Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE proxy keeps getting changed (127.0.0.1:29351)


  • This topic is locked This topic is locked
31 replies to this topic

#1 rxqual

rxqual

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 03 September 2014 - 05:31 AM

Hi all,

 

Need your help on the following.

 

The symptons are that the IE proxy keeps getting changed to 127.0.0.1:29351 and proxy is also bypassed for the following URL:
 
;*origin.com;*ea.com;*akamaihd.net
 
When I removed the proxy (because i don't use any), it keeps reverting to the incorrect one.
 
Another observation that i've made is that this seems to only affect IE proxy settings because Firefox (or other programs that maintains their own proxies) remain unaffected.
 
Would appreciate if you could advise me on how to go about retifying this situation please.  Please let me know if further details are required.
 
Many thanks!



BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 AM

Posted 03 September 2014 - 05:44 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 rxqual

rxqual
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 03 September 2014 - 06:08 AM

Hi Aharonov,

 

Thanks for your reply. Below is update from both log files.

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 01
Ran by syahrul (administrator) on SYAHRUL-VAIO on 03-09-2014 19:01:25
Running from C:\Users\syahrul\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(AuthenTec, Inc) C:\Program Files\TrueSuite\TrueSuite.Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\ChgService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Progress Software Corp.) C:\Program Files (x86)\Common Files\Progress Software\ObjectStore 7.0\bin\oscmgr6.exe
(Progress Software Corp.) C:\Program Files (x86)\Common Files\Progress Software\ObjectStore 7.0\bin\osserver.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Anite) C:\Program Files (x86)\Anite\Nemo Analyze\AnalyzeGuard.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(www.IslamicFinder.org) C:\Program Files (x86)\Athan\Athan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Ziff-Davis Media, Inc.) D:\01_Peace\03_Download Center\NetPerSec_v1.1.4_(WWW.CRACK-CD.COM)\NetPerSec.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Windows\SysWOW64\InterpreterPrivacyWin32\InterpreterPrivacyWin32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\seccenter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\odscanui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AuthenTec Inc.) C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2011-06-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2179688 2011-06-17] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-06-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ClientAppLogon] => C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [ClientAppLogon32] => C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2012-01-04] (Intel® Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-17] (Bitdefender)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-21] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2801288 2011-06-01] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-16] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-12-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Athan] => C:\Program Files (x86)\Athan\Athan.exe [1216512 2014-05-04] (www.IslamicFinder.org)
HKLM-x32\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [77056 2013-05-16] (WordWeb Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-17] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-17] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-17] (Bitdefender)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-17] (Bitdefender)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-17] (Bitdefender)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-17] (Bitdefender)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\Run: [GoogleChromeAutoLaunch_1B1B5316B74349678A8ED142D2B49890] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\Run: [Google Update] => C:\Users\syahrul\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-17] (Google Inc.)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\MountPoints2: F - F:\.\ShowModem.exe
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\MountPoints2: {2aad15d5-08d5-11e4-8542-88532e651a57} - F:\.\ShowModem.exe
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\MountPoints2: {ab6ae2cf-0047-11e4-ac8b-88532e651a57} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nemo Analyze Guard.lnk
ShortcutTarget: Nemo Analyze Guard.lnk -> C:\Program Files (x86)\Anite\Nemo Analyze\AnalyzeGuard.exe (Anite)
Startup: C:\Users\syahrul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPerSec.lnk
ShortcutTarget: NetPerSec.lnk -> D:\01_Peace\03_Download Center\NetPerSec_v1.1.4_(WWW.CRACK-CD.COM)\NetPerSec.exe (Ziff-Davis Media, Inc.)
ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:29351
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://corp.sony.com.my/vaio/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0FtD0B0FzyyB0D0CyCtC0CzzyDyByDtDtN0D0Tzu0SzzyByBtN1L2XzutBtFtBtDtFtCzytFtCtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyDtCzy0CtCyCtBtGzytD0AyBtG0FzztDtCtG0CyD0FtAtGyB0ByDtA0AzztAzztAtByDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0EtBzztB0B0AtDtGyD0CzyyCtG0B0AtByBtG0D0FtAyDtGyDtBtCtAzyyBtByDyEtAtD0B2Q&cr=1839894403&ir=
SearchScopes: HKCU - {4EA8B7F7-39D2-477A-9B7A-51E3E36BB6D6} URL = http://www.baidu.com/baidu?tn=dealio_dg&wd={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: TrueSuite WebStore -> {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: TrueSuite WebStore -> {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: EZ YouTube Video Downloader 1.0 -> {FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A} -> C:\PROGRA~2\EZYOUT~1\yvd.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {76CBDDBA-3897-4EAC-A1D3-CCC47DE82EFB} https://btsesise1.mi3g.lcl:8443/auth/provisioning/download/239aa7cd-d04f-4223-97e3-4ec0fcf9091e/taweb.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\syahrul\AppData\Roaming\Mozilla\Firefox\Profiles\fx1u642h.default
FF Homepage: hxxp://www.google.com.my
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\syahrul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\syahrul\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\syahrul\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\syahrul\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\SpeedUp\SpeedUpAppsStore\bin\npAppUp.dll No File
FF user.js: detected! => C:\Users\syahrul\AppData\Roaming\Mozilla\Firefox\Profiles\fx1u642h.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\logging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\syahrul\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\syahrul\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\syahrul\AppData\Roaming\Mozilla\Firefox\Profiles\fx1u642h.default\searchplugins\baidu.xml
FF Extension: TrueSuite Website Log On - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com [2014-09-03]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-08-22]
FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-05-25]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-05-25]
FF HKLM-x32\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2014-05-27]
FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com.my/"
CHR NewTab: Default -> "chrome-extension://gpiifgmgnfdiblgpaepbmfdkcheicgof/redirect.html"
CHR Profile: C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-27]
CHR Extension: (Google Drive) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-27]
CHR Extension: (Google Search) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-27]
CHR Extension: (Skype Click to Call) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-29]
CHR Extension: (Shopping Helper) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof [2014-08-16]
CHR Extension: (Google Wallet) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-27]
CHR Extension: (Website Logon) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo [2014-05-27]
CHR Extension: (Gmail) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-05-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [oiokdoppleiafjmfmggefbkghfblaplo] - C:\Program Files\TrueSuite\x86\tschrome.crx [2010-11-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-19] (ArcSoft Inc.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-17] (Bitdefender)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-11-14] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1355840 2011-11-14] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-11-14] (Intel Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Change Modem Device Service; C:\Windows\SysWOW64\ChgService.exe [135168 2011-09-19] () [File not signed]
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [111776 2011-08-25] (Atheros Communication Inc.) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [294216 2011-04-26] (AuthenTec, Inc)
R2 InterpreterPrivacyWin32; C:\Windows\SysWOW64\InterpreterPrivacyWin32\InterpreterPrivacyWin32.exe [60965 2014-09-02] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2012-01-04] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
R2 ObjectStore Cache Manager R7.0; C:\Program Files (x86)\Common Files\Progress Software\ObjectStore 7.0\bin\oscmgr6.exe [162816 2013-02-28] (Progress Software Corp.) [File not signed]
