Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Remnants from Trojan Infection


  • This topic is locked This topic is locked
10 replies to this topic

#1 EnigmaBetula

EnigmaBetula

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 18 February 2014 - 10:29 AM

Hi guys,

 

Recently, I rather foolishly got myself infected with the Conduit browser-hijacking virus. Following on from my routine scans while dealing with the problem, I found a Trojan had gotten in as well (can't remember the precise name unfortunately). I think I've managed to root out the last remnants of the infection, but I thought I'd ask the pros for a second eye (I hope that's okay!).

 

Many thanks!

 

 

Here's the text from the DDS file:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Yan at 19:21:53 on 2014-02-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8140.4504 [GMT 0:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files\1UPIndustries\Bins\v1.1.0.250\Bins.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files (x86)\Wunderlist2\Wunderlist.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\MiniBin\MiniBin.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
C:\Program Files\1UPIndustries\Bins\v1.1.0.250\Bins32on64.exe
C:\Program Files\1UPIndustries\Bins\v1.1.0.250\Bins.exe
C:\Program Files\1UPIndustries\Bins\v1.1.0.250\Bins32on64.exe
C:\Users\Yan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.3.0\ScriptHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\LastPass\nplastpass.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [Wunderlist] "C:\Program Files (x86)\Wunderlist2\Wunderlist.exe" /silent
uRun: [Amazon Cloud Player] "C:\Users\Yan\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [MiniBin] C:\Program Files (x86)\MiniBin\MiniBin.exe
StartupFolder: C:\Users\Yan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Bins.lnk - C:\Program Files\1UPIndustries\Bins\BinsLauncher.exe
StartupFolder: C:\Users\Yan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Yan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 129.234.4.13 129.234.4.9
TCP: Interfaces\{624EDC9D-041C-41AF-8338-CFD8813ECAAC} : DHCPNameServer = 129.234.4.13 129.234.4.9
TCP: Interfaces\{624EDC9D-041C-41AF-8338-CFD8813ECAAC}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{624EDC9D-041C-41AF-8338-CFD8813ECAAC}\244584572633D275453405 : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{624EDC9D-041C-41AF-8338-CFD8813ECAAC}\4457278616D602755626021457478656E6479636164796F6E6 : DHCPNameServer = 129.234.4.13 129.234.4.9
TCP: Interfaces\{624EDC9D-041C-41AF-8338-CFD8813ECAAC}\F42377962756C6563737432434140353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{624EDC9D-041C-41AF-8338-CFD8813ECAAC}\F42377962756C6563737645363133493 : DHCPNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [Bins] "C:\Program Files\1UPIndustries\Bins\BinsLauncher.exe" /startup
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: WB - C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: TaskbarDockShlExt Class - {1984DD45-52CF-49cd-AB77-28F378FEA264} - C:\Program Files\1UPIndustries\Bins\v1.1.0.250\TaskbarDockLoader64.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-10-23 45880]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-1-30 46368]
R1 RapportCerberus_59849;RapportCerberus_59849;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [2013-10-30 606672]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-1-22 282712]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-31 146592]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-31 75936]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-10-23 1432080]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 23552]
R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2014-1-28 1375600]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-30 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-9-23 2429544]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-3-31 80896]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-1-22 1444120]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-8-6 156672]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-5-30 105024]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-30 2656280]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2013-9-23 948312]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-8 1771544]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2011-5-30 19968]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-31 29344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-30 317440]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-9-23 340072]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-29 425064]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-2 12032]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-10-12 54760]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2013-1-11 1368624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-31 36000]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-31 51872]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-31 259232]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-3-31 109216]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-31 166048]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-31 59040]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-31 283296]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-31 287392]
S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2013-9-23 111776]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-10-5 37344]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2010-3-8 121800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-9-13 316312]
S3 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-1-22 397848]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-15 19456]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-15 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-31 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-02-14 10:19:46 596256 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpcpp155.dll
2014-02-14 10:17:21 -------- d-----w- C:\HP Universal Print Driver
2014-02-14 09:50:53 -------- d-----w- C:\Users\Yan\AppData\Local\Apps
2014-02-14 09:50:52 -------- d-----w- C:\Users\Yan\AppData\Local\Deployment
2014-02-14 09:15:16 6573056 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-14 09:15:16 5693440 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-13 23:13:43 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-02-13 23:13:43 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-02-13 21:33:06 -------- d-----w- C:\AdwCleaner
2014-02-13 20:29:08 -------- d-sh--w- C:\$RECYCLE.BIN
2014-02-13 10:53:22 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-13 10:53:21 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-12 16:50:58 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
2014-02-12 13:47:46 -------- d-----w- C:\Users\Yan\AppData\Roaming\OfficeTab
2014-02-12 13:19:52 -------- d-----w- C:\Users\Yan\AppData\Local\MediaMonkey
2014-02-12 13:19:43 -------- d-----w- C:\Users\Yan\AppData\Roaming\MediaMonkey
2014-02-12 13:19:38 -------- d-----w- C:\ProgramData\MediaMonkey
2014-02-12 13:19:36 -------- d-----w- C:\Program Files (x86)\MediaMonkey
2014-02-12 13:18:53 -------- d-----w- C:\ProgramData\Licenses
2014-02-12 13:09:44 -------- d-----w- C:\Users\Yan\AppData\Local\emaze
2014-02-11 15:56:33 -------- d-----w- C:\Program Files (x86)\MiniBin
2014-02-07 15:27:47 -------- d-----w- C:\Users\Yan\VirtualBox VMs
2014-02-07 15:27:20 -------- d-----w- C:\Users\Yan\.VirtualBox
2014-02-05 16:50:39 -------- d-----w- C:\Users\Yan\AppData\Local\Amazon Cloud Player
2014-02-05 14:22:10 -------- d-----w- C:\Users\Yan\AppData\Local\Thunderbird
2014-02-05 14:22:00 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 11:29:06 3544968 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-02-04 18:39:44 252688 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2014-02-04 18:39:31 126736 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2014-02-04 18:39:24 -------- d-----w- C:\Program Files\Oracle
2014-02-03 09:40:27 181440 ----a-w- C:\Windows\System32\wbload.dll
2014-02-03 09:40:26 -------- d-----w- C:\ProgramData\Stardock
2014-01-28 20:38:36 -------- d-----w- C:\Users\Yan\AppData\Local\6Wunderkinder
2014-01-28 20:36:00 -------- d-----w- C:\Users\Yan\AppData\Local\6_Wunderkinder_GmbH
2014-01-28 20:35:58 -------- d-----w- C:\Users\Yan\AppData\Roaming\6Wunderkinder
2014-01-28 20:35:04 -------- d-----w- C:\Program Files (x86)\Wunderlist2
2014-01-28 20:34:52 -------- d-----w- C:\ProgramData\Package Cache
2014-01-28 10:23:01 -------- d-----w- C:\Users\Yan\AppData\Roaming\DisplayFusion
2014-01-28 10:22:54 -------- d-----w- C:\ProgramData\Binary Fortress Software
2014-01-28 10:22:42 -------- d-----w- C:\Program Files (x86)\DisplayFusion
2014-01-27 11:27:18 -------- d-----w- C:\Program Files (x86)\Spirent Communications
2014-01-27 11:27:02 -------- d-----w- C:\Program Files (x86)\HTC
2014-01-27 11:02:33 -------- d-----w- C:\ProgramData\HTC
2014-01-27 10:59:14 -------- d-----w- C:\Users\Yan\.android
2014-01-27 10:54:13 -------- d-----w- C:\Program Files (x86)\ClockworkMod
2014-01-25 14:13:34 -------- d-----w- C:\Users\Yan\AppData\Roaming\RStudio
2014-01-25 14:13:07 -------- d-----w- C:\Users\Yan\AppData\Local\RStudio-Desktop
2014-01-25 14:10:58 -------- d-----w- C:\Program Files\RStudio
2014-01-25 13:59:30 -------- d-----w- C:\ProgramData\1UPIndustries
2014-01-25 13:59:18 102400 ----a-w- C:\Windows\SysWow64\tsccvid.dll
2014-01-25 13:58:59 -------- d-----w- C:\Program Files\1UPIndustries
2014-01-25 13:58:54 -------- d-----w- C:\Users\Yan\AppData\Roaming\1UPIndustries
2014-01-22 12:37:51 -------- d-----w- C:\Program Files (x86)\Runtime Software
2014-01-22 08:06:47 -------- d-----w- C:\Program Files (x86)\HD Tune
2014-01-21 19:26:09 -------- d-----w- C:\Users\Yan\AppData\Roaming\Memeo
.
==================== Find3M  ====================
.
2014-02-17 19:10:58 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 11:29:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 11:29:08 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-22 20:37:26 316312 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2014-01-16 22:04:24 13024768 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-18 21:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 17:16:44 154896 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2013-12-18 17:16:44 140560 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-12-18 17:13:30 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-11-25 01:48:36 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll
.
============= FINISH: 19:22:40.60 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 21 February 2014 - 05:15 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 EnigmaBetula

EnigmaBetula
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 21 February 2014 - 06:35 AM

Hi,

 

