kaspersky Lab
ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [40632 2015-08-06] (AO Kaspersky
Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky La
b ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [188584 2015-09-11] (Kaspersky L
ab ZAO)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [93248 2016-09-30] (VMware, Inc.
)
S1 netfilter2; system32\drivers\netfilter2.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. T
he file will not be moved unless listed separately.)

==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-05 13:36 - 2017-01-05 13:36 - 00021447 _____ C:\Users\Administrator\Down
loads\FRST.txt
2017-01-05 13:35 - 2017-01-05 13:36 - 00000000 ____D C:\FRST
2017-01-05 13:34 - 2017-01-05 13:35 - 02418176 _____ (Farbar) C:\Users\Administr
ator\Downloads\FRST64.exe
2017-01-05 09:49 - 2017-01-05 09:49 - 00002263 _____ C:\ProgramData\Microsoft\Wi
ndows\Start Menu\Programs\Google Chrome.lnk
2017-01-05 09:49 - 2017-01-05 09:49 - 00002251 _____ C:\Users\Public\Desktop\Goo
gle Chrome.lnk
2017-01-05 09:48 - 2017-01-05 09:58 - 00000000 ____D C:\Users\Administrator\AppD
ata\Local\Google
2017-01-05 09:47 - 2017-01-05 09:47 - 00003396 _____ C:\Windows\System32\Tasks\{
E30547F2-6C90-4B16-8DD1-8CA13149503A}
2017-01-04 13:09 - 2017-01-04 13:09 - 02027008 _____ C:\Users\Administrator\Docu
ments\Kinematika-2.ppt
2017-01-03 10:16 - 2017-01-03 10:16 - 00000000 ___RD C:\Users\Administrator\AppD
ata\Roaming\Brother
2017-01-03 10:16 - 2017-01-03 10:16 - 00000000 ____D C:\Users\Administrator\AppD
ata\LocalLow\Brother
2017-01-03 08:51 - 2017-01-03 08:51 - 00045100 _____ C:\Users\Administrator\Docu
ments\Hasil CP Test Desember 27, 2016.xlsx
2016-12-28 21:41 - 2016-12-28 21:42 - 00000000 ____D C:\Users\Administrator\Docu
ments\[www.gigapurbalingga.com]_PESEd13P60UST2016
2016-12-28 21:38 - 2016-12-25 20:23 - 416149755 _____ C:\Users\Administrator\Doc
uments\[www.gigapurbalingga.com]_PESEd13P60UST2016.rar
2016-12-28 21:35 - 2016-12-28 21:35 - 00000000 ____D C:\Users\Administrator\Docu
ments\KONAMI
2016-12-28 21:28 - 2016-12-28 21:28 - 00000000 ____D C:\ProgramData\KONAMI
2016-12-28 21:28 - 2016-12-28 21:28 - 00000000 ____D C:\Program Files (x86)\KONA
MI
2016-12-28 21:14 - 2016-12-28 21:14 - 00001013 _____ C:\Users\Public\Desktop\Ult
raISO.lnk
2016-12-28 21:14 - 2016-12-28 21:14 - 00000000 ____D C:\Users\Administrator\Docu
ments\My ISO Files
2016-12-28 21:14 - 2016-12-28 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Wi
ndows\Start Menu\Programs\UltraISO
2016-12-28 21:14 - 2016-12-28 21:14 - 00000000 ____D C:\Program Files (x86)\Ultr
aISO
2016-12-28 15:47 - 2016-12-28 15:47 - 00000000 ____D C:\Users\Administrator\Docu
ments\Add-in Express
2016-12-27 22:31 - 2016-12-27 22:31 - 00000000 ____D C:\Program Files (x86)\4C4C
4544-1482852708-5110-8044-B8C04F473232
2016-12-27 08:29 - 2017-01-05 10:57 - 00000000 ____D C:\Users\Administrator\AppD
ata\Roaming\CalendarTool
2016-12-27 08:29 - 2017-01-05 09:45 - 00000034 _____ C:\Users\Public\Documents\{
DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-12-27 08:29 - 2016-12-27 08:29 - 00000065 _____ C:\Windows\wininit.ini
2016-12-27 08:29 - 2016-12-27 08:29 - 00000000 ____D C:\Users\Public\Documents\T
ools
2016-12-27 08:29 - 2016-12-27 08:29 - 00000000 ____D C:\Users\Public\Documents\B
aidu
2016-12-27 08:29 - 2016-12-27 08:29 - 00000000 ____D C:\Users\Administrator\AppD
ata\Roaming\WMPNetworkAcSvc
2016-12-27 08:29 - 2016-12-27 08:29 - 00000000 ____D C:\Users\Administrator\AppD
ata\Local\Programs
2016-12-27 08:29 - 2016-12-27 08:29 - 00000000 ____D C:\ProgramData\Windows Secu
rity
2016-12-27 08:29 - 2016-12-27 08:29 - 00000000 ____D C:\Program Files\XBox
2016-12-27 08:29 - 2016-12-27 08:29 - 00000000 ____D C:\Program Files (x86)\Cale
ndarTool
2016-12-27 08:28 - 2016-12-27 08:28 - 00000000 ____D C:\Users\Public\Documents\G
uid
2016-12-27 08:25 - 2016-12-28 15:46 - 00000976 _____ C:\Users\Public\Desktop\Dow
nload _www.gigapurba...lnk