R2 ObjectStore Server R7.0; C:\Program Files (x86)\Common Files\Progress Software\ObjectStore 7.0\bin\osserver.exe [545792 2013-02-28] (Progress Software Corp.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-24] (ArcSoft, Inc.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-17] (Bitdefender)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-17] (Bitdefender)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-17] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-17] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-08-19] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-17] (BitDefender S.R.L.)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-05-27] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-05-27] (Microsoft Corporation) [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 19:01 - 2014-09-03 19:01 - 00034844 ____C () C:\Users\syahrul\Downloads\FRST.txt
2014-09-03 18:52 - 2014-09-03 19:01 - 00000000 ___DC () C:\FRST
2014-09-03 18:52 - 2014-09-03 18:52 - 02104832 ____C (Farbar) C:\Users\syahrul\Downloads\FRST64.exe
2014-09-03 18:14 - 2014-09-03 18:15 - 00000677 ____C () C:\DelFix.txt
2014-09-03 18:14 - 2014-09-03 18:14 - 00000000 ___DC () C:\Windows\ERUNT
2014-09-03 18:06 - 2014-09-03 18:06 - 00000000 ___DC () C:\Users\syahrul\AppData\Temp
2014-09-03 17:18 - 2014-09-03 17:54 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:18 - 2014-09-03 17:18 - 00001108 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:18 - 2014-09-03 17:18 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:17 - 2014-09-03 17:18 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:17 - 2014-09-03 17:17 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2014-09-03 17:17 - 2014-05-12 07:26 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-03 17:17 - 2014-05-12 07:26 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 17:17 - 2014-05-12 07:25 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 17:15 - 2014-09-03 17:16 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\syahrul\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-03 17:15 - 2014-09-03 17:15 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\syahrul\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 10:33 - 2014-09-03 10:33 - 00000000 ___DC () C:\Users\syahrul\AppData\Local\Norman Malware Cleaner
2014-09-03 10:20 - 2014-09-03 10:33 - 352379672 ____C (Norman Shark AS) C:\Users\syahrul\Downloads\Norman_Malware_Cleaner.exe
2014-09-02 18:59 - 2014-09-02 18:59 - 00000000 ___DC () C:\Windows\SysWOW64\InterpreterPrivacyWin32
2014-09-02 11:01 - 2014-09-02 11:01 - 00001718 ____C () C:\Users\syahrul\Desktop\Celcom_OSS.lnk
2014-09-02 10:54 - 2014-09-02 12:51 - 00000032 ____C () C:\Windows\concentr.ini
2014-09-02 10:52 - 2014-09-02 11:01 - 00000045 ____C () C:\Windows\webica.ini
2014-09-02 10:52 - 2014-09-02 11:01 - 00000037 ____C () C:\WFCNAME.INI
2014-09-02 10:51 - 2014-09-02 10:25 - 00000000 ___DC () C:\Program Files\ICA Client
2014-09-02 10:31 - 2014-09-02 10:31 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Citrix
2014-09-02 10:18 - 2014-09-02 10:18 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
2014-09-02 10:18 - 2014-09-02 10:18 - 00000000 ___DC () C:\Program Files (x86)\Citrix
2014-09-01 14:07 - 2014-09-03 10:29 - 02214299 ____C () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.1.exe
2014-09-01 00:28 - 2014-09-01 00:28 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\captcha_error
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files\iTunes
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files\iPod
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files (x86)\iTunes
2014-08-29 16:22 - 2014-08-29 16:22 - 00001459 ____C () C:\Users\syahrul\Desktop\Web Intelligence Rich Client.lnk
2014-08-28 09:25 - 2014-08-28 10:13 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 09:25 - 2014-08-28 10:13 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:25 - 2014-08-28 10:13 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-26 18:09 - 2014-08-26 18:09 - 00002504 ____C () C:\Users\syahrul\.isqlPreferences11
2014-08-26 18:09 - 2014-08-26 18:09 - 00000073 ____C () C:\Users\syahrul\.jlogon11
2014-08-26 18:09 - 2014-08-26 18:09 - 00000034 ____C () C:\Users\syahrul\.isqlHistory11
2014-08-26 17:58 - 2014-08-26 17:58 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Business Objects
2014-08-26 17:31 - 2014-08-26 17:31 - 00000000 ___DC () C:\ProgramData\SQL Anywhere 11
2014-08-26 17:09 - 2014-08-26 18:09 - 00000000 ___DC () C:\ProgramData\Sybase Central 6.0.0
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\Users\syahrul\sybase
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\ProgramData\SybaseIQ
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\ProgramData\DBISQL 11.0.1
2014-08-26 17:08 - 2014-08-26 17:08 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sybase
2014-08-26 17:07 - 2014-08-26 17:10 - 00000000 ___DC () C:\Sybase
2014-08-26 11:38 - 2014-08-26 11:39 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-26 11:38 - 2014-08-26 11:39 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-26 11:38 - 2014-08-26 11:39 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-26 11:38 - 2014-08-26 11:39 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-26 11:36 - 2014-08-26 11:39 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-26 11:36 - 2014-08-26 11:39 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-26 11:36 - 2014-08-26 11:39 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-26 11:36 - 2014-08-26 11:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-25 18:37 - 2014-08-25 18:37 - 00851456 ____C () C:\Users\syahrul\Downloads\mcom2001-site-data.xls
2014-08-25 18:37 - 2014-08-25 18:37 - 00374272 ____C () C:\Users\syahrul\Downloads\mcom2001-gsm-carrier-data.xls
2014-08-25 15:05 - 2014-08-25 15:05 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BusinessObjects XI 3.1
2014-08-25 15:04 - 2014-08-26 18:01 - 00000544 ____C () C:\Windows\ODBC.INI
2014-08-25 14:39 - 2014-08-26 17:12 - 00000000 ___DC () C:\ebid
2014-08-25 12:26 - 2014-08-26 18:11 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\NetSarang
2014-08-25 12:21 - 2014-08-25 12:24 - 29813576 ____C (NetSarang Computer, Inc.) C:\Users\syahrul\Downloads\Xshell4.exe
2014-08-22 09:39 - 2014-09-02 10:18 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-08-21 15:54 - 2014-09-03 11:25 - 00000000 ___DC () C:\ProgramData\Degoo
2014-08-21 15:54 - 2014-08-21 15:54 - 00000000 ___DC () C:\Users\syahrul\.swt
2014-08-21 15:53 - 2014-08-21 15:54 - 22355720 ____C (Degoo Backup AB) C:\Users\syahrul\Downloads\DegooSetup-Production-1.0.743.exe
2014-08-19 17:07 - 2014-08-19 17:07 - 00345600 ____C () C:\Users\syahrul\Downloads\T065B00001F0041PPTE.ppt
2014-08-19 15:03 - 2014-08-19 15:03 - 00003276 ____C () C:\Windows\System32\Tasks\{EDA0CA98-04B3-420F-BF42-08B7BD642593}
2014-08-19 10:32 - 2014-08-19 10:32 - 00003142 ____C () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-08-19 10:32 - 2014-08-19 10:32 - 00002033 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
2014-08-19 10:32 - 2014-08-19 10:32 - 00000000 _RHDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-08-19 10:25 - 2014-08-19 10:29 - 114445544 ____C (Sony Corporation) C:\Users\syahrul\Downloads\EP0000322168.exe
2014-08-19 09:32 - 2014-09-03 17:49 - 00002474 ____C () C:\Windows\setupact.log
2014-08-19 09:32 - 2014-08-19 09:32 - 00000000 ____C () C:\Windows\setuperr.log
2014-08-17 02:13 - 2014-08-17 02:13 - 00419616 ____C (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-08-17 01:58 - 2014-08-17 01:58 - 00272808 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00098216 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-17 01:58 - 2014-08-17 01:58 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-08-17 01:02 - 2014-08-17 01:05 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 01:02 - 2014-08-17 01:05 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 01:02 - 2014-08-17 01:05 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 01:02 - 2014-08-17 01:05 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-17 01:02 - 2014-08-17 01:05 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 01:02 - 2014-08-17 01:05 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 01:01 - 2014-08-17 01:05 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 01:01 - 2014-08-17 01:05 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-17 01:00 - 2014-08-17 01:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-17 01:00 - 2014-08-17 01:06 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-17 01:00 - 2014-08-17 01:06 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-17 01:00 - 2014-08-17 01:06 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-17 00:20 - 2014-08-17 01:06 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-17 00:20 - 2014-08-17 01:06 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-17 00:20 - 2014-08-17 01:01 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-17 00:20 - 2014-08-17 01:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-17 00:19 - 2014-08-17 01:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-17 00:19 - 2014-08-17 01:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-17 00:19 - 2014-08-17 01:07 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-17 00:19 - 2014-08-17 01:05 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-17 00:19 - 2014-08-17 01:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-16 19:52 - 2014-08-19 10:40 - 00000000 ___DC () C:\Update