I have done as you've asked. Please find the FRST log followed by the Addition log below:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-02-2014
Ran by Yan (administrator) on YAN-VAIO on 21-02-2014 11:25:43
Running from C:\Users\Yan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(6 Wunderkinder GmbH) C:\Program Files (x86)\Wunderlist2\Wunderlist.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
() C:\Users\Yan\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Mike Edward Moras (e-sushi™) — www.e-sushi.net) C:\Program Files (x86)\MiniBin\MiniBin.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Dropbox, Inc.) C:\Users\Yan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.3.0\ScriptHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
() C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(1UP Industries LLC) C:\Program Files\1UPIndustries\Bins\v1.1.0.250\Bins.exe
() C:\Program Files\1UPIndustries\Bins\v1.1.0.250\Bins32on64.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790176 2011-03-31] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657056 2011-03-31] (Atheros Commnucations)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-02-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-08-08] (Conexant Systems, Inc.)
HKLM\...\Run: [Bins] - C:\Program Files\1UPIndustries\Bins\BinsLauncher.exe [1141296 2013-10-22] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2552856 2014-02-04] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [MiniBin] - C:\Program Files (x86)\MiniBin\MiniBin.exe [69632 2013-02-13] (Mike Edward Moras (e-sushi™) — www.e-sushi.net)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X]
HKU\S-1-5-21-1092050668-1165850808-2080160766-1001\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7952224 2013-11-27] (Binary Fortress Software)
HKU\S-1-5-21-1092050668-1165850808-2080160766-1001\...\Run: [Wunderlist] - C:\Program Files (x86)\Wunderlist2\Wunderlist.exe [13021792 2013-12-02] (6 Wunderkinder GmbH)
HKU\S-1-5-21-1092050668-1165850808-2080160766-1001\...\Run: [Amazon Cloud Player] - C:\Users\Yan\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-1092050668-1165850808-2080160766-1001\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-1092050668-1165850808-2080160766-1001\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1092050668-1165850808-2080160766-1001\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-1092050668-1165850808-2080160766-1001\...\MountPoints2: {e344e28a-847c-11e3-9cdd-78843ce09adb} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1092050668-1165850808-2080160766-1001\...\MountPoints2: {f0a04d65-f90b-11e0-9bda-90004ecd9dfc} - G:\LaunchU3.exe -a
Startup: C:\Users\Yan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bins.lnk
ShortcutTarget: Bins.lnk -> C:\Program Files\1UPIndustries\Bins\BinsLauncher.exe ()
Startup: C:\Users\Yan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Yan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Yan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 129.234.4.13 129.234.4.9
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Chrome Extension Downloader (official)) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\adajmnagfnjmjkljpmiglngkbgoaehgi [2014-02-18]
CHR Extension: (Google Docs) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-14]
CHR Extension: (Google Drive) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-14]
CHR Extension: (WOT) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-02-14]
CHR Extension: (YouTube) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-14]
CHR Extension: (Honey) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-02-14]
CHR Extension: (Adblock Plus) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-14]
CHR Extension: (Google Search) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-14]
CHR Extension: (Chrome Connectivity Diagnostics) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemlkeanncmjljgehlbplemhmdmalhdc [2014-02-14]
CHR Extension: (Save to Google Drive) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-02-14]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-02-14]
CHR Extension: (Dropbox) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-02-14]
CHR Extension: (Disconnect) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-02-14]
CHR Extension: (Black Wood) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfigpljkonjldfhkfgbbmibfbcggnhj [2014-02-14]
CHR Extension: (The Great Suspender) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2014-02-14]
CHR Extension: (Blogger) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2014-02-14]
CHR Extension: (Extension Defender) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkakdehcmmnojcdalpkfgmhphnicaonm [2014-02-14]
CHR Extension: (JustBeamIt) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmikgkdknaammcapbklcdaakpphfilgg [2014-02-14]
CHR Extension: (Blogger Dynamic Views (by Google)) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmoheajlpfaigefceljflpohdehkjbli [2014-02-14]
CHR Extension: (AVG Security Toolbar) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-02-14]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-02-14]
CHR Extension: (Google Wallet) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-14]
CHR Extension: (Currently) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh [2014-02-14]
CHR Extension: (Readability) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2014-02-14]
CHR Extension: (Evernote Web Clipper) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-02-20]
CHR Extension: (Gmail) - C:\Users\Yan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-14]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-01-08]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-11-01] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-03-31] (Atheros)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2014-01-25] (Fork Ltd.)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [111776 2011-08-25] (Atheros Communication Inc.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1375600 2013-11-27] (Binary Fortress Software)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-01-22] (Trusteer Ltd.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-08] (AVG Secure Search)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1368624 2013-08-01] (Sony Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-30] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282712 2014-01-22] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-01-22] (Trusteer Ltd.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-01-22] (Trusteer Ltd.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-21 11:25 - 2014-02-21 11:26 - 00024150 _____ () C:\Users\Yan\Desktop\FRST.txt
2014-02-21 11:25 - 2014-02-21 11:25 - 00000000 ____D () C:\FRST
2014-02-21 11:21 - 2014-02-21 11:22 - 02153984 _____ (Farbar) C:\Users\Yan\Desktop\FRST64.exe
2014-02-19 18:05 - 2014-02-19 18:05 - 00000000 ____H () C:\Users\Yan\Documents\Default.rdp
2014-02-18 19:43 - 2014-02-18 19:43 - 00000000 ____D () C:\Users\Yan\AppData\Local\Evernote
2014-02-18 19:43 - 2014-02-18 19:43 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-02-18 18:55 - 2014-02-18 18:56 - 59310944 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Yan\Downloads\Evernote_5.1.2.2387.exe
2014-02-18 17:30 - 2014-02-18 17:50 - 119076610 _____ () C:\Users\Yan\Downloads\backup_Sophie_Final.zip
2014-02-18 17:21 - 2014-02-18 17:21 - 00000000 _____ () C:\Users\Yan\Downloads\backup (1).zip
2014-02-18 17:20 - 2014-02-18 17:20 - 00000000 _____ () C:\Users\Yan\Downloads\backup.zip
2014-02-18 17:01 - 2014-02-18 17:11 - 49664782 _____ () C:\Users\Yan\Downloads\backup_Sophie_ver1.zip
2014-02-18 16:58 - 2014-02-18 16:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-02-18 16:43 - 2014-02-18 16:43 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-18 15:02 - 2014-01-23 18:31 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2014-02-18 14:58 - 2014-02-18 14:58 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\Yan\Downloads\KiesSetup.exe
2014-02-17 17:10 - 2014-02-17 17:15 - 535770427 _____ () C:\Users\Yan\Downloads\Remixes-Rarities-Instrumentals.zip
2014-02-17 17:06 - 2014-02-17 17:09 - 116133357 _____ () C:\Users\Yan\Downloads\AOI-Bionix.zip
2014-02-17 17:03 - 2014-02-17 17:04 - 150994206 _____ () C:\Users\Yan\Downloads\Art-Official-Intelligence.zip
2014-02-17 17:01 - 2014-02-17 17:03 - 160849169 _____ () C:\Users\Yan\Downloads\Stakes-Is-High.zip
2014-02-17 17:00 - 2014-02-17 17:01 - 114367391 _____ () C:\Users\Yan\Downloads\Buhloone-Mindstate.zip
2014-02-17 16:59 - 2014-02-17 17:00 - 168036333 _____ () C:\Users\Yan\Downloads\De-La-Soul-Is-Dead.zip
2014-02-17 16:57 - 2014-02-17 16:58 - 159346091 _____ () C:\Users\Yan\Downloads\3-Feet-High.zip
2014-02-14 12:47 - 2014-02-14 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-14 12:40 - 2014-02-14 12:40 - 21970096 _____ (Mozilla) C:\Users\Yan\Downloads\Thunderbird Setup 24.3.0.exe
2014-02-14 10:21 - 2014-02-14 10:21 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-02-14 10:20 - 2014-02-14 10:20 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-02-14 10:19 - 2014-02-14 10:19 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-02-14 10:18 - 2013-08-02 09:28 - 00593184 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.dll
2014-02-14 10:18 - 2013-08-02 09:28 - 00237344 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll
2014-02-14 10:18 - 2013-08-02 09:27 - 00217376 _____ (Hewlett-Packard) C:\Windows\system32\hpmml155.dll
2014-02-14 10:18 - 2013-08-02 09:27 - 00199968 _____ (Hewlett-Packard) C:\Windows\system32\hpmja155.dll
2014-02-14 10:18 - 2013-08-02 09:27 - 00190240 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll
2014-02-14 10:18 - 2013-08-02 09:27 - 00162080 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp155.dll
2014-02-14 10:18 - 2013-08-02 09:27 - 00074016 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll
2014-02-14 10:18 - 2013-08-02 09:25 - 00442656 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn155.dll
2014-02-14 10:18 - 2013-08-02 09:25 - 00140064 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll
2014-02-14 10:18 - 2013-08-02 09:21 - 00441632 _____ (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3155.dll
2014-02-14 10:18 - 2011-02-11 15:23 - 00193592 _____ (Hewlett-Packard) C:\Windows\system32\hppdcompio.dll
2014-02-14 10:18 - 2011-02-11 15:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll
2014-02-14 10:18 - 2009-02-25 17:32 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\FxCompChannel_x64.dll
2014-02-14 10:17 - 2014-02-14 10:17 - 00000000 ____D () C:\HP Universal Print Driver
2014-02-14 09:57 - 2014-02-14 09:57 - 13024768 _____ (LastPass) C:\Users\Yan\Downloads\lastpass_x64.exe
2014-02-14 09:51 - 2014-02-21 11:20 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-14 09:51 - 2014-02-21 11:18 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-14 09:51 - 2014-02-14 09:51 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 09:51 - 2014-02-14 09:51 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-14 09:50 - 2014-02-14 09:51 - 00000000 ____D () C:\Users\Yan\AppData\Local\Deployment
2014-02-14 09:50 - 2014-02-14 09:50 - 00000000 ____D () C:\Users\Yan\AppData\Local\Apps\2.0
2014-02-14 09:26 - 2014-02-14 09:26 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-02-14 09:15 - 2013-11-26 23:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-14 09:15 - 2013-11-26 22:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-13 23:14 - 2013-10-02 02:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-13 23:14 - 2013-10-02 02:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-13 23:14 - 2013-10-02 02:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-13 23:14 - 2013-10-02 01:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-13 23:14 - 2013-10-02 01:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-13 23:14 - 2013-10-02 01:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-13 23:14 - 2013-10-02 01:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-13 23:14 - 2013-10-02 00:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-13 23:14 - 2013-10-02 00:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-13 23:14 - 2013-10-02 00:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-13 23:14 - 2013-10-02 00:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-13 23:14 - 2013-10-02 00:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-13 23:14 - 2013-10-01 23:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-13 23:14 - 2013-10-01 23:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-13 23:14 - 2013-10-01 23:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-13 23:14 - 2013-10-01 22:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-13 23:13 - 2013-09-25 02:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-13 23:13 - 2013-09-25 01:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-13 21:33 - 2014-02-13 22:09 - 00000000 ____D () C:\AdwCleaner