2016-12-27 08:25 - 2016-12-27 08:25 - 04807352 _____ (Soft creation company) C:\
Users\Administrator\Documents\_www.gigapurbalingga.com__PwrISO67R.exe
2016-12-27 08:24 - 2016-12-27 08:25 - 04807352 _____ (Soft creation company) C:\
Users\Administrator\Documents\_www.gigapurbalingga.com__aCPwrISO67R.exe
2016-12-26 22:25 - 2016-12-28 21:19 - 00000000 ____D C:\Users\Administrator\Docu
ments\[www.gigapurbalingga.com]_rldPEvS2013
2016-12-26 22:12 - 2016-12-26 22:12 - 00000735 _____ C:\Users\Administrator\Down
loads\moch.%20izam%20ardianto(16632019).rar
2016-12-26 22:12 - 2016-12-26 22:12 - 00000000 ____D C:\Users\Administrator\Down
loads\moch._20izam%20ardianto(16632019)
2016-12-26 01:55 - 2016-12-26 08:05 - 664171937 _____ C:\Users\Administrator\Doc
uments\[www.gigapurbalingga.com]_rldPEvS2013.rar
2016-12-25 09:42 - 2016-12-25 09:42 - 00707584 _____ C:\Users\Administrator\Docu
ments\WI PCV 201 MSG TIP PJU PJB Up Gresik.doc
2016-12-25 09:42 - 2016-12-25 09:42 - 00577536 _____ C:\Users\Administrator\Docu
ments\WI ESDV 201 MSG TIP PJU PJB UP GRESIK.doc
2016-12-25 09:08 - 2016-12-25 09:08 - 09694901 _____ C:\Users\Administrator\Docu
ments\Flow Measurement with Orifice Meters.pptx
2016-12-25 09:00 - 2016-12-25 09:00 - 01055232 _____ C:\Users\Administrator\Docu
ments\Internal Training-INA-01-1 Sesi-Programmable Logic Controller-OK.ppt
2016-12-25 08:51 - 2016-12-25 08:51 - 00315154 _____ C:\Users\Administrator\Docu
ments\9. Lampiran 2 ISO 15589-1.pdf
2016-12-23 10:28 - 2017-01-05 13:28 - 00000911 _____ C:\Windows\Tasks\EPSON L565
Series Update {99619F14-BA16-4C04-96CA-18AF6D33A2FA}.job
2016-12-23 10:28 - 2016-12-23 10:28 - 00003978 _____ C:\Windows\System32\Tasks\E
PSON L565 Series Update {99619F14-BA16-4C04-96CA-18AF6D33A2FA}
2016-12-22 18:48 - 2016-12-22 18:48 - 00000000 ____D C:\Users\Administrator\AppD
ata\Local\assembly
2016-12-22 18:47 - 2016-12-22 18:47 - 00050849 _____ C:\Users\Administrator\Docu
ments\CPK4 ELEKTRO 2016.docx
2016-12-22 15:59 - 2016-12-28 15:48 - 00000000 ____D C:\ProgramData\WinZip
2016-12-22 15:59 - 2016-12-22 15:59 - 00000000 ____D C:\Users\Administrator\AppD
ata\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
2016-12-22 15:58 - 2016-12-22 15:58 - 00712888 _____ (WinZip Computing, S.L.) C:
\Users\Administrator\Documents\winzip21_downwz.exe
2016-12-22 15:58 - 2016-12-22 15:58 - 00000000 ____D C:\ProgramData\UniqueId
2016-12-20 16:10 - 2016-12-20 16:11 - 00000000 ____D C:\Users\Administrator\AppD
ata\Local\VMware
2016-12-20 16:10 - 2016-12-20 16:10 - 00000000 ____D C:\Users\Administrator\AppD
ata\Roaming\VMware
2016-12-20 14:44 - 2016-12-20 14:44 - 00003204 _____ C:\Windows\System32\Tasks\{
B80070E4-1E25-4612-861F-D42CD66EB3C3}
2016-12-20 14:43 - 1998-05-16 22:29 - 01347344 _____ (Microsoft Corporation) C:\
Windows\SysWOW64\Msvbvm50.dll
2016-12-20 14:43 - 1997-12-17 18:33 - 00304128 _____ (InstallShield Software Cor
poration) C:\Windows\IsUninst.exe
2016-12-20 14:43 - 1996-12-10 13:21 - 00089600 _____ (Microsoft Corporation) C:\
Windows\SysWOW64\Mscal.ocx
2016-12-20 14:43 - 1996-12-05 00:00 - 00077824 _____ (Microsoft Corporation) C:\
Windows\SysWOW64\odbctl32.dll
2016-12-20 11:26 - 2016-12-20 11:26 - 00000000 ___DC C:\Windows\system32\DRVSTOR
E
2016-12-20 11:26 - 2016-11-11 23:22 - 00400968 _____ (VMware, Inc.) C:\Windows\S
ysWOW64\vmnat.exe
2016-12-20 11:26 - 2016-11-11 23:22 - 00366664 _____ (VMware, Inc.) C:\Windows\S
ysWOW64\vmnetdhcp.exe
2016-12-20 11:26 - 2016-11-11 23:21 - 01148488 _____ (VMware, Inc.) C:\Windows\s
ystem32\vnetlib64.dll
2016-12-20 11:26 - 2016-11-11 23:16 - 00088128 _____ (VMware, Inc.) C:\Windows\s
ystem32\Drivers\vmx86.sys
2016-12-20 11:26 - 2016-11-11 23:05 - 00066624 _____ (VMware, Inc.) C:\Windows\s
ystem32\vnetinst.dll
2016-12-20 11:26 - 2016-11-11 23:05 - 00045632 _____ (VMware, Inc.) C:\Windows\s
ystem32\Drivers\vmnet.sys
2016-12-20 11:26 - 2016-11-11 23:05 - 00044096 _____ (VMware, Inc.) C:\Windows\s