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 19:01 - 2014-09-03 19:01 - 00034844 ____C () C:\Users\syahrul\Downloads\FRST.txt
2014-09-03 19:01 - 2014-09-03 18:52 - 00000000 ___DC () C:\FRST
2014-09-03 18:57 - 2014-05-22 14:59 - 01898686 ____C () C:\Windows\WindowsUpdate.log
2014-09-03 18:56 - 2014-05-22 23:33 - 00000000 ___DC () C:\Users\syahrul\Documents\Outlook Files
2014-09-03 18:52 - 2014-09-03 18:52 - 02104832 ____C (Farbar) C:\Users\syahrul\Downloads\FRST64.exe
2014-09-03 18:51 - 2009-07-14 12:45 - 00032240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-03 18:51 - 2009-07-14 12:45 - 00032240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 18:35 - 2014-05-27 01:41 - 00000830 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 18:19 - 2014-07-17 10:14 - 00000916 ____C () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-19288706-1046810751-1018935600-1000UA.job
2014-09-03 18:15 - 2014-09-03 18:14 - 00000677 ____C () C:\DelFix.txt
2014-09-03 18:14 - 2014-09-03 18:14 - 00000000 ___DC () C:\Windows\ERUNT
2014-09-03 18:10 - 2014-05-27 10:59 - 00000900 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-03 18:06 - 2014-09-03 18:06 - 00000000 ___DC () C:\Users\syahrul\AppData\Temp
2014-09-03 18:00 - 2014-05-22 15:05 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2014-09-03 17:55 - 2014-05-23 04:29 - 00410794 ____C () C:\Windows\system32\perfh00D.dat
2014-09-03 17:55 - 2014-05-23 04:29 - 00094374 ____C () C:\Windows\system32\perfc00D.dat
2014-09-03 17:55 - 2009-07-14 13:13 - 01280386 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-09-03 17:54 - 2014-09-03 17:18 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:51 - 2014-05-27 10:59 - 00000896 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-03 17:49 - 2014-08-19 09:32 - 00002474 ____C () C:\Windows\setupact.log
2014-09-03 17:49 - 2009-07-14 13:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-09-03 17:47 - 2010-11-21 11:47 - 00507484 ____C () C:\Windows\PFRO.log
2014-09-03 17:44 - 2014-05-22 00:47 - 00000000 ___DC () C:\Users\syahrul\AppData\Local\VirtualStore
2014-09-03 17:30 - 2014-05-27 18:34 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Skype
2014-09-03 17:18 - 2014-09-03 17:18 - 00001108 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:18 - 2014-09-03 17:18 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:18 - 2014-09-03 17:17 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:17 - 2014-09-03 17:17 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2014-09-03 17:16 - 2014-09-03 17:15 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\syahrul\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-03 17:15 - 2014-09-03 17:15 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\syahrul\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 16:40 - 2014-06-25 16:40 - 00000000 ___DC () C:\Users\syahrul\ALEX_TMP
2014-09-03 16:29 - 2014-05-31 12:40 - 00000000 ___DC () C:\Users\syahrul\AppData\Local\Digsby
2014-09-03 12:17 - 2014-06-10 12:13 - 00000000 ___DC () C:\Windows\AutoKMS
2014-09-03 12:13 - 2014-06-06 18:20 - 00000000 ___DC () C:\Users\syahrul\Documents\My Received Files
2014-09-03 11:25 - 2014-08-21 15:54 - 00000000 ___DC () C:\ProgramData\Degoo
2014-09-03 10:57 - 2014-05-22 00:46 - 00000000 ___DC () C:\Windows\pss
2014-09-03 10:33 - 2014-09-03 10:33 - 00000000 ___DC () C:\Users\syahrul\AppData\Local\Norman Malware Cleaner
2014-09-03 10:33 - 2014-09-03 10:20 - 352379672 ____C (Norman Shark AS) C:\Users\syahrul\Downloads\Norman_Malware_Cleaner.exe
2014-09-03 10:29 - 2014-09-01 14:07 - 02214299 ____C () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.1.exe
2014-09-03 10:25 - 2014-07-01 16:51 - 00000000 ___DC () C:\Users\syahrul\AppData\Local\Deployment
2014-09-03 10:19 - 2014-07-17 10:14 - 00000864 ____C () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-19288706-1046810751-1018935600-1000Core.job
2014-09-02 18:59 - 2014-09-02 18:59 - 00000000 ___DC () C:\Windows\SysWOW64\InterpreterPrivacyWin32
2014-09-02 12:51 - 2014-09-02 10:54 - 00000032 ____C () C:\Windows\concentr.ini
2014-09-02 11:01 - 2014-09-02 11:01 - 00001718 ____C () C:\Users\syahrul\Desktop\Celcom_OSS.lnk
2014-09-02 11:01 - 2014-09-02 10:52 - 00000045 ____C () C:\Windows\webica.ini
2014-09-02 11:01 - 2014-09-02 10:52 - 00000037 ____C () C:\WFCNAME.INI
2014-09-02 10:56 - 2014-05-22 00:46 - 00000000 ___DC () C:\Users\syahrul
2014-09-02 10:31 - 2014-09-02 10:31 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Citrix
2014-09-02 10:25 - 2014-09-02 10:51 - 00000000 ___DC () C:\Program Files\ICA Client
2014-09-02 10:18 - 2014-09-02 10:18 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
2014-09-02 10:18 - 2014-09-02 10:18 - 00000000 ___DC () C:\Program Files (x86)\Citrix
2014-09-02 10:18 - 2014-08-22 09:39 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 10:18 - 2014-05-27 11:23 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\ICAClient
2014-09-01 19:23 - 2014-05-27 11:27 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Nitro PDF
2014-09-01 01:34 - 2014-05-22 01:44 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\iolo
2014-09-01 00:28 - 2014-09-01 00:28 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\captcha_error
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files\iTunes
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files\iPod
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files (x86)\iTunes
2014-08-29 16:22 - 2014-08-29 16:22 - 00001459 ____C () C:\Users\syahrul\Desktop\Web Intelligence Rich Client.lnk
2014-08-28 16:18 - 2009-07-14 12:45 - 00460776 ____C () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 13:14 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-08-28 10:13 - 2014-08-28 09:25 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 10:13 - 2014-08-28 09:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 10:13 - 2014-08-28 09:25 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-26 18:15 - 2014-05-24 19:54 - 00000000 __RDC () C:\Users\syahrul\Virtual Machines
2014-08-26 18:11 - 2014-08-25 12:26 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\NetSarang
2014-08-26 18:09 - 2014-08-26 18:09 - 00002504 ____C () C:\Users\syahrul\.isqlPreferences11
2014-08-26 18:09 - 2014-08-26 18:09 - 00000073 ____C () C:\Users\syahrul\.jlogon11
2014-08-26 18:09 - 2014-08-26 18:09 - 00000034 ____C () C:\Users\syahrul\.isqlHistory11
2014-08-26 18:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\ProgramData\Sybase Central 6.0.0
2014-08-26 18:01 - 2014-08-25 15:04 - 00000544 ____C () C:\Windows\ODBC.INI
2014-08-26 17:58 - 2014-08-26 17:58 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Business Objects
2014-08-26 17:31 - 2014-08-26 17:31 - 00000000 ___DC () C:\ProgramData\SQL Anywhere 11
2014-08-26 17:12 - 2014-08-25 14:39 - 00000000 ___DC () C:\ebid
2014-08-26 17:10 - 2014-08-26 17:07 - 00000000 ___DC () C:\Sybase
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\Users\syahrul\sybase
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\ProgramData\SybaseIQ
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\ProgramData\DBISQL 11.0.1
2014-08-26 17:08 - 2014-08-26 17:08 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sybase
2014-08-26 17:05 - 2014-06-18 09:39 - 00000000 ___DC () C:\Program Files (x86)\Business Objects
2014-08-26 12:18 - 2014-05-27 01:41 - 00699568 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-26 12:18 - 2014-05-27 01:41 - 00003768 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-26 12:18 - 2014-05-22 15:19 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-26 11:58 - 2014-05-23 00:07 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\BitComet
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\uk-UA
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\th-TH
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\sl-SI