2014-02-13 20:06 - 2014-02-13 20:08 - 00000000 ___SD () C:\32788R22FWJFW
2014-02-13 20:06 - 2014-02-13 20:06 - 00000000 ____D () C:\Windows\erdnt
2014-02-13 10:53 - 2013-12-21 09:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 10:53 - 2013-12-21 08:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 10:51 - 2014-02-06 12:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 10:51 - 2014-02-06 11:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 10:51 - 2014-02-06 11:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 10:51 - 2014-02-06 11:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 10:51 - 2014-02-06 11:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 10:51 - 2014-02-06 11:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 10:51 - 2014-02-06 10:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 10:51 - 2014-02-06 10:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 10:51 - 2014-02-06 10:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 10:51 - 2014-02-06 10:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 10:51 - 2014-02-06 10:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 10:51 - 2014-02-06 10:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 10:51 - 2014-02-06 10:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 10:51 - 2014-02-06 10:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 10:51 - 2014-02-06 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 10:51 - 2014-02-06 10:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 10:51 - 2014-02-06 10:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 10:51 - 2014-02-06 10:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 10:51 - 2014-02-06 10:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 10:51 - 2014-02-06 09:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 10:51 - 2014-02-06 09:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 10:51 - 2014-02-06 09:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 10:51 - 2014-02-06 09:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 10:51 - 2014-02-06 09:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 10:51 - 2014-02-06 09:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 10:51 - 2014-02-06 09:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 10:51 - 2014-02-06 09:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 10:51 - 2014-02-06 09:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 10:51 - 2014-02-06 09:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 10:51 - 2014-02-06 09:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 10:51 - 2014-02-06 09:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 10:51 - 2014-02-06 09:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 10:51 - 2014-02-06 09:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 10:51 - 2014-02-06 09:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 10:51 - 2014-02-06 08:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 10:51 - 2014-02-06 08:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 10:51 - 2014-02-06 08:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 10:51 - 2014-02-06 08:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 10:51 - 2014-02-06 08:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 16:50 - 2014-02-12 16:50 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dll
2014-02-12 14:33 - 2014-02-18 17:26 - 00004640 _____ () C:\Windows\setupact.log
2014-02-12 14:33 - 2014-02-12 14:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-12 14:21 - 2014-02-13 21:28 - 00219364 _____ () C:\Windows\PFRO.log
2014-02-12 13:47 - 2014-02-12 13:47 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\OfficeTab
2014-02-12 13:42 - 2014-02-12 13:42 - 00451205 _____ () C:\Users\Yan\Downloads\Last.fm_Scrobbler_1.0.2.29.mmip
2014-02-12 13:34 - 2014-02-12 13:34 - 00411389 _____ () C:\Users\Yan\Downloads\g-monkeyps.mmip
2014-02-12 13:19 - 2014-02-12 13:43 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\MediaMonkey
2014-02-12 13:19 - 2014-02-12 13:19 - 00000000 ____D () C:\Users\Yan\AppData\Local\MediaMonkey
2014-02-12 13:19 - 2014-02-12 13:19 - 00000000 ____D () C:\ProgramData\MediaMonkey
2014-02-12 13:19 - 2014-02-12 13:19 - 00000000 ____D () C:\Program Files (x86)\MediaMonkey
2014-02-12 13:18 - 2014-02-12 13:18 - 00000000 ____D () C:\ProgramData\Licenses
2014-02-12 13:09 - 2014-02-12 13:09 - 00000000 ____D () C:\Users\Yan\AppData\Local\emaze
2014-02-12 11:15 - 2013-12-31 23:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 11:15 - 2013-12-31 23:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 11:15 - 2013-12-24 23:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 11:15 - 2013-12-24 22:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 11:15 - 2013-12-06 02:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 11:15 - 2013-12-06 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 11:15 - 2013-12-06 02:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 11:15 - 2013-12-06 02:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 11:15 - 2013-12-04 02:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 11:15 - 2013-12-04 02:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 11:15 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 11:15 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 11:15 - 2013-12-04 02:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 11:15 - 2013-12-04 02:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 11:15 - 2013-12-04 02:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 11:15 - 2013-12-04 02:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 11:15 - 2013-12-04 02:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 11:15 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 11:15 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 11:15 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 11:15 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 11:15 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 11:15 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 11:15 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 11:15 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 11:15 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 11:15 - 2013-11-26 08:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 11:15 - 2013-11-22 22:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 11:05 - 2014-02-12 11:05 - 00028798 _____ () C:\Users\Yan\Documents\cc_20140212_110530.reg
2014-02-11 15:56 - 2014-02-11 15:56 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiniBin
2014-02-11 15:56 - 2014-02-11 15:56 - 00000000 ____D () C:\Program Files (x86)\MiniBin
2014-02-11 10:00 - 2014-02-11 10:00 - 00378479 _____ () C:\Users\Yan\Downloads\PG conference 2013.pptx
2014-02-10 11:57 - 2014-02-10 11:57 - 01733120 _____ () C:\Users\Yan\Downloads\Methods Lecture 2 - 2014.ppt
2014-02-10 11:56 - 2014-02-10 11:56 - 01734656 _____ () C:\Users\Yan\Downloads\Methods Lecture 2(1) (1).ppt
2014-02-10 11:33 - 2014-02-10 11:33 - 01890816 _____ () C:\Users\Yan\Downloads\Methods Lecture L14_07Feb2012(1) (1).ppt
2014-02-10 11:21 - 2014-02-10 11:22 - 19946993 _____ () C:\Users\Yan\Downloads\Structured Observation.wmv
2014-02-10 11:20 - 2014-02-10 11:20 - 00509587 _____ () C:\Users\Yan\Downloads\Male point-light-walker.wmv
2014-02-10 11:13 - 2014-02-10 11:14 - 31211359 _____ () C:\Users\Yan\Downloads\Still Face Experiment  Dr. Edward Tronick.wmv
2014-02-09 20:41 - 2014-02-09 20:41 - 01734656 _____ () C:\Users\Yan\Downloads\Methods Lecture 2(1).ppt
2014-02-09 20:40 - 2014-02-09 20:40 - 01890816 _____ () C:\Users\Yan\Downloads\Methods Lecture L14_07Feb2012.ppt
2014-02-09 20:40 - 2014-02-09 20:40 - 00671232 _____ () C:\Users\Yan\Downloads\L14 Methods II -Non-experimental research design DUO 1011.ppt
2014-02-09 20:38 - 2014-02-09 20:38 - 01890816 _____ () C:\Users\Yan\Downloads\Methods Lecture L14_07Feb2012(1).ppt
2014-02-09 20:35 - 2014-02-09 20:35 - 00817664 _____ () C:\Users\Yan\Downloads\methods_L2 (upd) 0809.ppt
2014-02-07 15:27 - 2014-02-14 09:43 - 00000000 ____D () C:\Users\Yan\.VirtualBox
2014-02-07 15:27 - 2014-02-08 12:23 - 00000000 ____D () C:\Users\Yan\VirtualBox VMs
2014-02-07 13:51 - 2014-02-07 13:51 - 00002142 _____ () C:\Users\Yan\Downloads\SPSS 2 sample data.sav
2014-02-07 13:38 - 2014-02-07 13:38 - 01265152 _____ () C:\Users\Yan\Downloads\Memory Durham 1314 (1).ppt
2014-02-06 17:49 - 2014-02-06 17:49 - 01110528 _____ () C:\Users\Yan\Downloads\Memory Durham 0607.ppt
2014-02-06 17:34 - 2014-02-06 17:34 - 01265152 _____ () C:\Users\Yan\Downloads\Memory Durham 1314.ppt
2014-02-05 16:50 - 2014-02-05 16:50 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-02-05 16:50 - 2014-02-05 16:50 - 00000000 ____D () C:\Users\Yan\AppData\Local\Amazon Cloud Player
2014-02-05 14:22 - 2014-02-14 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 14:22 - 2014-02-05 14:22 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\Thunderbird
2014-02-05 14:22 - 2014-02-05 14:22 - 00000000 ____D () C:\Users\Yan\AppData\Local\Thunderbird
2014-02-05 10:49 - 2014-02-08 09:56 - 00000000 ____D () C:\Users\Yan\Documents\Ubuntu
2014-02-04 18:39 - 2014-02-04 18:39 - 00000000 ____D () C:\Program Files\Oracle
2014-02-04 18:39 - 2013-12-18 17:19 - 00252688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-02-04 18:39 - 2013-12-18 17:16 - 00126736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-02-04 17:46 - 2014-02-04 17:47 - 106322704 _____ (Oracle Corporation) C:\Users\Yan\Downloads\VirtualBox-4.3.6-91406-Win.exe
2014-02-03 10:30 - 2014-02-12 11:03 - 00000000 ____D () C:\Windows\Minidump
2014-02-03 09:40 - 2014-02-03 09:40 - 00000000 ____D () C:\ProgramData\Stardock
2014-02-03 09:40 - 2013-11-12 16:11 - 00181440 _____ () C:\Windows\system32\wbload.dll
2014-02-03 09:38 - 2014-02-03 09:38 - 00000000 ____D () C:\Users\Public\Documents\Stardock
2014-01-28 20:38 - 2014-01-28 20:38 - 00000000 ____D () C:\Users\Yan\AppData\Local\6Wunderkinder
2014-01-28 20:36 - 2014-02-03 08:01 - 00000000 ____D () C:\Users\Yan\AppData\Local\6_Wunderkinder_GmbH
2014-01-28 20:35 - 2014-02-03 08:04 - 00000000 ____D () C:\Program Files (x86)\Wunderlist2
2014-01-28 20:35 - 2014-01-28 20:35 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\6Wunderkinder
2014-01-28 20:34 - 2014-02-03 08:00 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-28 10:23 - 2014-02-04 16:28 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\DisplayFusion
2014-01-28 10:22 - 2014-02-03 08:03 - 00000000 ____D () C:\Program Files (x86)\DisplayFusion
2014-01-28 10:22 - 2014-01-28 10:22 - 00000000 ____D () C:\ProgramData\Binary Fortress Software
2014-01-28 10:21 - 2014-01-28 10:21 - 00000000 ____D () C:\Users\Yan\Documents\DisplayFusion Backups
2014-01-27 11:27 - 2014-01-27 11:27 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications
2014-01-27 11:27 - 2014-01-27 11:27 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-01-27 11:02 - 2014-01-27 11:02 - 00000000 ____D () C:\ProgramData\HTC
2014-01-27 10:59 - 2014-01-27 10:59 - 00000000 ____D () C:\Users\Yan\.android
2014-01-27 10:54 - 2014-01-27 10:54 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2014-01-27 10:54 - 2014-01-27 10:54 - 00000000 ____D () C:\Program Files (x86)\ClockworkMod
2014-01-25 14:13 - 2014-01-25 14:13 - 00000000 ____D () C:\Users\Yan\Documents\R
2014-01-25 14:13 - 2014-01-25 14:13 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\RStudio
2014-01-25 14:10 - 2014-01-25 14:11 - 00000000 ____D () C:\Program Files\RStudio
2014-01-25 14:00 - 2014-01-25 14:00 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bins
2014-01-25 13:59 - 2014-01-25 13:59 - 00003254 _____ () C:\Windows\System32\Tasks\Bins-UAC-Helper
2014-01-25 13:59 - 2014-01-25 13:59 - 00000000 ____D () C:\ProgramData\1UPIndustries
2014-01-25 13:59 - 2005-06-15 03:00 - 00102400 _____ (TechSmith Corporation) C:\Windows\SysWOW64\tsccvid.dll
2014-01-25 13:58 - 2014-02-03 08:01 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\1UPIndustries
2014-01-25 13:58 - 2014-01-25 13:58 - 00000000 ____D () C:\Program Files\1UPIndustries
2014-01-25 13:52 - 2014-01-25 13:52 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-01-23 18:31 - 2014-01-23 18:31 - 00330240 _____ ((주)마크애니) C:\Windows\MASetupCaller.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00090112 _____ ((주)마크애니) C:\Windows\MAMCityDownload.ocx
2014-01-23 18:31 - 2014-01-23 18:31 - 00030568 _____ () C:\Windows\MusiccityDownload.exe
2014-01-22 12:37 - 2014-01-22 12:37 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-01-22 08:52 - 2014-01-22 08:52 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-01-22 08:06 - 2014-01-22 08:06 - 00000000 ____D () C:\Program Files (x86)\HD Tune
 