ystem32\Drivers\vmnetuserif.sys
2016-12-20 11:26 - 2016-09-30 01:11 - 00093248 _____ (VMware, Inc.) C:\Windows\s
ystem32\Drivers\vsock.sys
2016-12-20 11:26 - 2016-09-30 01:11 - 00069104 _____ (VMware, Inc.) C:\Windows\s
ystem32\vsocklib.dll
2016-12-20 11:26 - 2016-09-30 01:11 - 00065008 _____ (VMware, Inc.) C:\Windows\S
ysWOW64\vsocklib.dll
2016-12-20 11:26 - 2016-09-06 18:48 - 00083008 _____ (VMware, Inc.) C:\Windows\s
ystem32\Drivers\hcmon.sys
2016-12-20 11:25 - 2017-01-05 09:40 - 00000000 ____D C:\ProgramData\VMware
2016-12-20 11:25 - 2016-12-20 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Wi
ndows\Start Menu\Programs\VMware
2016-12-20 11:25 - 2016-12-20 11:25 - 00000000 ____D C:\Program Files\Common Fil
es\VMware
2016-12-20 11:25 - 2016-12-20 11:25 - 00000000 ____D C:\Program Files (x86)\VMwa
re
2016-12-19 08:53 - 2016-12-19 09:02 - 00000000 ____D C:\Users\Administrator\AppD
ata\Local\LINE
2016-12-19 08:53 - 2016-12-19 08:53 - 00001162 _____ C:\Users\Administrator\AppD
ata\Roaming\Microsoft\Windows\Start Menu\LINE.lnk
2016-12-19 08:53 - 2016-12-19 08:53 - 00001160 _____ C:\Users\Administrator\Desk
top\LINE.lnk
2016-12-19 08:53 - 2016-12-19 08:53 - 00000000 ____D C:\Users\Administrator\AppD
ata\Roaming\Microsoft\Windows\Start Menu\Programs\LINE
2016-12-18 12:58 - 2016-12-18 12:58 - 00000000 ____D C:\Users\Administrator\AppD
ata\Roaming\MPC-HC
2016-12-15 08:49 - 2016-12-26 22:14 - 00000209 _____ C:\Windows\BCW5.INI
2016-12-15 08:49 - 2016-12-15 08:49 - 00000874 _____ C:\Windows\WINHELP.INI
2016-12-15 08:49 - 2016-12-15 08:49 - 00000499 _____ C:\Windows\BDE.INI
2016-12-15 08:49 - 2016-12-15 08:49 - 00000085 _____ C:\Windows\TDW.INI
2016-12-15 08:49 - 2016-12-15 08:49 - 00000013 _____ C:\Windows\SysWOW64\CONFIG.
NT
2016-12-15 08:49 - 2016-12-15 08:49 - 00000000 ____D C:\Windows\SYSTEM
2016-12-15 08:49 - 2016-12-15 08:49 - 00000000 ____D C:\Users\Administrator\AppD
ata\Roaming\Microsoft\Windows\Start Menu\Programs\Borland C++ 5.02
2016-12-15 08:49 - 2016-12-15 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Wi
ndows\Start Menu\Programs\Borland C++ 5.02
2016-12-15 08:49 - 2016-12-15 08:49 - 00000000 ____D C:\Program Files\BORLAND
2016-12-15 08:49 - 2016-12-15 08:49 - 00000000 ____D C:\BDE32
2016-12-15 08:49 - 2016-01-02 13:50 - 00000441 _____ C:\Windows\win.old
2016-12-15 08:49 - 1997-05-06 00:28 - 00091136 _____ C:\Windows\BC5RMV.EXE
2016-12-15 08:49 - 1997-03-25 05:02 - 00375296 _____ C:\Windows\SysWOW64\wsihk32
.dll
2016-12-15 08:49 - 1997-03-25 05:02 - 00188448 _____ C:\Windows\SysWOW64\bocof.d
ll
2016-12-15 08:49 - 1997-03-25 05:02 - 00131584 _____ C:\Windows\SysWOW64\wsiwin3
2.dll
2016-12-15 08:49 - 1997-03-25 05:02 - 00001078 _____ C:\Windows\HELP.ICO
2016-12-15 08:49 - 1997-03-25 05:02 - 00000586 _____ C:\Windows\owl.ini
2016-12-15 08:49 - 1997-03-18 11:30 - 00377680 _____ C:\Windows\system\bocole.dl
l
2016-12-15 08:49 - 1997-03-03 05:02 - 00273920 _____ (Borland International) C:\
Windows\system\bdt52ex.dll
2016-12-15 08:49 - 1997-03-03 05:02 - 00254976 _____ (Borland International) C:\
Windows\system\bdt52exf.dll
2016-12-15 08:49 - 1997-03-03 05:02 - 00148992 _____ (Borland International) C:\
Windows\system\bdt52ctl.vbx
2016-12-15 08:49 - 1997-03-03 05:02 - 00107520 _____ (Borland International) C:\
Windows\system\bivbx31.dll
2016-12-15 08:49 - 1997-03-03 05:02 - 00065024 _____ (Borland International) C:\
Windows\system\bivbx31n.exe
2016-12-15 08:49 - 1997-03-03 05:02 - 00058880 _____ (Borland International) C:\
Windows\system\bdt52acc.vbx
2016-12-15 08:49 - 1997-03-03 05:02 - 00049152 _____ (Borland International) C:\
Windows\system\bivbx31.32n
2016-12-15 08:49 - 1997-03-03 05:02 - 00035328 _____ (Borland International) C:\
Windows\system\bivbx31.32c
2016-12-15 08:49 - 1997-03-03 05:02 - 00022016 _____ (Borland International) C:\
Windows\system\bivbx31c.dll
2016-12-15 08:49 - 1995-03-08 01:10 - 00015904 _____ (Borland International) C:\
Windows\system\vtssdbw.dll