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\sk-SK
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\lv-LV
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\he-IL
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\uk-UA
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\th-TH
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\sl-SI
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\sk-SK
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\lv-LV
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\he-IL
2014-08-26 11:40 - 2014-08-26 11:37 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-26 11:40 - 2014-08-26 11:37 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-26 11:40 - 2014-08-26 11:37 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-26 11:40 - 2014-08-26 11:37 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-26 11:40 - 2014-08-26 11:37 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-26 11:40 - 2014-08-26 11:37 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-26 11:39 - 2014-08-26 11:38 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-26 11:39 - 2014-08-26 11:38 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-26 11:39 - 2014-08-26 11:38 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-26 11:39 - 2014-08-26 11:38 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-26 11:39 - 2014-08-26 11:36 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-26 11:39 - 2014-08-26 11:36 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-26 11:39 - 2014-08-26 11:36 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-26 11:39 - 2014-08-26 11:36 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-25 18:37 - 2014-08-25 18:37 - 00851456 ____C () C:\Users\syahrul\Downloads\mcom2001-site-data.xls
2014-08-25 18:37 - 2014-08-25 18:37 - 00374272 ____C () C:\Users\syahrul\Downloads\mcom2001-gsm-carrier-data.xls
2014-08-25 15:08 - 2014-05-22 00:47 - 00128728 ____C () C:\Users\syahrul\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-25 15:05 - 2014-08-25 15:05 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BusinessObjects XI 3.1
2014-08-25 15:03 - 2014-05-22 22:36 - 00000000 ___DC () C:\Program Files (x86)\Microsoft Office
2014-08-25 12:46 - 2014-05-24 23:32 - 00000000 ___DC () C:\Users\syahrul\Downloads\BitComet
2014-08-25 12:24 - 2014-08-25 12:21 - 29813576 ____C (NetSarang Computer, Inc.) C:\Users\syahrul\Downloads\Xshell4.exe
2014-08-22 23:36 - 2014-05-23 00:31 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-22 17:18 - 2014-05-27 18:34 - 00000000 ___DC () C:\ProgramData\Skype
2014-08-22 16:28 - 2014-05-22 23:18 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Nitro
2014-08-21 15:54 - 2014-08-21 15:54 - 00000000 ___DC () C:\Users\syahrul\.swt
2014-08-21 15:54 - 2014-08-21 15:53 - 22355720 ____C (Degoo Backup AB) C:\Users\syahrul\Downloads\DegooSetup-Production-1.0.743.exe
2014-08-19 17:07 - 2014-08-19 17:07 - 00345600 ____C () C:\Users\syahrul\Downloads\T065B00001F0041PPTE.ppt
2014-08-19 16:52 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\NDF
2014-08-19 15:17 - 2014-06-25 10:46 - 00007605 ____C () C:\Users\syahrul\AppData\Local\Resmon.ResmonCfg
2014-08-19 15:05 - 2014-06-25 16:40 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ALEXwin
2014-08-19 15:05 - 2014-06-25 16:40 - 00000000 ___DC () C:\Program Files (x86)\ALEXwin
2014-08-19 15:03 - 2014-08-19 15:03 - 00003276 ____C () C:\Windows\System32\Tasks\{EDA0CA98-04B3-420F-BF42-08B7BD642593}
2014-08-19 14:47 - 2014-06-25 18:05 - 00001004 ____C () C:\Users\syahrul\Desktop\ALEX.lnk
2014-08-19 10:40 - 2014-08-16 19:52 - 00000000 ___DC () C:\Update
2014-08-19 10:32 - 2014-08-19 10:32 - 00003142 ____C () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-08-19 10:32 - 2014-08-19 10:32 - 00002033 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
2014-08-19 10:32 - 2014-08-19 10:32 - 00000000 _RHDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-08-19 10:31 - 2014-05-22 15:49 - 00000000 ___DC () C:\Program Files\Sony
2014-08-19 10:31 - 2014-05-22 15:14 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-08-19 10:30 - 2014-05-24 19:35 - 00013792 ____C () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2014-08-19 10:29 - 2014-08-19 10:25 - 114445544 ____C (Sony Corporation) C:\Users\syahrul\Downloads\EP0000322168.exe
2014-08-19 09:32 - 2014-08-19 09:32 - 00000000 ____C () C:\Windows\setuperr.log
2014-08-19 09:11 - 2014-05-27 09:14 - 00000407 ____C () C:\Windows\system32\checkdnsid.xml
2014-08-17 02:19 - 2014-05-25 01:17 - 00647752 ____C (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-08-17 02:16 - 2014-05-25 01:17 - 01260120 ____C (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-08-17 02:15 - 2014-05-25 00:45 - 00084848 ____C (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2014-08-17 02:15 - 2014-05-25 00:45 - 00034384 ____C (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2014-08-17 02:13 - 2014-08-17 02:13 - 00419616 ____C (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-08-17 02:12 - 2014-05-25 00:45 - 00074512 ____C (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-08-17 01:58 - 2014-08-17 01:58 - 00272808 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00098216 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-17 01:58 - 2014-08-17 01:58 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-08-17 01:58 - 2014-06-11 09:38 - 00000000 ___DC () C:\ProgramData\Oracle
2014-08-17 01:36 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\zh-HK
2014-08-17 01:36 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\ar-SA
2014-08-17 01:36 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\zh-HK
2014-08-17 01:36 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\ar-SA
2014-08-17 01:36 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\PolicyDefinitions
2014-08-17 01:18 - 2014-05-22 22:36 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2014-08-17 01:12 - 2014-05-22 03:23 - 00000000 ___DC () C:\Windows\system32\MRT
2014-08-17 01:09 - 2014-05-22 03:23 - 99218768 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-17 01:08 - 2014-08-17 00:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-17 01:08 - 2014-08-17 00:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-17 01:07 - 2014-08-17 00:19 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-17 01:06 - 2014-08-17 01:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-17 01:06 - 2014-08-17 01:00 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-17 01:06 - 2014-08-17 01:00 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-17 01:06 - 2014-08-17 01:00 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-17 01:06 - 2014-08-17 00:20 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-17 01:06 - 2014-08-17 00:20 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-17 01:05 - 2014-08-17 01:02 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 01:05 - 2014-08-17 01:02 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 01:05 - 2014-08-17 01:02 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 01:05 - 2014-08-17 01:02 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-17 01:05 - 2014-08-17 01:02 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 01:05 - 2014-08-17 01:02 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 01:05 - 2014-08-17 01:01 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 01:05 - 2014-08-17 01:01 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 01:05 - 2014-08-17 00:19 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-17 01:05 - 2014-08-17 00:19 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-17 01:01 - 2014-08-17 00:20 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-17 01:01 - 2014-08-17 00:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-17 01:01 - 2014-05-22 20:39 - 00000000 __SDC () C:\Windows\system32\CompatTel