==================== One Month Modified Files and Folders =======
 
2014-02-21 11:26 - 2014-02-21 11:25 - 00024150 _____ () C:\Users\Yan\Desktop\FRST.txt
2014-02-21 11:26 - 2013-10-30 13:30 - 00000542 _____ () C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job
2014-02-21 11:25 - 2014-02-21 11:25 - 00000000 ____D () C:\FRST
2014-02-21 11:24 - 2011-09-08 14:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-21 11:22 - 2014-02-21 11:21 - 02153984 _____ (Farbar) C:\Users\Yan\Desktop\FRST64.exe
2014-02-21 11:22 - 2012-12-01 14:17 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1092050668-1165850808-2080160766-1001UA.job
2014-02-21 11:22 - 2009-07-14 05:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-21 11:21 - 2012-04-12 07:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 11:21 - 2012-04-12 07:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 11:21 - 2012-04-12 07:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 11:21 - 2011-09-01 10:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 11:20 - 2014-02-14 09:51 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 11:20 - 2014-01-16 21:06 - 01098681 _____ () C:\Windows\WindowsUpdate.log
2014-02-21 11:20 - 2011-10-23 13:17 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-02-21 11:18 - 2014-02-14 09:51 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-20 17:18 - 2012-02-12 13:50 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\Dropbox
2014-02-20 14:47 - 2011-09-08 14:39 - 00000000 ____D () C:\Users\Yan\AppData\Local\CrashDumps
2014-02-20 14:22 - 2012-12-01 14:17 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1092050668-1165850808-2080160766-1001Core.job
2014-02-20 11:18 - 2014-01-03 19:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-19 19:16 - 2011-08-29 11:17 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{70A29FD3-72EC-451A-B55A-187F7ECDE4CB}
2014-02-19 18:05 - 2014-02-19 18:05 - 00000000 ____H () C:\Users\Yan\Documents\Default.rdp
2014-02-18 19:45 - 2011-08-29 11:05 - 00000000 ___RD () C:\Users\Yan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-18 19:43 - 2014-02-18 19:43 - 00000000 ____D () C:\Users\Yan\AppData\Local\Evernote
2014-02-18 19:43 - 2014-02-18 19:43 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-02-18 18:56 - 2014-02-18 18:55 - 59310944 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Yan\Downloads\Evernote_5.1.2.2387.exe
2014-02-18 18:01 - 2013-10-03 17:46 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-18 17:50 - 2014-02-18 17:30 - 119076610 _____ () C:\Users\Yan\Downloads\backup_Sophie_Final.zip
2014-02-18 17:35 - 2009-07-14 04:45 - 00020928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-18 17:35 - 2009-07-14 04:45 - 00020928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-18 17:30 - 2012-02-12 13:51 - 00000000 ___RD () C:\Users\Yan\Dropbox
2014-02-18 17:26 - 2014-02-12 14:33 - 00004640 _____ () C:\Windows\setupact.log
2014-02-18 17:26 - 2013-06-04 10:36 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-02-18 17:26 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-18 17:21 - 2014-02-18 17:21 - 00000000 _____ () C:\Users\Yan\Downloads\backup (1).zip
2014-02-18 17:20 - 2014-02-18 17:20 - 00000000 _____ () C:\Users\Yan\Downloads\backup.zip
2014-02-18 17:11 - 2014-02-18 17:01 - 49664782 _____ () C:\Users\Yan\Downloads\backup_Sophie_ver1.zip
2014-02-18 16:58 - 2014-02-18 16:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-02-18 16:43 - 2014-02-18 16:43 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-18 16:43 - 2011-12-25 18:08 - 00000000 ____D () C:\Users\Yan\AppData\Local\Samsung
2014-02-18 15:02 - 2011-12-01 22:45 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-18 15:02 - 2011-05-30 08:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-18 15:00 - 2011-12-01 22:44 - 00000000 ____D () C:\Users\Yan\AppData\Local\Downloaded Installations
2014-02-18 14:58 - 2014-02-18 14:58 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\Yan\Downloads\KiesSetup.exe
2014-02-17 17:15 - 2014-02-17 17:10 - 535770427 _____ () C:\Users\Yan\Downloads\Remixes-Rarities-Instrumentals.zip
2014-02-17 17:09 - 2014-02-17 17:06 - 116133357 _____ () C:\Users\Yan\Downloads\AOI-Bionix.zip
2014-02-17 17:04 - 2014-02-17 17:03 - 150994206 _____ () C:\Users\Yan\Downloads\Art-Official-Intelligence.zip
2014-02-17 17:03 - 2014-02-17 17:01 - 160849169 _____ () C:\Users\Yan\Downloads\Stakes-Is-High.zip
2014-02-17 17:01 - 2014-02-17 17:00 - 114367391 _____ () C:\Users\Yan\Downloads\Buhloone-Mindstate.zip
2014-02-17 17:00 - 2014-02-17 16:59 - 168036333 _____ () C:\Users\Yan\Downloads\De-La-Soul-Is-Dead.zip
2014-02-17 16:58 - 2014-02-17 16:57 - 159346091 _____ () C:\Users\Yan\Downloads\3-Feet-High.zip
2014-02-14 15:58 - 2011-09-16 18:47 - 00007631 _____ () C:\Users\Yan\AppData\Local\resmon.resmoncfg
2014-02-14 12:47 - 2014-02-14 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-14 12:47 - 2014-02-05 14:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 12:40 - 2014-02-14 12:40 - 21970096 _____ (Mozilla) C:\Users\Yan\Downloads\Thunderbird Setup 24.3.0.exe
2014-02-14 11:06 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-02-14 10:21 - 2014-02-14 10:21 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-02-14 10:20 - 2014-02-14 10:20 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-02-14 10:19 - 2014-02-14 10:19 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-02-14 10:17 - 2014-02-14 10:17 - 00000000 ____D () C:\HP Universal Print Driver
2014-02-14 10:02 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-14 09:57 - 2014-02-14 09:57 - 13024768 _____ (LastPass) C:\Users\Yan\Downloads\lastpass_x64.exe
2014-02-14 09:51 - 2014-02-14 09:51 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 09:51 - 2014-02-14 09:51 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-14 09:51 - 2014-02-14 09:50 - 00000000 ____D () C:\Users\Yan\AppData\Local\Deployment
2014-02-14 09:51 - 2012-06-09 16:09 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-14 09:50 - 2014-02-14 09:50 - 00000000 ____D () C:\Users\Yan\AppData\Local\Apps\2.0
2014-02-14 09:43 - 2014-02-07 15:27 - 00000000 ____D () C:\Users\Yan\.VirtualBox
2014-02-14 09:26 - 2014-02-14 09:26 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-02-14 00:18 - 2011-09-28 13:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 23:17 - 2013-07-29 07:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 23:15 - 2011-09-01 20:08 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 22:09 - 2014-02-13 21:33 - 00000000 ____D () C:\AdwCleaner
2014-02-13 21:28 - 2014-02-12 14:21 - 00219364 _____ () C:\Windows\PFRO.log
2014-02-13 20:08 - 2014-02-13 20:06 - 00000000 ___SD () C:\32788R22FWJFW
2014-02-13 20:06 - 2014-02-13 20:06 - 00000000 ____D () C:\Windows\erdnt
2014-02-13 10:55 - 2011-02-10 23:03 - 00766780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 16:50 - 2014-02-12 16:50 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dll
2014-02-12 16:10 - 2011-10-31 13:09 - 00046855 _____ () C:\Windows\system32\avgrep.txt
2014-02-12 14:44 - 2012-02-12 14:59 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-12 14:33 - 2014-02-12 14:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-12 13:47 - 2014-02-12 13:47 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\OfficeTab
2014-02-12 13:43 - 2014-02-12 13:19 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\MediaMonkey
2014-02-12 13:42 - 2014-02-12 13:42 - 00451205 _____ () C:\Users\Yan\Downloads\Last.fm_Scrobbler_1.0.2.29.mmip
2014-02-12 13:34 - 2014-02-12 13:34 - 00411389 _____ () C:\Users\Yan\Downloads\g-monkeyps.mmip
2014-02-12 13:19 - 2014-02-12 13:19 - 00000000 ____D () C:\Users\Yan\AppData\Local\MediaMonkey
2014-02-12 13:19 - 2014-02-12 13:19 - 00000000 ____D () C:\ProgramData\MediaMonkey
2014-02-12 13:19 - 2014-02-12 13:19 - 00000000 ____D () C:\Program Files (x86)\MediaMonkey
2014-02-12 13:18 - 2014-02-12 13:18 - 00000000 ____D () C:\ProgramData\Licenses
2014-02-12 13:11 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-12 13:09 - 2014-02-12 13:09 - 00000000 ____D () C:\Users\Yan\AppData\Local\emaze
2014-02-12 11:05 - 2014-02-12 11:05 - 00028798 _____ () C:\Users\Yan\Documents\cc_20140212_110530.reg
2014-02-12 11:03 - 2014-02-03 10:30 - 00000000 ____D () C:\Windows\Minidump
2014-02-11 15:58 - 2012-05-07 12:09 - 00000000 ____D () C:\Users\Yan\AppData\Local\Last.fm
2014-02-11 15:56 - 2014-02-11 15:56 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiniBin
2014-02-11 15:56 - 2014-02-11 15:56 - 00000000 ____D () C:\Program Files (x86)\MiniBin
2014-02-11 14:10 - 2013-10-31 12:40 - 00000000 ____D () C:\Users\Yan\Documents\MATLAB
2014-02-11 10:00 - 2014-02-11 10:00 - 00378479 _____ () C:\Users\Yan\Downloads\PG conference 2013.pptx
2014-02-10 16:47 - 2012-05-30 18:21 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-10 11:57 - 2014-02-10 11:57 - 01733120 _____ () C:\Users\Yan\Downloads\Methods Lecture 2 - 2014.ppt
2014-02-10 11:56 - 2014-02-10 11:56 - 01734656 _____ () C:\Users\Yan\Downloads\Methods Lecture 2(1) (1).ppt
2014-02-10 11:40 - 2013-10-17 23:52 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\vlc
2014-02-10 11:39 - 2011-10-02 15:29 - 00008192 _____ () C:\Users\Yan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-10 11:33 - 2014-02-10 11:33 - 01890816 _____ () C:\Users\Yan\Downloads\Methods Lecture L14_07Feb2012(1) (1).ppt
2014-02-10 11:22 - 2014-02-10 11:21 - 19946993 _____ () C:\Users\Yan\Downloads\Structured Observation.wmv
2014-02-10 11:20 - 2014-02-10 11:20 - 00509587 _____ () C:\Users\Yan\Downloads\Male point-light-walker.wmv
2014-02-10 11:14 - 2014-02-10 11:13 - 31211359 _____ () C:\Users\Yan\Downloads\Still Face Experiment  Dr. Edward Tronick.wmv