2016-12-15 08:49 - 1995-02-28 11:17 - 00159744 _____ C:\Windows\SysWOW64\bw32000
7.dll
2016-12-15 08:49 - 1995-02-28 11:17 - 00159744 _____ (Borland International) C:\
Windows\SysWOW64\bw320009.dll
2016-12-15 08:49 - 1995-02-28 11:17 - 00096912 _____ (Borland International) C:\
Windows\system\bwcc0009.dll
2016-12-15 08:49 - 1995-02-28 11:16 - 00211488 _____ (Borland International) C:\
Windows\SysWOW64\bwcc32.dll
2016-12-15 08:49 - 1995-02-28 11:16 - 00159744 _____ C:\Windows\SysWOW64\bw32000
c.dll
2016-12-15 08:49 - 1995-02-28 11:16 - 00097072 _____ C:\Windows\system\bwcc0007.
dll
2016-12-15 08:49 - 1995-02-28 11:16 - 00096928 _____ C:\Windows\system\bwcc000c.
dll
2016-12-15 08:49 - 1995-02-28 11:14 - 00164928 _____ (Borland International) C:\
Windows\system\bwcc.dll
2016-12-15 08:49 - 1994-08-22 22:36 - 00025808 _____ (Microsoft Corporation) C:\
Windows\system\ctl3dv2.dll
2016-12-15 08:49 - 1994-06-21 15:49 - 00398400 _____ () C:\Windows\system\vtssdl
l.dll
2016-12-15 08:49 - 1994-06-21 15:49 - 00054736 _____ C:\Windows\system\vtssonly.
vbx
2016-12-15 08:49 - 1994-06-21 15:49 - 00000143 _____ C:\Windows\system\vtss.lic
2016-12-15 08:49 - 1993-12-09 14:22 - 00037888 _____ (MicroHelp Inc.) C:\Windows
\system\mhga200.vbx
2016-12-15 08:49 - 1993-09-27 12:41 - 00026400 _____ (MicroHelp Inc.) C:\Windows
\system\mhsn200.vbx
2016-12-15 08:49 - 1993-09-27 12:41 - 00023072 _____ (MicroHelp Inc.) C:\Windows
\system\mhsl200.vbx
2016-12-15 08:49 - 1993-09-27 12:40 - 00025216 _____ (MicroHelp Inc.) C:\Windows
\system\mhdc200.vbx
2016-12-15 08:49 - 1993-09-27 12:40 - 00021728 _____ (MicroHelp Inc.) C:\Windows
\system\mhmq200.vbx
2016-12-15 08:49 - 1993-09-27 12:39 - 00030208 _____ (MicroHelp Inc.) C:\Windows
\system\mhal200.vbx
2016-12-15 08:49 - 1993-09-27 12:39 - 00011264 _____ (MicroHelp Inc.) C:\Windows
\system\mhcd200.vbx
2016-12-15 08:49 - 1993-09-27 12:17 - 00050784 _____ (MicroHelp Inc.) C:\Windows
\system\mhcl200.vbx
2016-12-15 08:49 - 1993-09-27 11:58 - 00000437 _____ C:\Windows\system\vbtbl.lic
2016-12-15 08:49 - 1993-09-21 17:30 - 00058192 _____ (MicroHelp Inc.) C:\Windows
\system\mhrun300.dll
2016-12-15 08:49 - 1991-05-28 17:26 - 00244192 _____ C:\Windows\system\mhcards.d
ll
2016-12-15 08:48 - 2016-12-15 08:49 - 00000000 ____D C:\BC5
2016-12-15 08:13 - 2016-12-15 08:13 - 00385034 _____ C:\Users\Administrator\Docu
ments\gaya gesek.pdf
2016-12-15 08:12 - 2016-12-15 08:13 - 00320494 _____ C:\Users\Administrator\Docu
ments\KINEMATIKA.pdf
2016-12-14 14:16 - 2016-12-14 14:16 - 00000000 ____D C:\Users\Administrator\AppD
ata\LocalLow\Adobe
2016-12-14 14:06 - 2016-12-14 14:06 - 00000000 ____D C:\Users\Administrator\AppD
ata\Roaming\ControlCenter4
2016-12-14 14:06 - 2016-12-14 14:06 - 00000000 _____ C:\Users\Administrator\Sti_
Trace.log
2016-12-14 13:57 - 2016-12-14 13:57 - 00000092 _____ C:\Windows\brpcfx.ini
2016-12-14 13:57 - 2016-12-14 13:57 - 00000024 _____ C:\Windows\Brpfx04a.ini
2016-12-14 13:57 - 2016-12-14 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Wi
ndows\Start Menu\Programs\Brother
2016-12-14 13:56 - 2017-01-03 17:52 - 00013241 _____ C:\Windows\BRRBCOM.INI
2016-12-14 13:56 - 2016-12-14 13:56 - 00013170 _____ C:\Windows\BROMJ3720.INI
2016-12-14 13:55 - 2016-12-14 13:55 - 00000066 _____ C:\Windows\Brfaxrx.ini
2016-12-14 13:55 - 2016-12-14 13:55 - 00000000 ____D C:\Users\Public\Documents\B
rFaxRx
2016-12-14 13:55 - 2016-12-14 13:55 - 00000000 ____D C:\ProgramData\PCFaxTx
2016-12-14 13:55 - 2016-12-14 13:55 - 00000000 ____D C:\ProgramData\ControlCente
r4
2016-12-14 13:55 - 2016-12-14 13:55 - 00000000 ____D C:\Program Files (x86)\Cont
rolCenter4
2016-12-14 13:55 - 2016-12-14 13:55 - 00000000 ____D C:\Program Files (x86)\Brow
ny02
2016-12-14 13:55 - 2016-12-14 13:55 - 00000000 ____D C:\Program Files (x86)\Brot
her
2016-12-14 13:55 - 2016-12-14 13:55 - 00000000 ____D C:\Brother
2016-12-14 13:55 - 2013-04-11 13:55 - 00227328 _____ (Brother Industries, Ltd.)