Files to move or delete:
====================
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.1.exe


Some content of TEMP:
====================
C:\Users\syahrul\AppData\Local\Temp\exthelper.exe
C:\Users\syahrul\AppData\Local\Temp\H2Reg.exe
C:\Users\syahrul\AppData\Local\Temp\InstallRes.exe
C:\Users\syahrul\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\syahrul\AppData\Local\Temp\SkypeSetup.exe
C:\Users\syahrul\AppData\Local\Temp\sqlite3.exe
C:\Users\syahrul\AppData\Local\Temp\Studio 9 EVDO.exe
C:\Users\syahrul\AppData\Local\Temp\unzip.exe
C:\Users\syahrul\AppData\Local\Temp\zip.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.


LastRegBack: 2014-08-28 13:06

==================== End Of Log ============================

 

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 01
Ran by syahrul at 2014-09-03 19:01:49
Running from C:\Users\syahrul\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Active Library Explorer 15.0 (HKLM-x32\...\ALEX 15.0) (Version: 15.0 - Ericsson)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Aexio Xeus 2013 R2 (x32 Version: 2013 - Aexio Software Sdn. Bhd.) Hidden
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.61222.0201 - ATI Technologies Inc.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{B1893E3F-9BDF-443F-BED0-1AAA2D9E0D68}) (Version: 2.0.149 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{B77DE05C-7C84-4011-B93F-A29D0D2840F4}) (Version: 4.0.444 - ArcSoft)
Athan Basic 4.5 (HKLM-x32\...\Athan) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{158BEEC4-CC30-BF2F-248D-B52AF953E9C1}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
AuthenTec TrueSuite (HKLM\...\{81B43AC9-B334-45D0-8D15-0A3642AFBDA1}) (Version: 4.0.100.26 - AuthenTec, Inc.)
AuthenTec WinBio FingerPrint Software (HKLM\...\{20F5F93B-9A27-4508-87B0-BFD7494FBEC4}) (Version: 3.1.0.80 - AuthenTec, Inc.)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
BitComet 1.37 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.37 - CometNetwork)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.28.0.1191 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BusinessObjects Enterprise XI 3.1 (HKLM-x32\...\{5418F914-1D31-4849-822C-314AC28B06BF}) (Version: 12.1.0.882 - Business Objects)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.1222.155.3300 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1222.155.3300 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1222.155.3300 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1222.155.3300 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.1222.155.3300 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help English (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help French (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help German (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
ccc-utility64 (Version: 2011.1222.155.3300 - ATI) Hidden
Citrix Presentation Server Client (HKLM-x32\...\{E89956F9-5B89-470E-818D-BD46102D0A01}) (Version: 10.100.55836 - Citrix Systems, Inc.)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Điều khiển ActiveX Windows Live Mesh dành cho kết nối từ xa (HKLM-x32\...\{4A48F20C-BEE3-4661-B55D-9280D06E5DA3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Digsby (HKLM-x32\...\Digsby) (Version:  - dotSyntax, LLC)
Evernote v. 4.4 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.4.0.4848 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth PRO 7.1.2.2019 Final (HKLM-x32\...\Google Earth PRO 7.1.2.2019 Final7.1.2.2019) (Version: 7.1.2.2019 - Friends in War)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3086 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{077BF055-512A-4D48-B3C2-44AD860FEB0A}) (Version: 1.3.0.0621 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E7DC06A3-8516-4929-B712-80987AFFFB57}) (Version: 14.03.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MapBasic 12.0 (HKLM-x32\...\{22D0B521-AB0B-438C-9A09-2FB202B8C4CE}) (Version: 12.0 - Pitney Bowes Software)
MapInfo Professional 12.0 (HKLM-x32\...\{F330A1C2-F497-409A-9AE8-A7A001024D2B}) (Version: 12.0.2 - Pitney Bowes Software)
Media Gallery (Version: 2.0.0.11150 - Sony Corporation) Hidden
Media Go (HKLM-x32\...\{0F895695-33CC-4203-9C47-25EF2AC9441C}) (Version: 1.7.254 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (ARA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (CHS) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (CHT) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HEB) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (简体中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2052) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (繁體中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1028) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) Hidden
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
Nemo Analyze (HKLM-x32\...\{1DAF6248-449D-4875-A4C2-9B5E3D7131D9}) (Version: 6.40.01 - Anite)
Nitro Pro 9 (HKLM\...\{BC8E7DF0-4434-4688-B615-0A3E5FACFC26}) (Version: 9.0.4.5 - Nitro)
PlayMemories Home Plug-in (Version: 2.0.00.14170 - Sony Corporation) Hidden
PlayMemories Home/PMB VAIO Edition Plug-in 3D Theme Data (x32 Version: 1.0.00.16130 - Sony Corporation) Hidden
PlayMemories Home/PMB VAIO Edition Plug-in Ver.2.2 Upgrade Program (x32 Version: 2.2.00.18250 - Sony Corporation) Hidden
PlayStation®Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.05.00710 - Sony Computer Entertainment Inc.)
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.1.8.11883 - Sony Computer Entertainment Inc.)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.6.01.03300 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Direct Connect (x32 Version: 3.0 - Qualcomm Atheros) Hidden
Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.4.6.10 - Sony Corporation)
Quick Web Access (x32 Version: 1.4.6.10 - Sony Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6225 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.1.1.07060 - Sony Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.0 - Renesas Electronics Corporation) Hidden
SAP BusinessObjects Enterprise XI 3.1 FP 3.1 (HKLM-x32\...\{DABC496A-3B74-4038-AD21-59CCD57BE826}) (Version: 12.3.1.684 - SAP AG)
SAP BusinessObjects Enterprise XI 3.1 SP3 Update (HKLM-x32\...\{EEC13875-F4CB-416F-ADC0-1EDA01A85632}) (Version: 12.3.0.601 - SAP AG)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Sybase IQ 15.2 ESD 1 (32-bit) (HKLM-x32\...\2509ea13eb625f82e1686d7d32f5ccc1-1582598385) (Version:  - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Total CMA Pack 0.58 (HKLM-x32\...\Total CMA Pack) (Version: 0.58 - CMA)
UltraEdit (HKLM-x32\...\InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}) (Version: 21.00.1033 - IDM Computer Solutions, Inc.)
UltraEdit (x32 Version: 21.00.1033 - IDM Computer Solutions, Inc.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VAIO - Media Gallery - VAIO Personalization Manager Update (HKLM\...\{50A7190B-5DA6-4A51-B275-3D413E617BA6}) (Version: 4.2.5.07160 - Sony Corporation)
VAIO - Media Gallery (HKLM-x32\...\{DD696AF7-8A89-41D5-976A-2053E41A69BE}) (Version: 2.2.2.09110 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM-x32\...\InstallShield_{F9395F3D-4198-476C-8C41-63D0B5B51E35}) (Version: 2.2.00.18250 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}) (Version: 1.6.00.06030 - Sony Corporation)
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.1.0.07060 - Sony Corporation)
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.1.1.03270 - Sony Corporation)
VAIO Care (HKLM\...\{55A60C1D-BEBF-4249-BFB2-F4E5C2E77988}) (Version: 8.4.1.07021 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.0.0.07070 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.0.0.14140 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.7.0.05270 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.7.0.05270 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.2.02200 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.5.0.07080 - Sony Corporation)
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.1.0.06030 - Sony Corporation)
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 1.4.0.05310 - Sony Corporation)
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.1.09010 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.10.2.08270 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.4.0.14230 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Tập đoàn Microsoft) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Tập đoàn Microsoft) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-19288706-1046810751-1018935600-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\syahrul\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-19288706-1046810751-1018935600-1000_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-19288706-1046810751-1018935600-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\syahrul\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

03-09-2014 10:15:00 End of disinfection

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2014-08-26 17:53 - 00000922 ___AC C:\Windows\system32\Drivers\etc\hosts
10.1.111.227        celcom_oss
10.1.111.163   mhsbis1.celcomran.com.my   mhsbis1
10.1.111.176    mhsbis2