2014-02-09 20:41 - 2014-02-09 20:41 - 01734656 _____ () C:\Users\Yan\Downloads\Methods Lecture 2(1).ppt
2014-02-09 20:40 - 2014-02-09 20:40 - 01890816 _____ () C:\Users\Yan\Downloads\Methods Lecture L14_07Feb2012.ppt
2014-02-09 20:40 - 2014-02-09 20:40 - 00671232 _____ () C:\Users\Yan\Downloads\L14 Methods II -Non-experimental research design DUO 1011.ppt
2014-02-09 20:38 - 2014-02-09 20:38 - 01890816 _____ () C:\Users\Yan\Downloads\Methods Lecture L14_07Feb2012(1).ppt
2014-02-09 20:35 - 2014-02-09 20:35 - 00817664 _____ () C:\Users\Yan\Downloads\methods_L2 (upd) 0809.ppt
2014-02-08 12:23 - 2014-02-07 15:27 - 00000000 ____D () C:\Users\Yan\VirtualBox VMs
2014-02-08 11:50 - 2013-01-30 18:58 - 00000000 ____D () C:\Users\Yan\AppData\Local\AVG Secure Search
2014-02-08 09:56 - 2014-02-05 10:49 - 00000000 ____D () C:\Users\Yan\Documents\Ubuntu
2014-02-07 16:33 - 2011-12-01 22:46 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-02-07 15:27 - 2011-08-29 11:03 - 00000000 ____D () C:\Users\Yan
2014-02-07 13:51 - 2014-02-07 13:51 - 00002142 _____ () C:\Users\Yan\Downloads\SPSS 2 sample data.sav
2014-02-07 13:48 - 2011-11-03 17:39 - 00000000 ____D () C:\Users\Yan\Documents\SPSSInc
2014-02-07 13:47 - 2012-08-20 18:26 - 00000000 ____D () C:\Users\Yan\Documents\Depression Paper
2014-02-07 13:38 - 2014-02-07 13:38 - 01265152 _____ () C:\Users\Yan\Downloads\Memory Durham 1314 (1).ppt
2014-02-06 17:49 - 2014-02-06 17:49 - 01110528 _____ () C:\Users\Yan\Downloads\Memory Durham 0607.ppt
2014-02-06 17:34 - 2014-02-06 17:34 - 01265152 _____ () C:\Users\Yan\Downloads\Memory Durham 1314.ppt
2014-02-06 12:16 - 2014-02-13 10:51 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:30 - 2014-02-13 10:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:30 - 2014-02-13 10:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:12 - 2014-02-13 10:51 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 11:07 - 2014-02-13 10:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:06 - 2014-02-13 10:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 10:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:56 - 2014-02-13 10:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:52 - 2014-02-13 10:51 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:49 - 2014-02-13 10:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:48 - 2014-02-13 10:51 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:48 - 2014-02-13 10:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:38 - 2014-02-13 10:51 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 10:32 - 2014-02-13 10:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:20 - 2014-02-13 10:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 10:17 - 2014-02-13 10:51 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:11 - 2014-02-13 10:51 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:01 - 2014-02-13 10:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 10:00 - 2014-02-13 10:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 09:57 - 2014-02-13 10:51 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 09:57 - 2014-02-13 10:51 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 09:52 - 2014-02-13 10:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 09:52 - 2014-02-13 10:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 09:50 - 2014-02-13 10:51 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 09:49 - 2014-02-13 10:51 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 09:47 - 2014-02-13 10:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 09:46 - 2014-02-13 10:51 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 09:25 - 2014-02-13 10:51 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 09:25 - 2014-02-13 10:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 09:24 - 2014-02-13 10:51 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:22 - 2014-02-13 10:51 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:13 - 2014-02-13 10:51 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 09:09 - 2014-02-13 10:51 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 09:03 - 2014-02-13 10:51 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 08:55 - 2014-02-13 10:51 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 08:41 - 2014-02-13 10:51 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 08:40 - 2014-02-13 10:51 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 08:36 - 2014-02-13 10:51 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 08:34 - 2014-02-13 10:51 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 16:50 - 2014-02-05 16:50 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-02-05 16:50 - 2014-02-05 16:50 - 00000000 ____D () C:\Users\Yan\AppData\Local\Amazon Cloud Player
2014-02-05 14:22 - 2014-02-05 14:22 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\Thunderbird
2014-02-05 14:22 - 2014-02-05 14:22 - 00000000 ____D () C:\Users\Yan\AppData\Local\Thunderbird
2014-02-05 14:22 - 2011-08-29 11:24 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\Mozilla
2014-02-04 18:39 - 2014-02-04 18:39 - 00000000 ____D () C:\Program Files\Oracle
2014-02-04 17:47 - 2014-02-04 17:46 - 106322704 _____ (Oracle Corporation) C:\Users\Yan\Downloads\VirtualBox-4.3.6-91406-Win.exe
2014-02-04 16:28 - 2014-01-28 10:23 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\DisplayFusion
2014-02-04 09:54 - 2013-01-30 18:58 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-02-03 09:40 - 2014-02-03 09:40 - 00000000 ____D () C:\ProgramData\Stardock
2014-02-03 09:38 - 2014-02-03 09:38 - 00000000 ____D () C:\Users\Public\Documents\Stardock
2014-02-03 08:04 - 2014-01-28 20:35 - 00000000 ____D () C:\Program Files (x86)\Wunderlist2
2014-02-03 08:04 - 2011-09-11 07:34 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-02-03 08:04 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-03 08:03 - 2014-01-28 10:22 - 00000000 ____D () C:\Program Files (x86)\DisplayFusion
2014-02-03 08:03 - 2012-04-03 14:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-03 08:03 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2014-02-03 08:01 - 2014-01-28 20:36 - 00000000 ____D () C:\Users\Yan\AppData\Local\6_Wunderkinder_GmbH
2014-02-03 08:01 - 2014-01-25 13:58 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\1UPIndustries
2014-02-03 08:00 - 2014-01-28 20:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-30 19:59 - 2012-01-22 11:10 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-01-30 19:58 - 2012-01-22 11:10 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\SystemRequirementsLab
2014-01-30 19:02 - 2011-08-29 11:04 - 00000000 ____D () C:\Windows\pss
2014-01-28 21:52 - 2011-11-18 00:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-28 21:23 - 2013-11-15 23:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-28 20:38 - 2014-01-28 20:38 - 00000000 ____D () C:\Users\Yan\AppData\Local\6Wunderkinder
2014-01-28 20:35 - 2014-01-28 20:35 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\6Wunderkinder
2014-01-28 19:13 - 2012-09-24 19:43 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-28 19:13 - 2012-09-24 19:43 - 00000000 ____D () C:\Program Files\iTunes
2014-01-28 19:13 - 2012-09-24 19:43 - 00000000 ____D () C:\Program Files\iPod
2014-01-28 19:08 - 2011-08-31 15:32 - 00000000 ____D () C:\ProgramData\Apple
2014-01-28 10:22 - 2014-01-28 10:22 - 00000000 ____D () C:\ProgramData\Binary Fortress Software
2014-01-28 10:21 - 2014-01-28 10:21 - 00000000 ____D () C:\Users\Yan\Documents\DisplayFusion Backups
2014-01-27 11:27 - 2014-01-27 11:27 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications
2014-01-27 11:27 - 2014-01-27 11:27 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-01-27 11:02 - 2014-01-27 11:02 - 00000000 ____D () C:\ProgramData\HTC
2014-01-27 10:59 - 2014-01-27 10:59 - 00000000 ____D () C:\Users\Yan\.android
2014-01-27 10:54 - 2014-01-27 10:54 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2014-01-27 10:54 - 2014-01-27 10:54 - 00000000 ____D () C:\Program Files (x86)\ClockworkMod
2014-01-25 16:04 - 2011-10-23 13:15 - 00000000 ____D () C:\Prey
2014-01-25 14:13 - 2014-01-25 14:13 - 00000000 ____D () C:\Users\Yan\Documents\R
2014-01-25 14:13 - 2014-01-25 14:13 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\RStudio
2014-01-25 14:11 - 2014-01-25 14:10 - 00000000 ____D () C:\Program Files\RStudio
2014-01-25 14:00 - 2014-01-25 14:00 - 00000000 ____D () C:\Users\Yan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bins
2014-01-25 13:59 - 2014-01-25 13:59 - 00003254 _____ () C:\Windows\System32\Tasks\Bins-UAC-Helper
2014-01-25 13:59 - 2014-01-25 13:59 - 00000000 ____D () C:\ProgramData\1UPIndustries
2014-01-25 13:58 - 2014-01-25 13:58 - 00000000 ____D () C:\Program Files\1UPIndustries
2014-01-25 13:52 - 2014-01-25 13:52 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-01-23 18:31 - 2014-02-18 15:02 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00330240 _____ ((주)마크애니) C:\Windows\MASetupCaller.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00090112 _____ ((주)마크애니) C:\Windows\MAMCityDownload.ocx
2014-01-23 18:31 - 2014-01-23 18:31 - 00030568 _____ () C:\Windows\MusiccityDownload.exe
2014-01-23 08:27 - 2011-08-29 11:07 - 00000000 ____D () C:\Users\Yan\Documents\Bluetooth Folder
2014-01-22 20:37 - 2011-09-13 22:14 - 00316312 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-01-22 12:37 - 2014-01-22 12:37 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-01-22 08:52 - 2014-01-22 08:52 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-01-22 08:06 - 2014-01-22 08:06 - 00000000 ____D () C:\Program Files (x86)\HD Tune
 