C:\Windows\system32\BRCOI13Q.DLL
2016-12-14 13:55 - 2013-04-11 13:55 - 00180224 _____ (Brother Industries, Ltd.)
C:\Windows\SysWOW64\BROSNMP.DLL
2016-12-14 13:55 - 2013-04-11 13:55 - 00133744 _____ (Brother Industries Ltd) C:
\Windows\SysWOW64\BRRBI13A.EXE
2016-12-14 13:55 - 2013-04-11 13:55 - 00077824 _____ (Brother Industries, Ltd.)
C:\Windows\SysWOW64\BRLMW03A.DLL
2016-12-14 13:55 - 2013-04-11 13:55 - 00050688 _____ (Brother Industries Ltd.) C
:\Windows\SysWOW64\BRPRTINK.DLL
2016-12-14 13:55 - 2013-04-11 13:55 - 00045056 _____ C:\Windows\SysWOW64\BRTCPCO
N.DLL
2016-12-14 13:55 - 2013-04-11 13:55 - 00025299 _____ (Brother Industries, Ltd) C
:\Windows\SysWOW64\BRLM03A.DLL
2016-12-14 13:55 - 2013-04-11 13:55 - 00000114 _____ C:\Windows\SysWOW64\BRLMW03
A.INI
2016-12-14 13:55 - 2013-02-05 12:41 - 00065024 _____ (Brother Industries,Ltd) C:
\Windows\system32\Brnsplg.dll
2016-12-14 13:55 - 2013-01-10 13:56 - 00253952 ____N (brother) C:\Windows\SysWOW
64\NSSearch.dll
2016-12-14 13:55 - 2013-01-10 11:55 - 00324096 _____ (brother) C:\Windows\system
32\NSSRH64.dll
2016-12-14 13:55 - 2013-01-07 07:57 - 01441792 _____ (Brother Industries, Ltd.)
C:\Windows\system32\BrWi213a.dll
2016-12-14 13:55 - 2013-01-07 07:53 - 00087040 _____ (Brother Industries, Ltd.)
C:\Windows\system32\BrNetSti.dll
2016-12-14 13:55 - 2013-01-07 07:50 - 00059392 _____ (Brother Industries,Ltd.) C
:\Windows\system32\BrWiaNCp.dll
2016-12-14 13:55 - 2012-12-12 11:37 - 00318464 ____N (Brother Industries, Ltd.)
C:\Windows\system32\BrFaxTxAppRun64.dll
2016-12-14 13:55 - 2012-12-03 13:39 - 00002560 ____N (Brother Industries Ltd.) C
:\Windows\SysWOW64\BrDctF2S.dll
2016-12-14 13:55 - 2011-09-08 16:36 - 00279040 _____ (Brother Industries, Ltd.)