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03015950-40F1-493D-B3B9-7547A1293664} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {153A0198-0AE1-485A-9A55-5EA5FE1D10BE} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {161A8257-F57E-42DB-B608-8749318325B7} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
Task: {17413A0C-DDC3-4633-A887-3CDEB7C8B285} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-06-01] (Sony Corporation)
Task: {1893FE0E-F420-468D-9282-065D8125D153} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {2D838253-0C2B-4ED9-AC35-3CA2193DF124} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-03] (IObit)
Task: {3AFA9DC4-5206-4A4E-83B5-7DD73982902B} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-06-25] (Sony Corporation)
Task: {3E2A806C-A54B-4ED0-B3B7-1698B0741536} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)
Task: {418D1DBA-5E2A-4A60-9447-AB7D028426DA} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {4218777A-9C38-4614-8A36-B233041FEDC1} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {4B3F91F3-1EDC-4DEC-9231-CE2FCA53DA05} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2013-03-26] (Sony Corporation)
Task: {5130FEB8-DD2C-41DB-ABE3-F2B7F93288BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-26] (Adobe Systems Incorporated)
Task: {51F4A92B-318D-4E59-8A5B-1E20F371EAC3} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {530E4C5D-409A-48AB-BBC8-400D282453ED} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {551D7053-FFAD-4324-8619-B35DFF0870FB} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {5E0DAE4A-B700-4B60-A73C-762B14EC802A} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {5E875E27-A6EB-4899-95E9-EFD2A6782C8A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)
Task: {703535CD-D98E-433A-9CD2-3C75314DF5DF} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-01-27] (Sony Corporation)
Task: {7391F778-BC89-4564-A469-2D2BBDCDC8FF} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {78B054CD-57DF-415A-A418-070FC2F507B6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-19288706-1046810751-1018935600-1000Core => C:\Users\syahrul\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-17] (Google Inc.)
Task: {7DEF63EC-563F-4E56-9079-F499ADBE5354} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-06-04] (Sony Corporation)
Task: {83129A44-2FAC-4BCA-9994-AB7AB2E84A05} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib TaskTray => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [2011-11-03] (Sony Corporation)
Task: {874C336C-3F53-440D-BF28-4249C784111A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8FD65626-9FFD-49DA-BC5A-5AE732BE8A49} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-06-01] (Sony Corporation)
Task: {910375A3-2EB9-49BF-906F-4A48625C75F0} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {9728EF67-37B7-4100-9DE9-A14DFAB04A9F} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {97ECE1AB-259B-4E81-AE36-65299649F7F5} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {9D5315E9-715C-44A9-9988-C062F7F78D81} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {A72D4BC0-4F25-4096-8657-2B7C7DC8DE1A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-27] (Google Inc.)
Task: {A98E057A-0A16-475A-934B-1331B0F0059C} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {AEFF459C-E0E1-440A-A4AE-E4AD63530DB5} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-07-02] (IObit)
Task: {B4882489-C6AA-4DE3-8BF3-09B08F110651} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-27] (Google Inc.)
Task: {C21F9EE3-8D6D-483B-8388-02B751DBC9D0} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-06-01] (Sony Corporation)
Task: {C5F1D336-835E-4E71-B688-C609F58D5E4B} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {D3693697-BCEC-448E-852A-A84C16D052B8} - System32\Tasks\Sony Corporation\VAIO Personalization Manager\VpmLM Task Music syahrul => C:\Program Files\Sony\VAIO Personalization Manager\VpmLM.exe [2011-10-03] (Sony Corporation)
Task: {DBEC53B1-5088-4A92-A98E-D32D2DBBB77A} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2011-07-08] (Sony Corporation)
Task: {E2CA0171-041C-45C6-839F-950EAA2F704B} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2011-07-08] (Sony Corporation)
Task: {E4CFDDC1-C116-41D9-BA3E-8A0DE155A876} - System32\Tasks\{3FCC3273-A301-4686-BDA3-BD6E09733D36} => C:\Program Files (x86)\Anite\Nemo Analyze\Nemo_Analyze_6.4.0.1_Update.exe [2013-03-04] ()
Task: {F95BF85B-9651-462C-8B0A-3F4201C1E99B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-19288706-1046810751-1018935600-1000UA => C:\Users\syahrul\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-17] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-19288706-1046810751-1018935600-1000Core.job => C:\Users\syahrul\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-19288706-1046810751-1018935600-1000UA.job => C:\Users\syahrul\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-25 01:17 - 2014-08-17 01:30 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-08-17 02:33 - 2014-08-17 02:33 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-05-25 01:17 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-05-25 01:18 - 2014-08-17 02:15 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-07-24 16:20 - 2014-07-24 16:20 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_007\ashttpbr.mdl
2014-07-24 16:20 - 2014-07-24 16:20 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_007\ashttpdsp.mdl
2014-07-24 16:20 - 2014-07-24 16:20 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_007\ashttpph.mdl
2014-07-24 16:20 - 2014-07-24 16:20 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_007\ashttprbl.mdl
2012-01-04 11:28 - 2012-01-04 11:28 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-17 21:00 - 2014-02-17 21:00 - 00111616 ____C () C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll
2014-07-13 14:52 - 2011-09-19 10:47 - 00135168 ____C () C:\Windows\SysWOW64\ChgService.exe
2014-05-25 01:18 - 2013-03-25 16:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2011-07-20 08:29 - 2011-07-20 06:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-01-04 11:28 - 2012-01-04 11:28 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-11-09 10:55 - 2011-11-09 10:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-12-22 02:53 - 2011-12-22 02:53 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-09-02 18:59 - 2014-09-02 18:59 - 00060965 ____C () C:\Windows\SysWOW64\InterpreterPrivacyWin32\InterpreterPrivacyWin32.exe
2013-11-01 14:59 - 2013-11-01 14:59 - 00062464 ____C () C:\Program Files\Sony\VAIO Care\listener.exe
2014-08-17 02:33 - 2014-08-17 02:33 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender\bdmetrics.dll
2014-05-25 01:17 - 2014-08-17 02:15 - 00468496 _____ () C:\Program Files\Bitdefender\Bitdefender\bdidntconp.dll
2014-08-17 02:13 - 2014-08-17 02:13 - 00202752 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\bdidntconp.ui
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 ____C () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 ____C () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-30 09:09 - 2014-06-04 15:17 - 00892288 ____C () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
2014-05-22 15:16 - 2011-07-08 06:44 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2014-05-25 01:17 - 2014-08-17 02:15 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 ____C () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 ____C () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-02-28 08:31 - 2013-02-28 08:31 - 00856576 ____C () C:\Program Files (x86)\Anite\Nemo Analyze\NemoShared.dll
2013-02-28 08:25 - 2013-02-28 08:25 - 02918912 ____C () C:\Program Files (x86)\Anite\Nemo Analyze\UT.dll
2013-02-28 08:26 - 2013-02-28 08:26 - 00344064 ____C () C:\Program Files (x86)\Anite\Nemo Analyze\UG.dll
2013-02-28 08:27 - 2013-02-28 08:27 - 01727488 ____C () C:\Program Files (x86)\Anite\Nemo Analyze\NemoTypeLibrary.dll
2013-02-28 08:19 - 2013-02-28 08:19 - 01244160 ____C () C:\Program Files (x86)\Anite\Nemo Analyze\PocoFoundation.dll
2013-02-28 08:19 - 2013-02-28 08:19 - 00048128 ____C () C:\Program Files (x86)\Anite\Nemo Analyze\boost_thread-vc100-mt-1_48.dll
2004-12-25 19:37 - 2004-12-25 19:37 - 00258121 ____C () C:\Program Files (x86)\Athan\vbh.dll
2010-03-09 04:08 - 2010-03-09 04:08 - 00282697 ____C () C:\Program Files (x86)\Athan\vbp.dll
2004-03-20 20:49 - 2004-03-20 20:49 - 00229444 ____C () C:\Program Files (x86)\Athan\vbq.dll
2014-08-16 19:51 - 2014-08-07 11:20 - 00718152 ____C () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-16 19:51 - 2014-08-07 11:20 - 00126280 ____C () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-16 19:51 - 2014-08-07 11:20 - 08537928 ____C () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-16 19:51 - 2014-08-07 11:20 - 00353096 ____C () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-16 19:51 - 2014-08-07 11:20 - 01732936 ____C () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-18 13:27 - 2014-08-18 13:27 - 00174080 ____C () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\6b46a0fd9d37375962cdd6f60078fc97\IsdiInterop.ni.dll
2014-05-22 15:05 - 2011-05-21 01:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 ____C () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 ____C () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2010-10-20 16:08 - 2010-10-20 16:08 - 00122720 ____C () C:\Program Files (x86)\Microsoft Office\Office14\OUTLCTL.DLL
2014-08-22 09:39 - 2014-08-22 09:39 - 03800688 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-17 02:34 - 2014-08-17 02:34 - 00035896 _____ () C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\components\ffpwdman.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\syahrul\Downloads\CitrixReceiverEnterprise.exe:BDU
AlternateDataStreams: C:\Users\syahrul\Downloads\DegooSetup-Production-1.0.743.exe:BDU
AlternateDataStreams: C:\Users\syahrul\Downloads\digsby_setup.exe:BDU
AlternateDataStreams: C:\Users\syahrul\Downloads\EP0000322168.exe:BDU
AlternateDataStreams: C:\Users\syahrul\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\syahrul\Downloads\mbam-setup-2.0.2.1012 (1).exe:BDU
AlternateDataStreams: C:\Users\syahrul\Downloads\mbam-setup-2.0.2.1012.exe:BDU
AlternateDataStreams: C:\Users\syahrul\Downloads\Norman_Malware_Cleaner.exe:BDU
AlternateDataStreams: C:\Users\syahrul\Downloads\Outlook4GmailSetup.exe:BDU
AlternateDataStreams: C:\Users\syahrul\Downloads\smart-defrag-setup.exe:BDU
AlternateDataStreams: C:\Users\syahrul\Downloads\Xshell4.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Degoo .lnk => C:\Windows\pss\Degoo .lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk => C:\Windows\pss\Program Neighborhood Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^syahrul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^syahrul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: GoogleChromeAutoLaunch_1B1B5316B74349678A8ED142D2B49890 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: Total CMA Pack => C:\Program Files (x86)\Total CMA Pack\Total CMA Pack.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2014 05:50:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 05:12:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: NePA.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
Stack:
   at System.Environment._Exit(Int32)
   at System.Environment._Exit(Int32)
   at System.Environment.Exit(Int32)
   at System.Windows.Forms.Application+ThreadContext.OnThreadException(System.Exception)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr)
   at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG ByRef)
   at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG ByRef)
   at System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   at System.Windows.Forms.Form.ShowDialog(System.Windows.Forms.IWin32Window)
   at ​‌‭‬‎
‮‮‮‭‭‌‎‫
​‏‏‏‪‬‮.​‭‌‪‪‫‪‮‎‎‮‬‏‎‍‮‫‪‪​‮‪‮‫‌‏
‪‮(System.Windows.Forms.Form)
   at ​‌‭‬‎
‮‮‮‭‭‌‎‫
​‏‏‏‪‬‮.‪​‏​‌‍‎
​‍‪‮‬
​‏‏‌
‬‭‏‎‍‏