Some content of TEMP:
====================
C:\Users\Yan\AppData\Local\Temp\ComboFix.exe
C:\Users\Yan\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-18 17:48
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-02-2014
Ran by Yan at 2014-02-21 11:27:03
Running from C:\Users\Yan\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x32 Version:  - )
ActiveX контрола на Windows Live Mesh за отдалечени връзки (x32 Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Agarest: Generations of War (x32 Version:  - Ghostlight)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Alps Pointing-device for VAIO (Version:  - ALPS ELECTRIC CO., LTD.)
Amazon Cloud Player (HKCU Version: 2.3.0.422 - Amazon Services LLC)
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.142 - ArcSoft)
ArcSoft WebCam Companion 4 (x32 Version: 4.0.21.485 - ArcSoft)
Atheros WiFi Driver Installation (x32 Version: 3.0 - Atheros)
AVG 2013 (Version: 13.0.3462 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3705 - AVG Technologies) Hidden
AVG 2013 (Version: 2013.0.3462 - AVG Technologies)
AVG Security Toolbar (x32 Version: 17.3.0.49 - AVG Technologies)
BBC iPlayer Desktop (x32 Version: 3.0.11 - British Broadcasting Corp.)
BBC iPlayer Desktop (x32 Version: 3.0.11 - British Broadcasting Corp.) Hidden
Bins (Version:  - 1UP Industries LLC)
Bluetooth Win7 Suite (64) (Version: 7.3.0.95 - Atheros Communications)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broken Sword 1 (x32 Version: 1.00.000 - Revolution Software)
Broken Sword 2 (x32 Version: 1.00.000 - Revolution Software)
Broken Sword 3 (x32 Version: 1.00.000 - Revolution Software)
Broken Sword 4 (x32 Version: 1.00.000 - Revolution Software)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Byki (x32 Version: 4.0 - Transparent Language, Inc.) Hidden
Byki Express (x32 Version:  - Transparent Language, Inc.)
CCleaner (Version: 4.10 - Piriform)
Conexant HD Audio (Version: 8.54.18.51 - Conexant)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (Version: 2.16 - Piriform)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DisplayFusion 5.1.1 (x32 Version: 5.1.1.0 - Binary Fortress Software)
DJ_AIO_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DriveImage XML (Private Edition) (x32 Version: 2.50.000 - Runtime Software)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Duke Nukem 3D: Megaton Edition (x32 Version:  - 3D Realms)
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Evernote v. 5.1.2 (x32 Version: 5.1.2.2387 - Evernote Corp.)
F2100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
F2100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
Facebook Video Calling 2.0.0.447 (x32 Version: 2.0.447 - Skype Limited)
Fallout (x32 Version:  - Interplay Inc.)
Fallout 2 (x32 Version:  - Black Isle Studios)
FINAL FANTASY VII (x32 Version: 1.0 - Square Enix)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2 - Microsoft Corporation)
G*Power 3.1.5 (x32 Version: 3.1.5 - Franz Faul, Uni Kiel, Germany)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GStreamer SDK (Development Files) (x64) (x32 Version: 20.13.6 - GStreamer Project)
GStreamer SDK (x64) (x32 Version: 20.13.6 - GStreamer Project)
HD Tune 2.55 (x32 Version:  - EFD Software)
Helium (x32 Version: 1.0.0 - ClockworkMod)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Photosmart Appliance Printer Driver Software 10.0 Rel .2 (Version: 10.0 - HP)
HP Photosmart Essential 3.5 (Version: 3.5 - HP)
HP Product Detection (x32 Version: 11.14.0001 - HP)
HP Smart Web Printing 4.51 (Version: 4.51 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HTC Driver Installer (x32 Version: 3.0.0.007 - HTC Corporation)
IBM SPSS Statistics 20 (Version: 20.0.0.0 - IBM Corp)
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 8.15.10.2291 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 10.0.0.1046 - Intel Corporation)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Last.fm Scrobbler 2.1.36 (x32 Version:  - Last.fm)
LastPass (uninstall only) (x32 Version:  - LastPass)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
MATLAB R2013b (Version: 8.2 - The MathWorks, Inc.)
Media Gallery (Version: 1.5.0.16020 - Your Company Name) Hidden
MediaMonkey 4.1 (x32 Version: 4.1 - Ventis Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40825 - Microsoft Corporation) Hidden
MiniBin 6.2.0.0 (HKCU Version: 6.2.0.0 - Mike Edward Moras (e-sushi™))
Mozilla Maintenance Service (x32 Version: 24.3.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 en-GB) (x32 Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
MyFreeCodec (HKCU Version:  - )
Oracle VM VirtualBox 4.3.6 (Version: 4.3.6 - Oracle Corporation)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (x32 Version: 15.4.5722.2 - Microsoft Corporation)
PanoStandAlone (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
PlayMemories Home Plug-in (Version: 2.0.00.14170 - Sony Corporation) Hidden
PlayMemories Home/PMB VAIO Edition Plug-in 3D Theme Data (x32 Version: 1.0.00.16130 - Sony Corporation) Hidden
PlayMemories Home/PMB VAIO Edition Plug-in Ver.2.2 Upgrade Program (x32 Version: 2.2.00.18250 - Sony Corporation) Hidden
PMB (x32 Version: 5.5.02.12220 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.5.00.02250 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.5.00.02250 - Sony Corporation) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pool Nation (x32 Version:  - Cherry Pop Games)
PS_APP_02_Software (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_APP_02_Software_Min (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
Qualcomm Atheros Direct Connect (x32 Version: 3.0 - Qualcomm Atheros) Hidden
Quick Web Access (x32 Version: 1.4.6.9 - Sony Corporation)
Quick Web Access (x32 Version: 1.4.6.9 - Sony Corporation) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
R for Windows 3.0.2 (Version: 3.0.2 - R Core Team)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Rapport (Version: 3.5.1205.20 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1304.46 - Trusteer) Hidden
Realtek PCIE Card Reader (x32 Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.1.1.07060 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
Revo Uninstaller 1.95 (x32 Version: 1.95 - VS Revo Group)
RStudio (x32 Version: 0.98.495 - RStudio)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (Version: 13.0 - HP)
Slik Subversion 1.8.3.1 (x86) (x32 Version: 1.8.3.1 - SlikSvn & The SharpSvn Project)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (x32 Version:  - Valve Corporation)
Super Hexagon (x32 Version:  - Terry Cavanagh)
SUPERAntiSpyware (Version: 5.0.1144 - SUPERAntiSpyware.com)
System Requirements Lab for Intel (x32 Version: 4.5.22.0 - Husdawg, LLC)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TopArcadeHits (HKCU Version:  - TopArcadeHits)
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (x32 Version: 3.5.1304.46 - Trusteer)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2 - Microsoft Corporation)
VAIO - Media Gallery (x32 Version: 1.5.0.16020 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (x32 Version: 2.2.00.18250 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (x32 Version: 1.5.00.02250 - Sony Corporation)
VAIO - Remote Keyboard (x32 Version: 1.1.0.07060 - Sony Corporation)
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.15070 - Sony Corporation)
VAIO Care (Version: 8.1.0.10120 - Sony Corporation)
VAIO Control Center (x32 Version: 4.5.0.03040 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Event Service (x32 Version: 5.5.0.03040 - Sony Corporation)
VAIO Gate (x32 Version: 2.4.0.06210 - Sony Corporation)
VAIO Gate Default (x32 Version: 2.4.0.03240 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden
VAIO Hero Screensaver - Summer 2011 Screensaver (x32 Version:  - )
VAIO Improvement (x32 Version: 1.0.0.14150 - Sony Corporation)
VAIO Improvement Validation (Version: 1.0.4.01190 - Sony Corporation)
VAIO Manual (x32 Version: 2.0.0.02250 - Sony Corporation)
VAIO Sample Contents (x32 Version: 1.4.2.09010 - Sony Corporation)
VAIO Smart Network (x32 Version: 3.10.2.08270 - Sony Corporation)
VAIO Transfer Support (x32 Version: 1.4.0.14230 - Sony Corporation)
VAIO Update (x32 Version: 6.3.0.08010 - Sony Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VESx64 (Version: 1.0.0 - Sony Corporation) Hidden
VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player 2.1.3 (x32 Version: 2.1.3 - VideoLAN)
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Корпорація Майкрософт) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорація Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wunderlist (x32 Version: 2.3.0.31 - 6 Wunderkinder GmbH) Hidden
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Елемент керування Windows Live Mesh ActiveX для віддалених підключень (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Основи Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоколекція Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Restore Points  =========================
 