C:\Windows\system32\BrJDec.dll
2016-12-14 13:55 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C
:\Windows\SysWOW64\BrDctF2.dll
2016-12-14 13:55 - 2005-04-22 11:36 - 00143360 _____ C:\Windows\system32\BrSNMP6
4.dll
2016-12-14 13:53 - 2016-12-14 13:56 - 00000000 ____D C:\ProgramData\Brother
2016-12-14 13:53 - 2016-12-14 13:53 - 00000000 ____D C:\Users\Administrator\AppD
ata\Roaming\InstallShield
2016-12-13 09:04 - 2016-12-13 09:04 - 00000000 ____D C:\Users\Administrator\Docu
ments\Custom Office Templates
2016-12-13 08:39 - 2011-04-19 03:03 - 00120320 _____ (SEIKO EPSON CORPORATION) C
:\Windows\system32\E_YLMI2E.DLL
2016-12-13 08:39 - 2011-03-14 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C
:\Windows\system32\E_YD4BI2E.DLL
2016-12-13 08:38 - 2016-12-13 08:38 - 25099840 _____ C:\Users\Administrator\Docu
ments\L210_x64_153UsHomeExportAsiaML_MP.exe
2016-12-13 08:37 - 2016-12-13 08:37 - 00000000 ____D C:\Users\Public\Thunder Net
work
2016-12-13 08:37 - 2016-12-13 08:37 - 00000000 ____D C:\ProgramData\Thunder Netw
ork
2016-12-07 14:11 - 2016-12-07 14:11 - 00000000 ____D C:\Windows\SysWOW64\%Report
%
2016-12-07 13:13 - 2016-12-07 13:13 - 09988987 _____ (Al Quran Digital ) C:\User
s\Administrator\Downloads\AlQuranDigital.exe
2016-12-07 13:13 - 2016-12-07 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Wi
ndows\Start Menu\Programs\Al Quran Digital
2016-12-07 13:13 - 2016-12-07 13:13 - 00000000 ____D C:\Program Files (x86)\Al Q
uran Digital
2016-12-07 10:53 - 2016-12-13 08:36 - 00000000 ____D C:\Users\Administrator\AppD
ata\Local\ElevatedDiagnostics
2016-12-07 10:40 - 2016-12-07 10:40 - 00111448 _____ C:\Users\Administrator\AppD
ata\Local\GDIPFONTCACHEV1.DAT
2016-12-07 10:38 - 2016-12-07 10:38 - 00000000 ____D C:\Users\Administrator\Docu
ments\My Games
2016-12-07 10:38 - 2016-12-07 10:38 - 00000000 ____D C:\Users\Administrator\AppD
ata\Roaming\WinRAR
2016-12-07 09:24 - 2016-12-07 09:24 - 00013103 _____ C:\Users\Administrator\Down
loads\32509_logo_0_91740.png
2016-12-07 09:21 - 2017-01-05 09:48 - 00000000 ____D C:\Program Files (x86)\UCBr
owser
2016-12-07 09:20 - 2016-12-07 09:21 - 00000000 ____D C:\Users\Administrator\AppD
ata\Local\UCBrowser
2016-12-07 09:20 - 2016-12-07 09:20 - 01279376 _____ (UCWeb Inc.) C:\Users\Admin
istrator\Downloads\UCBrowser_V5.7.16817.1002_windows_pf101_(Build16111710).exe
2016-12-07 09:20 - 2016-12-07 09:20 - 00000340 _____ C:\Users\Administrator\Down
loads\debug.log
2016-12-06 20:05 - 2016-12-06 20:05 - 00000000 ____D C:\Users\Administrator\AppD
ata\Roaming\Adobe
2016-12-06 19:56 - 2016-12-06 19:57 - 00000000 ____D C:\Users\Administrator\AppD
ata\LocalLow\Microsoft
2016-12-06 09:40 - 2017-01-04 15:46 - 03159447 ____H C:\Users\Administrator\AppD
ata\Local\IconCache.db
2016-12-06 09:37 - 2016-12-06 20:05 - 00000000 ____D C:\Users\Administrator\AppD
ata\Local\Adobe
2016-12-06 09:37 - 2016-12-06 09:37 - 00000000 ____D C:\Users\Administrator\AppD
ata\Roaming\Epson
2016-12-06 09:36 - 2017-01-05 13:37 - 00000000 ____D C:\Users\Administrator\AppD
ata\Local\Temp
2016-12-06 09:36 - 2017-01-05 13:36 - 02097152 ___SH C:\Users\Administrator\NTUS
ER.DAT
2016-12-06 09:36 - 2017-01-05 13:36 - 00262144 ___SH C:\Users\Administrator\ntus
er.dat.LOG1
2016-12-06 09:36 - 2017-01-05 13:36 - 00000000 ___RD C:\Users\Administrator\Down
loads
2016-12-06 09:36 - 2017-01-05 09:48 - 00000000 ____D C:\Users\Administrator\AppD
ata\Local
2016-12-06 09:36 - 2017-01-04 15:46 - 00000000 ___RD C:\Users\Administrator\Docu
ments
2016-12-06 09:36 - 2017-01-03 17:14 - 00000000 ___RD C:\Users\Administrator\Musi
c
2016-12-06 09:36 - 2017-01-03 15:45 - 00000000 ___RD C:\Users\Administrator\Pict
ures
2016-12-06 09:36 - 2017-01-03 14:46 - 00000000 ___SD C:\Users\Administrator\AppD
ata\Roaming\Microsoft
2016-12-06 09:36 - 2017-01-03 10:16 - 00000000 ____D C:\Users\Administrator\AppD
ata\Roaming
2016-12-06 09:36 - 2017-01-03 10:16 - 00000000 ____D C:\Users\Administrator\AppD
ata\LocalLow
2016-12-06 09:36 - 2016-12-28 15:44 - 00000000 ___RD C:\Users\Administrator\Desk
top
2016-12-06 09:36 - 2016-12-22 15:59 - 00000000 ___RD C:\Users\Administrator\AppD
ata\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-06 09:36 - 2016-12-14 14:06 - 00000000 ____D C:\Users\Administrator
2016-12-06 09:36 - 2016-12-13 08:35 - 00000000 ____D C:\Users\Administrator\AppD
ata\Local\Microsoft
2016-12-06 09:36 - 2016-12-06 09:41 - 00524288 ___SH C:\Users\Administrator\NTUS
ER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.reg
trans-ms
2016-12-06 09:36 - 2016-12-06 09:41 - 00524288 ___SH C:\Users\Administrator\NTUS
ER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.reg
trans-ms
2016-12-06 09:36 - 2016-12-06 09:41 - 00065536 ___SH C:\Users\Administrator\NTUS
ER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2016-12-06 09:36 - 2016-12-06 09:36 - 00001449 _____ C:\Users\Administrator\AppD