‮(System.Object, System.EventArgs)
   at System.Windows.Forms.ToolStripMenuItem.OnClick(System.EventArgs)
   at System.Windows.Forms.ToolStripItem.HandleClick(System.EventArgs)
   at System.Windows.Forms.ToolStripItem.HandleMouseUp(System.Windows.Forms.MouseEventArgs)
   at System.Windows.Forms.ToolStrip.OnMouseUp(System.Windows.Forms.MouseEventArgs)
   at System.Windows.Forms.ToolStripDropDown.OnMouseUp(System.Windows.Forms.MouseEventArgs)
   at System.Windows.Forms.Control.WmMouseUp(System.Windows.Forms.Message ByRef, System.Windows.Forms.MouseButtons, Int32)
   at System.Windows.Forms.Control.WndProc(System.Windows.Forms.Message ByRef)
   at System.Windows.Forms.ToolStrip.WndProc(System.Windows.Forms.Message ByRef)
   at System.Windows.Forms.ToolStripDropDown.WndProc(System.Windows.Forms.Message ByRef)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr)
   at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG ByRef)
   at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG ByRef)
   at System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.OnRun()
   at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()
   at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[])
   at ‎‍‎‬
‬‎
‫‌‎‮
‏‪‏
‫‌

‫‏‭‍‮.‍‌
‌‮‬‌‎‌​‏
‫‬‬‭‭‏‭‌‮‫‏‮​‮(Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase, System.String[])
   at ‎‍‎‬
‬‎
‫‌‎‮
‏‪‏
‫‌

‫‏‭‍‮.‍‬​‌‌‍
‏​‮‏‏​‪‍‫‍‬‏‭‮(System.String[])
   at System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
   at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
   at System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
   at A.A.A(System.String[])

Error: (09/03/2014 04:32:55 PM) (Source: Google Update) (EventID: 1) (User: NT AUTHORITY)
Description: Google Update has encountered a fatal error.
ver=1.3.24.15;lang=en;guid={62A74487-9749-41CA-835C-A25266174868};is_machine=1;oop=0;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\589a4b1d-ccf7-4520-aef5-c4225f34fd90.dmp

Error: (09/03/2014 00:34:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program VAIO Gate.exe version 2.4.2.2200 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ee0

Start Time: 01cfc726ef91115e

Termination Time: 560

Application Path: C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe

Report Id: 99f1dfce-3323-11e4-bb9e-88532e651a57

Error: (09/03/2014 00:13:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SmartDefrag.exe, version: 3.2.0.338, time stamp: 0x53b3a485
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00036ab4
Faulting process id: 0xf98
Faulting application start time: 0xSmartDefrag.exe0
Faulting application path: SmartDefrag.exe1
Faulting module path: SmartDefrag.exe2
Report Id: SmartDefrag.exe3

Error: (09/03/2014 11:27:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 11:08:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DegooDesktop.exe, version: 1.0.743.0, time stamp: 0x52d69d2a
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00036ae6
Faulting process id: 0x1ca8
Faulting application start time: 0xDegooDesktop.exe0
Faulting application path: DegooDesktop.exe1
Faulting module path: DegooDesktop.exe2
Report Id: DegooDesktop.exe3

Error: (09/03/2014 11:08:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SmartDefrag.exe, version: 3.2.0.338, time stamp: 0x53b3a485
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00036ab4
Faulting process id: 0x12f4
Faulting application start time: 0xSmartDefrag.exe0
Faulting application path: SmartDefrag.exe1
Faulting module path: SmartDefrag.exe2
Report Id: SmartDefrag.exe3

Error: (09/03/2014 11:00:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program VAIO Gate.exe version 2.4.2.2200 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1300

Start Time: 01cfc71641df507e

Termination Time: 1891

Application Path: C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe

Report Id: 1395cc2b-3316-11e4-92d7-88532e651a57

Error: (09/03/2014 10:43:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 31.0.0.5310, time stamp: 0x53c75e91
Faulting module name: mozalloc.dll, version: 31.0.0.5310, time stamp: 0x53c72e91
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x1b90
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (09/03/2014 05:52:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Error: (09/03/2014 05:49:35 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on \\?\Volume{520c9237-e17d-11e3-99cb-806e6f6e6963} cannot be read.

Error: (09/03/2014 05:49:35 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on \\?\Volume{520c9236-e17d-11e3-99cb-806e6f6e6963} cannot be read.

Error: (09/03/2014 05:48:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Bitdefender Virus Shield service hung on starting.

Error: (09/03/2014 05:46:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (09/03/2014 04:10:48 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on \\?\Volume{e31599d3-3319-11e4-bb9e-88532e651a57} cannot be read.

Error: (09/03/2014 04:08:34 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (09/03/2014 04:08:34 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (09/03/2014 04:08:20 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (09/03/2014 04:08:20 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004


Microsoft Office Sessions:
=========================
Error: (09/03/2014 05:50:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 05:12:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: NePA.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
Stack:
   at System.Environment._Exit(Int32)
   at System.Environment._Exit(Int32)
   at System.Environment.Exit(Int32)
   at System.Windows.Forms.Application+ThreadContext.OnThreadException(System.Exception)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr)
   at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG ByRef)
   at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG ByRef)
   at System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   at System.Windows.Forms.Form.ShowDialog(System.Windows.Forms.IWin32Window)
   at ​‌‭‬‎
‮‮‮‭‭‌‎‫
​‏‏‏‪‬‮.​‭‌‪‪‫‪‮‎‎‮‬‏‎‍‮‫‪‪​‮‪‮‫‌‏
‪‮(System.Windows.Forms.Form)
   at ​‌‭‬‎
‮‮‮‭‭‌‎‫
​‏‏‏‪‬‮.‪​‏​‌‍‎
​‍‪‮‬
​‏‏‌
‬‭‏‎‍‏

‮(System.Object, System.EventArgs)
   at System.Windows.Forms.ToolStripMenuItem.OnClick(System.EventArgs)
   at System.Windows.Forms.ToolStripItem.HandleClick(System.EventArgs)
   at System.Windows.Forms.ToolStripItem.HandleMouseUp(System.Windows.Forms.MouseEventArgs)
   at System.Windows.Forms.ToolStrip.OnMouseUp(System.Windows.Forms.MouseEventArgs)
   at System.Windows.Forms.ToolStripDropDown.OnMouseUp(System.Windows.Forms.MouseEventArgs)
   at System.Windows.Forms.Control.WmMouseUp(System.Windows.Forms.Message ByRef, System.Windows.Forms.MouseButtons, Int32)
   at System.Windows.Forms.Control.WndProc(System.Windows.Forms.Message ByRef)
   at System.Windows.Forms.ToolStrip.WndProc(System.Windows.Forms.Message ByRef)
   at System.Windows.Forms.ToolStripDropDown.WndProc(System.Windows.Forms.Message ByRef)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr)
   at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG ByRef)
   at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG ByRef)
   at System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.OnRun()
   at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()
   at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[])
   at ‎‍‎‬
‬‎
‫‌‎‮
‏‪‏
‫‌

‫‏‭‍‮.‍‌
‌‮‬‌‎‌​‏
‫‬‬‭‭‏‭‌‮‫‏‮​‮(Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase, System.String[])
   at ‎‍‎‬
‬‎
‫‌‎‮
‏‪‏
‫‌

‫‏‭‍‮.‍‬​‌‌‍
‏​‮‏‏​‪‍‫‍‬‏‭‮(System.String[])
   at System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
   at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
   at System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
   at A.A.A(System.String[])

Error: (09/03/2014 04:32:55 PM) (Source: Google Update) (EventID: 1) (User: NT AUTHORITY)
Description: Google Update has encountered a fatal error.
ver=1.3.24.15;lang=en;guid={62A74487-9749-41CA-835C-A25266174868};is_machine=1;oop=0;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\589a4b1d-ccf7-4520-aef5-c4225f34fd90.dmp

Error: (09/03/2014 00:34:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: VAIO Gate.exe2.4.2.2200ee001cfc726ef91115e560C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe99f1dfce-3323-11e4-bb9e-88532e651a57

Error: (09/03/2014 00:13:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SmartDefrag.exe3.2.0.33853b3a485ntdll.dll6.1.7601.18247521ea8e7c000000500036ab4f9801cfc726f003536bC:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exeC:\Windows\SysWOW64\ntdll.dlla6be698b-3320-11e4-bb9e-88532e651a57

Error: (09/03/2014 11:27:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 11:08:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DegooDesktop.exe1.0.743.052d69d2antdll.dll6.1.7601.18247521ea8e7c000000500036ae61ca801cfc71676331bfeC:\ProgramData\Degoo\DegooDesktop.exeC:\Windows\SysWOW64\ntdll.dll8a65d148-3317-11e4-92d7-88532e651a57