12-02-2014 13:14:51 Revo Uninstaller's restore point - Search Protect
12-02-2014 13:59:15 Revo Uninstaller's restore point - VisualBee for Microsoft PowerPoint
13-02-2014 10:48:17 Windows Update
13-02-2014 21:14:40 avast! antivirus system restore point
13-02-2014 22:24:51 Revo Uninstaller's restore point - Google Chrome
13-02-2014 23:13:47 Windows Update
14-02-2014 00:16:41 Windows Update
14-02-2014 09:19:56 Windows Update
18-02-2014 15:01:00 Installed Samsung Kies
18-02-2014 19:42:47 Installed Evernote v. 5.1.2
 
==================== Hosts content: ==========================
 
2009-07-14 02:34 - 2013-01-03 17:40 - 00000804 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {01FFEF95-0A4C-4909-A175-3A0A92859BCB} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2013-08-05] ()
Task: {09C9807C-9256-49AC-A4BD-5451F66621FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-14] (Google Inc.)
Task: {1CE15488-D031-48DE-91F1-E31E2A6B2912} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-06-21] (Sony Corporation)
Task: {223C0E65-A1CF-411A-B470-AA30EEA50FDD} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {248CDCDC-38F1-4E9E-AA0D-8F417EDC578A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-08-01] (Sony Corporation)
Task: {2E4C3808-330E-4BC7-A8A8-A1EE5C498FC3} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {3349A8F2-8EF7-4A6E-BF1B-537424362A83} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{C95C335D-0007-411B-BC89-92598E6B72B0}.exe
Task: {33BCDB44-1642-464E-B17D-9400F41623AA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1092050668-1165850808-2080160766-1001
Task: {36AA5A48-6723-448D-A40C-C058C9B8D23E} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {39443741-FFD3-4E99-A408-F35E5C4DC20A} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {3AEB2247-D8E0-46DD-90A0-35874ED641AD} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2013-08-01] (Sony Corporation)
Task: {4DC6FADD-9D49-4399-BB27-B450CE1EA0D3} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
Task: {594A4156-B0D1-4E0E-BF0D-D09D59D73016} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1092050668-1165850808-2080160766-1001UA => C:\Users\Yan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-01] (Facebook Inc.)
Task: {69D553B2-2245-4EA4-A7EB-4A77F2282D2B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1092050668-1165850808-2080160766-1001Core => C:\Users\Yan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-01] (Facebook Inc.)
Task: {79954BEF-2CB9-4B22-9CA7-8AAF973AC6EE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {86BC45E6-83E7-4419-949F-26979F22211F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1092050668-1165850808-2080160766-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9E74C32E-DECE-4641-A6F7-62AFEDB911AD} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1092050668-1165850808-2080160766-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B0AB0212-8DBB-400B-A9A2-331658D53FDF} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)
Task: {B2D06A57-C673-42A2-B8BC-6A5DA7389F91} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-06-21] (Sony Corporation)
Task: {B3C7B6F6-A422-4DA6-A61F-A7087B94C5B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {B60890EA-33FA-4D97-B01B-F85E3A7189CF} - System32\Tasks\Bins-UAC-Helper => C:\Program Files\1UPIndustries\Bins\v1.1.0.250\Bins.exe [2013-10-22] (1UP Industries LLC)
Task: {BE4A8662-74F6-455A-B7DD-5F08AFFF12AC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BEF65C01-50CA-40EC-A519-BF727AD04C28} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-08-01] (Sony Corporation)
Task: {BF70778A-103D-4693-B79F-4A8DEE8F875A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C91085E7-DE41-49F1-A0E8-28673E555468} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-14] (Google Inc.)
Task: {C917B257-89CC-4091-B2A7-60F230C4816A} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {E5ABD305-3740-4031-BB51-90056D331D18} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)
Task: {EEA8D47F-B35D-4A2B-A860-10EF6B8AAEE8} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {F33DD328-7CC3-4E40-A0EE-B8D806141939} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {F5AB48C8-1D0D-4B5D-9B36-E98CEE73CDD7} - System32\Tasks\Game_Booster_Startup => C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{C95C335D-0007-411B-BC89-92598E6B72B0}.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1092050668-1165850808-2080160766-1001Core.job => C:\Users\Yan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1092050668-1165850808-2080160766-1001UA.job => C:\Users\Yan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-25 13:59 - 2013-10-22 23:52 - 00775168 _____ () C:\Program Files\1UPIndustries\Bins\v1.1.0.250\TaskbarDockAppIntegration64.dll
2014-01-25 13:59 - 2010-07-27 13:56 - 00654336 _____ () C:\Program Files\1UPIndustries\Bins\v1.1.0.250\EasyHook64.dll
2011-03-30 01:46 - 2011-03-29 08:47 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-03-31 16:08 - 2011-03-31 16:08 - 00080896 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-01-08 17:10 - 2014-01-08 17:10 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
2014-02-13 22:45 - 2014-02-13 22:45 - 01672704 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\ReactiveUI\ca4c6374d6c12d92c7d96680bb7328d4\ReactiveUI.ni.dll
2014-02-13 22:46 - 2014-02-13 22:46 - 00035328 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Wunderkinde6f42a4a9#\a03d5c47c984346008ba13e9c563a958\Wunderkinder.Wunderlist.Data.Realtime.ni.dll
2014-02-13 22:45 - 2014-02-13 22:45 - 00529408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Akavache.Portable\b1e3a440491d3e92a6e969fc4bbf1e85\Akavache.Portable.ni.dll
2014-02-13 22:45 - 2014-02-13 22:45 - 00050176 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Wunderkinded9c6edae#\cbfdefb9fa17cd72c7f6dc58e6ad53dd\Wunderkinder.Wunderlist.Presentation.ni.dll
2014-02-13 22:45 - 2014-02-13 22:45 - 00910336 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\AutoMapper\26f8d37c719a62bfb151ae71a71f06a7\AutoMapper.ni.dll
2013-10-01 13:33 - 2013-10-01 13:33 - 00028160 _____ () C:\Program Files (x86)\Wunderlist2\AutoMapper.Net4.dll
2014-02-05 16:50 - 2014-01-14 19:46 - 03140608 _____ () C:\Users\Yan\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2013-01-30 18:58 - 2014-02-04 09:54 - 02552856 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2012-08-06 13:27 - 2012-08-06 13:27 - 00156672 _____ () C:\Program Files\Sony\VAIO Care\VCPerfService.exe
2012-08-06 13:27 - 2012-08-06 13:27 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2013-10-30 13:03 - 2013-08-05 16:44 - 00042496 _____ () C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe
2014-01-25 13:59 - 2013-10-22 23:52 - 01540656 _____ () C:\Program Files\1UPIndustries\Bins\v1.1.0.250\TaskbarDockShellIntegration64.dll
2014-01-25 13:58 - 2013-10-22 23:52 - 00586800 _____ () C:\Program Files\1UPIndustries\Bins\v1.1.0.250\Bins32on64.exe
2012-05-20 11:07 - 2014-02-03 08:10 - 01125592 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-27 14:09 - 2012-06-27 14:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2011-05-30 08:17 - 2011-03-05 15:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2014-01-08 17:10 - 2014-01-08 17:10 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2014-01-25 13:59 - 2013-10-22 23:51 - 00640000 _____ () C:\Program Files\1UPIndustries\Bins\v1.1.0.250\TaskbarDockAppIntegration32.dll
2014-01-25 13:59 - 2010-07-27 13:56 - 00552960 _____ () C:\Program Files\1UPIndustries\Bins\v1.1.0.250\EasyHook32.dll
2013-10-18 23:55 - 2013-10-18 23:55 - 25100288 _____ () C:\Users\Yan\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-13 20:39 - 2014-02-13 20:39 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aa739380ca2b2fc7366d464d2f2301ac\IsdiInterop.ni.dll
2011-05-30 08:05 - 2010-09-13 17:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-02-14 09:51 - 2014-02-01 23:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-14 09:51 - 2014-02-01 23:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-14 09:51 - 2014-02-01 23:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-14 09:51 - 2014-02-01 23:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-14 09:51 - 2014-02-01 23:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-01-22 13:29 - 2014-01-22 13:29 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-01-22 13:29 - 2014-01-22 13:29 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-01-30 08:25 - 2013-09-03 13:01 - 00736768 _____ () C:\Program Files (x86)\Last.fm\unicorn.dll
2013-01-30 08:25 - 2013-09-03 13:01 - 00032768 _____ () C:\Program Files (x86)\Last.fm\logger.dll
2013-01-30 08:25 - 2013-09-03 09:54 - 00351232 _____ () C:\Program Files (x86)\Last.fm\lastfm.dll
2013-01-30 08:25 - 2013-09-03 13:01 - 00126976 _____ () C:\Program Files (x86)\Last.fm\listener.dll
2013-01-30 08:25 - 2013-01-18 11:39 - 00302592 _____ () C:\Program Files (x86)\Last.fm\phonon.dll
2013-09-16 17:56 - 2013-01-18 11:49 - 00182784 _____ () C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll
2013-01-30 08:25 - 2012-12-13 00:12 - 00111104 _____ () C:\Program Files (x86)\Last.fm\libvlc.dll
2013-01-30 08:25 - 2012-12-13 00:13 - 02286592 _____ () C:\Program Files (x86)\Last.fm\libvlccore.dll
2013-09-16 17:56 - 2012-12-13 00:13 - 00049664 _____ () C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll
2014-02-14 09:51 - 2014-02-01 23:42 - 13616456 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
 