ata\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-06 09:36 - 2016-12-06 09:36 - 00001415 _____ C:\Users\Administrator\AppD
ata\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-12-06 09:36 - 2016-12-06 09:36 - 00000476 ___SH C:\Users\Administrator\AppD
ata\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-06 09:36 - 2016-12-06 09:36 - 00000402 ___SH C:\Users\Administrator\Docu
ments\desktop.ini
2016-12-06 09:36 - 2016-12-06 09:36 - 00000282 ___SH C:\Users\Administrator\Down
loads\desktop.ini
2016-12-06 09:36 - 2016-12-06 09:36 - 00000282 ___SH C:\Users\Administrator\Desk
top\desktop.ini
2016-12-06 09:36 - 2016-12-06 09:36 - 00000174 ___SH C:\Users\Administrator\AppD
ata\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-06 09:36 - 2016-12-06 09:36 - 00000020 ___SH C:\Users\Administrator\ntus
er.ini
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 _SHDL C:\Users\Administrator\Temp
lates
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 _SHDL C:\Users\Administrator\Star
t Menu
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 _SHDL C:\Users\Administrator\Send
To
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 _SHDL C:\Users\Administrator\Rece
nt
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 _SHDL C:\Users\Administrator\Prin
tHood
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 _SHDL C:\Users\Administrator\NetH
ood
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 _SHDL C:\Users\Administrator\My D
ocuments
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 _SHDL C:\Users\Administrator\Loca
l Settings
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 _SHDL C:\Users\Administrator\Docu
ments\My Videos
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 _SHDL C:\Users\Administrator\Docu
ments\My Pictures
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 _SHDL C:\Users\Administrator\Docu
ments\My Music
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 _SHDL C:\Users\Administrator\Cook
ies
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 _SHDL C:\Users\Administrator\Appl
ication Data
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 _SHDL C:\Users\Administrator\AppD
ata\Local\Temporary Internet Files
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 _SHDL C:\Users\Administrator\AppD
ata\Local\History
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 _SHDL C:\Users\Administrator\AppD
ata\Local\Application Data
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 ___SH C:\Users\Administrator\ntus
er.dat.LOG2
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 ___RD C:\Users\Administrator\Vide
os
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 ___RD C:\Users\Administrator\Sear
ches
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 ___RD C:\Users\Administrator\Save
d Games
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 ___RD C:\Users\Administrator\Link
s
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 ___RD C:\Users\Administrator\Favo
rites
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 ___RD C:\Users\Administrator\Cont
acts
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 ___RD C:\Users\Administrator\AppD
ata\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 ___RD C:\Users\Administrator\AppD
ata\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 ___HD C:\Users\Administrator\AppD
ata
2016-12-06 09:36 - 2016-12-06 09:36 - 00000000 ____D C:\Users\Administrator\AppD
ata\Roaming\Identities
2016-12-06 09:36 - 2015-12-29 15:25 - 00002104 _____ C:\Users\Administrator\AppD
ata\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-12-06 09:36 - 2009-07-14 14:45 - 00000000 ____D C:\Users\Administrator\AppD
ata\Roaming\Media Center Programs
2016-12-06 09:36 - 2009-07-14 11:54 - 00000000 ___RD C:\Users\Administrator\AppD
ata\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-06 09:36 - 2009-07-14 11:49 - 00000000 ___RD C:\Users\Administrator\AppD
ata\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-12-06 09:00 - 2016-12-06 09:00 - 00002150 _____ C:\Users\Public\Desktop\Goo
gle Earth.lnk
2016-12-06 09:00 - 2016-12-06 09:00 - 00000000 ____D C:\ProgramData\Microsoft\Wi
ndows\Start Menu\Programs\Google Earth
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-05 13:26 - 2016-09-22 09:12 - 00000911 _____ C:\Windows\Tasks\EPSON L565
Series Update {78D71FB2-3176-4783-9E2C-AD652358E968}.job
2017-01-05 13:26 - 2009-07-14 12:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-01-05 11:00 - 2009-07-14 12:13 - 00796982 _____ C:\Windows\system32\PerfStr
ingBackup.INI
2017-01-05 11:00 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\inf
2017-01-05 09:55 - 2009-07-14 11:45 - 00025760 ____H C:\Windows\system32\7B296FB
0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-05 09:55 - 2009-07-14 11:45 - 00025760 ____H C:\Windows\system32\7B296FB
0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-05 09:49 - 2015-12-29 20:14 - 00000000 ____D C:\Program Files (x86)\Goog
le
2017-01-05 09:41 - 2016-05-16 15:59 - 00000000 ____D C:\ProgramData\Kaspersky La
b
2017-01-05 09:41 - 2015-12-29 15:43 - 00003758 _____ C:\Windows\System32\Tasks\A
utoKMS
2017-01-05 09:39 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-05 08:19 - 2016-01-13 09:10 - 00000000 ____D C:\Program Files (x86)\Team
Viewer
2017-01-03 08:04 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-28 21:31 - 2015-12-29 15:15 - 00000000 __SHD C:\Windows\Installer
2016-12-28 21:31 - 2009-07-14 12:32 - 00000000 ___RD C:\ProgramData\Microsoft\Wi
ndows\Start Menu\Programs\Games
2016-12-28 21:28 - 2009-07-14 10:20 - 00000000 ___RD C:\Program Files (x86)
2016-12-28 21:28 - 2009-07-14 10:20 - 00000000 ___HD C:\ProgramData
2016-12-28 21:14 - 2009-07-14 10:20 - 00000000 ____D C:\Program Files (x86)\Comm
on Files
2016-12-28 15:48 - 2009-07-14 10:20 - 00000000 ___RD C:\Program Files
2016-12-28 15:47 - 2015-12-29 15:03 - 00000000 __SHD C:\System Volume Informatio
n
2016-12-28 15:47 - 2009-07-14 10:20 - 00000000 ___RD C:\ProgramData\Microsoft\Wi
ndows\Start Menu\Programs\Startup
2016-12-28 15:44 - 2009-07-14 10:18 - 00000000 __SHD C:\$Recycle.Bin
2016-12-28 09:07 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\drivers
2016-12-28 09:07 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\catroot
2016-12-27 08:29 - 2009-07-14 10:20 - 00000000 ___SD C:\ProgramData\Microsoft
2016-12-27 08:29 - 2009-07-14 10:20 - 00000000 ___RD C:\Users\Public\Documents
2016-12-27 07:14 - 2015-12-29 15:03 - 00000000 ____D C:\Windows\Prefetch
2016-12-23 14:02 - 2016-09-22 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Wi
ndows\Start Menu\Programs\EPSON Software
2016-12-20 16:26 - 2016-09-22 22:16 - 00000000 ____D C:\Program Files (x86)\EPSO
N Software
2016-12-20 16:25 - 2016-09-22 22:19 - 00000936 _____ C:\Users\Public\Desktop\EPS
ON Scan.lnk
2016-12-20 16:25 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\DriverS
tore
2016-12-20 16:10 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\SysWOW64
2016-12-20 11:25 - 2015-12-29 15:29 - 00801684 _____ C:\Windows\SysWOW64\PerfStr
ingBackup.INI
2016-12-20 11:25 - 2009-07-14 10:20 - 00000000 ____D C:\Program Files\Common Fil
es
2016-12-20 11:21 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\winsxs
2016-12-18 13:53 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-18 12:51 - 2015-12-29 15:31 - 00122042 _____ C:\Windows\PFRO.log
2016-12-18 12:51 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\catroot
2
2016-12-18 10:01 - 2015-12-29 20:14 - 00003444 _____ C:\Windows\System32\Tasks\G
oogleUpdateTaskMachineUA
2016-12-18 10:01 - 2015-12-29 20:14 - 00003316 _____ C:\Windows\System32\Tasks\G
oogleUpdateTaskMachineCore
2016-12-18 09:54 - 2016-05-16 15:06 - 00000000 ____D C:\ProgramData\regid.1991-0
6.com.microsoft
2016-12-18 09:53 - 2015-12-29 15:16 - 00002385 _____ C:\ProgramData\Microsoft\Wi
ndows\Start Menu\Programs\Access 2016.lnk
2016-12-18 09:53 - 2009-07-14 10:20 - 00000000 __RSD C:\Windows\assembly
2016-12-18 09:52 - 2015-12-29 15:13 - 00000000 ____D C:\Program Files (x86)\Micr
osoft Office
2016-12-15 08:49 - 2009-07-14 09:34 - 00000250 _____ C:\Windows\SYSTEM.INI
2016-12-14 13:56 - 2009-07-14 12:32 - 00000000 ____D C:\Windows\twain_32
2016-12-14 13:54 - 2016-01-02 13:48 - 00000000 ___HD C:\Program Files (x86)\Inst
allShield Installation Information
2016-12-13 09:07 - 2016-09-22 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Wi
ndows\Start Menu\Programs\EPSON
2016-12-13 09:07 - 2016-09-22 09:11 - 00000000 ____D C:\ProgramData\EPSON
2016-12-13 08:37 - 2009-07-14 10:20 - 00000000 ___RD C:\Users\Public
2016-12-06 09:41 - 2016-05-16 14:46 - 02428890 ____H C:\Users\arief.hidayat\AppD
ata\Local\IconCache.db
2016-12-06 09:36 - 2009-07-14 11:57 - 00001547 _____ C:\ProgramData\Microsoft\Wi
ndows\Start Menu\Programs\Windows Media Player.lnk
2016-12-06 09:36 - 2009-07-14 11:54 - 00001278 ___SH C:\ProgramData\Microsoft\Wi
ndows\Start Menu\Programs\desktop.ini
2016-12-06 09:36 - 2009-07-14 10:20 - 00000000 ___RD C:\Users
2016-12-06 09:24 - 2016-05-16 14:42 - 00000000 ____D C:\Users\arief.hidayat\AppD
ata\Local\Temp
==================== Files in the root of some directories =======
2015-12-29 16:18 - 2015-12-29 16:18 - 0000000 ____H () C:\ProgramData\DP45977C.l
fl
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\drm_dialogs.dll
C:\Users\user\AppData\Local\Temp\AVG.exe
C:\Users\user\AppData\Local\Temp\bassmod.dll
C:\Users\user\AppData\Local\Temp\DPInst.exe
C:\Users\user\AppData\Local\Temp\dpinst64.exe
C:\Users\user\AppData\Local\Temp\regini.exe

==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-12 10:45
==================== End of FRST.txt ============================

You might also like