==================== Faulty Device Manager Devices =============
 
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: AVG TDI Driver
Description: AVG TDI Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Avgtdia
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/21/2014 11:24:51 AM) (Source: Application Hang) (User: )
Description: The program Evernote.exe version 5.1.2.2387 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1048
 
Start Time: 01cf2ce1b906374c
 
Termination Time: 32
 
Application Path: C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
 
Report Id: b7125b0d-9aea-11e3-b7ca-78843ce09adb
 
Error: (02/21/2014 11:20:34 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: comctl32.dll, version: 6.10.7601.17514, time stamp: 0x4ce7c45b
Exception code: 0xc0000005
Fault offset: 0x00000000000210b3
Faulting process id: 0xa10
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (02/20/2014 05:22:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error: (02/20/2014 05:22:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014
 
Error: (02/20/2014 05:22:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/20/2014 02:47:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 32.0.1700.107, time stamp: 0x52ed6c62
Faulting module name: QuickTimeStreaming.qtx, version: 7.74.80.86, time stamp: 0x5180f322
Exception code: 0xc0000005
Fault offset: 0x0008f84d
Faulting process id: 0x2154
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (02/20/2014 02:46:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 32.0.1700.107, time stamp: 0x52ed6c62
Faulting module name: QuickTimeStreaming.qtx, version: 7.74.80.86, time stamp: 0x5180f322
Exception code: 0xc0000005
Fault offset: 0x0008f84d
Faulting process id: 0x251c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (02/19/2014 07:49:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5304
 
Error: (02/19/2014 07:49:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5304
 
Error: (02/19/2014 07:49:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (02/21/2014 11:18:27 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/20/2014 11:13:49 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/20/2014 11:13:31 AM) (Source: Service Control Manager) (User: )
Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (02/19/2014 04:02:10 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/18/2014 05:25:28 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (02/18/2014 02:48:47 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/18/2014 02:48:37 PM) (Source: Service Control Manager) (User: )
Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (02/17/2014 07:10:46 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/17/2014 04:54:44 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (02/14/2014 11:43:44 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
 
Microsoft Office Sessions:
=========================
Error: (03/01/2013 00:05:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 60301 seconds with 2460 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-05 21:46:18.428
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 21:46:18.357
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 21:46:16.228
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 21:46:16.170
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 21:46:14.035
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 21:46:13.976
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 21:46:11.837
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 21:46:11.785
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 21:46:09.648
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 21:46:09.596
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 63%
Total physical RAM: 8139.86 MB
Available physical RAM: 2954.88 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 9841.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:452.69 GB) (Free:308.55 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F1DB879C)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 21 February 2014 - 08:58 AM

Hi,

I don't see indications of a remaining infection. Do you experience any symptoms or is everything running smoothly?

#5 EnigmaBetula

EnigmaBetula
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 21 February 2014 - 09:09 AM

The only thing I've been experiencing recently is that Windows Explorer has been lagging a bit at times (it actually crashed this morning). Although that could be completely unrelated.



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 25 February 2014 - 05:34 AM

Just to be sure: Do you mean the Explorer that shows files and folders? Or Internet Explorer to browse the web?



#7 EnigmaBetula

EnigmaBetula
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 25 February 2014 - 06:51 AM

Explorer that shows files and folders.



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 25 February 2014 - 06:55 AM

Ok.


Step 1

  • Start Malwarebytes Anti-Malware with administator privileges.
  • Open the tab Update and click on Check for Updates.
  • Open the tab Scanner, select Perform Quick Scan and press the Scan button.
  • When the scan is finished click on Show results.
  • Make sure that all the malware found is checked and click on Remove selected. Allow a reboot if one is required.
  • When finished MBAM shows a log file. (It can also be found under the Logs tab.)
    Please copy and paste the contents of this log file in your next reply.

 

 

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!



#9 EnigmaBetula

EnigmaBetula
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 27 February 2014 - 12:13 PM

Please find the Malwarebytes file followed by the ESET file:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.27.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Yan :: YAN-VAIO [administrator]
 
27/02/2014 10:55:21
mbam-log-2014-02-27 (10-55-21).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223352
Time elapsed: 7 minute(s), 20 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\Software\AppDataLow\Software\MixiDJ_V37 (PUP.Optional.MixiDJToolbar.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7f8aa943c0fea84fb9389ab49cc81dfe
# engine=17247
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-27 02:45:19
# local_time=2014-02-27 02:45:19 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1045 16777213 100 88 17799 80642703 0 0
# compatibility_mode=5893 16776574 100 94 19953797 145977369 0 0
# scanned=498824
# found=4
# cleaned=0
# scan_time=13092
sh=639EC700B0AE3E4022B0E2194154C35804C1495D ft=1 fh=cea679b0d15a81f3 vn="Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Yan\AppData\LocalLow\MixiDJ_V37\hk64tbMixi.dll"
sh=E81DDA2EB87C2B9FC5567266DCB0F473CA8879DD ft=1 fh=ce9365354cde4d2d vn="Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Yan\AppData\LocalLow\MixiDJ_V37\hktbMixi.dll"
sh=BB64EAB4A8D339B38E2C84ECCDC1EB9BCB508661 ft=1 fh=b9050071cbb9d4b1 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Users\Yan\AppData\LocalLow\MixiDJ_V37\ldrtbMixi.dll"
sh=41565A5C7C5DE65C949CC2C3566265E05A0BA782 ft=1 fh=95024ab9b65b3320 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Yan\AppData\LocalLow\MixiDJ_V37\tbMixi.dll"
 
 
ESET found 4 items, should I remove them?


#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 27 February 2014 - 12:39 PM

Hello,

these 4 threats found by ESET are irrelevant.. You can delete the folder C:\Users\Yan\AppData\LocalLow\MixiDJ_V37.
There is no sign of malware whatsoever.


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 12 March 2014 - 12:06 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users