Error: (09/03/2014 11:08:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SmartDefrag.exe3.2.0.33853b3a485ntdll.dll6.1.7601.18247521ea8e7c000000500036ab412f401cfc7164301b85fC:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exeC:\Windows\SysWOW64\ntdll.dll8a502617-3317-11e4-92d7-88532e651a57

Error: (09/03/2014 11:00:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: VAIO Gate.exe2.4.2.2200130001cfc71641df507e1891C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe1395cc2b-3316-11e4-92d7-88532e651a57

Error: (09/03/2014 10:43:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b1b9001cfc720541f02c5C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll10b163cd-3314-11e4-92d7-88532e651a57


==================== Memory info ===========================

Processor: Intel® Core™ i7-2640M CPU @ 2.80GHz
Percentage of memory in use: 41%
Total physical RAM: 12203.82 MB
Available physical RAM: 7086.6 MB
Total Pagefile: 24405.83 MB
Available Pagefile: 19988.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:205.08 GB) (Free:94.71 GB) NTFS
Drive d: (Peace) (Fixed) (Total:480.8 GB) (Free:376.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 6588C642)
Partition 1: (Not Active) - (Size=12.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=205.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=480.8 GB) - (Type=OF Extended)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 AM

Posted 03 September 2014 - 06:27 AM

Ok, I have identified a candidate that may be responsible for it. But I want to verify this first:
Please visit the Malware Submission Site and upload the following file:
C:\Windows\SysWOW64\InterpreterPrivacyWin32\InterpreterPrivacyWin32.exe
Let me know here when this done.

Edited by aharonov, 03 September 2014 - 06:27 AM.


#5 rxqual

rxqual
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 03 September 2014 - 06:31 AM

Hi Aharonov,

 

Done. Thank you.



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 AM

Posted 03 September 2014 - 06:49 AM

Ok.


Step 1

Please download this attached Attached File  fixlist.txt   880bytes   8 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 rxqual

rxqual
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 03 September 2014 - 07:07 AM

Hi Aharonov,

 

Update as below.

Problem is still there. Thank you.

 

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 01
Ran by syahrul at 2014-09-03 19:54:24 Run:1
Running from C:\Users\syahrul\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
() C:\Windows\SysWOW64\InterpreterPrivacyWin32\InterpreterPrivacyWin32.exe
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0FtD0B0FzyyB0D0CyCtC0CzzyDyByDtDtN0D0Tzu0SzzyByBtN1L2XzutBtFtBtDtFtCzytFtCtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyDtCzy0CtCyCtBtGzytD0AyBtG0FzztDtCtG0CyD0FtAtGyB0ByDtA0AzztAzztAtByDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0EtBzztB0B0AtDtGyD0CzyyCtG0B0AtByBtG0D0FtAyDtGyDtBtCtAzyyBtByDyEtAtD0B2Q&cr=1839894403&ir=
R2 InterpreterPrivacyWin32; C:\Windows\SysWOW64\InterpreterPrivacyWin32\InterpreterPrivacyWin32.exe [60965 2014-09-02] () [File not signed]
2014-09-02 18:59 - 2014-09-02 18:59 - 00000000 ___DC () C:\Windows\SysWOW64\InterpreterPrivacyWin32
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:29351
EmptyTemp:
*****************

[7096] C:\Windows\SysWOW64\InterpreterPrivacyWin32\InterpreterPrivacyWin32.exe => Process closed successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => Key deleted successfully.
"HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B}" => Key not found.
InterpreterPrivacyWin32 => Unable to stop service
InterpreterPrivacyWin32 => Service deleted successfully.
C:\Windows\SysWOW64\InterpreterPrivacyWin32 => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
EmptyTemp: => Removed 1.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 01
Ran by syahrul (administrator) on SYAHRUL-VAIO on 03-09-2014 20:03:05
Running from C:\Users\syahrul\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(AuthenTec, Inc) C:\Program Files\TrueSuite\TrueSuite.Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\ChgService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Progress Software Corp.) C:\Program Files (x86)\Common Files\Progress Software\ObjectStore 7.0\bin\oscmgr6.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
(Progress Software Corp.) C:\Program Files (x86)\Common Files\Progress Software\ObjectStore 7.0\bin\osserver.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(AuthenTec Inc.) C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Anite) C:\Program Files (x86)\Anite\Nemo Analyze\AnalyzeGuard.exe
(Ziff-Davis Media, Inc.) D:\01_Peace\03_Download Center\NetPerSec_v1.1.4_(WWW.CRACK-CD.COM)\NetPerSec.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(www.IslamicFinder.org) C:\Program Files (x86)\Athan\Athan.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2011-06-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2179688 2011-06-17] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-06-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ClientAppLogon] => C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [ClientAppLogon32] => C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2012-01-04] (Intel® Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-17] (Bitdefender)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-21] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2801288 2011-06-01] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-16] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-12-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Athan] => C:\Program Files (x86)\Athan\Athan.exe [1216512 2014-05-04] (www.IslamicFinder.org)
HKLM-x32\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [77056 2013-05-16] (WordWeb Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-17] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-17] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-17] (Bitdefender)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-17] (Bitdefender)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-17] (Bitdefender)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-17] (Bitdefender)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\Run: [GoogleChromeAutoLaunch_1B1B5316B74349678A8ED142D2B49890] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\Run: [Google Update] => C:\Users\syahrul\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-17] (Google Inc.)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\MountPoints2: F - F:\.\ShowModem.exe
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\MountPoints2: {2aad15d5-08d5-11e4-8542-88532e651a57} - F:\.\ShowModem.exe
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\MountPoints2: {ab6ae2cf-0047-11e4-ac8b-88532e651a57} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nemo Analyze Guard.lnk
ShortcutTarget: Nemo Analyze Guard.lnk -> C:\Program Files (x86)\Anite\Nemo Analyze\AnalyzeGuard.exe (Anite)
Startup: C:\Users\syahrul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPerSec.lnk
ShortcutTarget: NetPerSec.lnk -> D:\01_Peace\03_Download Center\NetPerSec_v1.1.4_(WWW.CRACK-CD.COM)\NetPerSec.exe (Ziff-Davis Media, Inc.)
ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:15571
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://corp.sony.com.my/vaio/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {4EA8B7F7-39D2-477A-9B7A-51E3E36BB6D6} URL = http://www.baidu.com/baidu?tn=dealio_dg&wd={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: TrueSuite WebStore -> {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: TrueSuite WebStore -> {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: EZ YouTube Video Downloader 1.0 -> {FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A} -> C:\PROGRA~2\EZYOUT~1\yvd.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {76CBDDBA-3897-4EAC-A1D3-CCC47DE82EFB} https://btsesise1.mi3g.lcl:8443/auth/provisioning/download/239aa7cd-d04f-4223-97e3-4ec0fcf9091e/taweb.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.1.65.100 10.1.65.99

FireFox:
========
FF ProfilePath: C:\Users\syahrul\AppData\Roaming\Mozilla\Firefox\Profiles\fx1u642h.default
FF Homepage: hxxp://www.google.com.my
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "10.1.255.20"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "10.1.255.20"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "10.1.255.20"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "10.1.255.20"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\syahrul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\syahrul\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\syahrul\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\syahrul\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\SpeedUp\SpeedUpAppsStore\bin\npAppUp.dll No File
FF user.js: detected! => C:\Users\syahrul\AppData\Roaming\Mozilla\Firefox\Profiles\fx1u642h.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\logging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\syahrul\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\syahrul\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\syahrul\AppData\Roaming\Mozilla\Firefox\Profiles\fx1u642h.default\searchplugins\baidu.xml
FF Extension: TrueSuite Website Log On - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com [2014-09-03]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-08-22]
FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-05-25]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-05-25]
FF HKLM-x32\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2014-05-27]
FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com.my/"
CHR NewTab: Default -> "chrome-extension://gpiifgmgnfdiblgpaepbmfdkcheicgof/redirect.html"
CHR Profile: C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-27]
CHR Extension: (Google Drive) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-27]
CHR Extension: (Google Search) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-27]
CHR Extension: (Skype Click to Call) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-29]
CHR Extension: (Shopping Helper) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof [2014-08-16]
CHR Extension: (Google Wallet) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-27]
CHR Extension: (Website Logon) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo [2014-05-27]
CHR Extension: (Gmail) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-05-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [oiokdoppleiafjmfmggefbkghfblaplo] - C:\Program Files\TrueSuite\x86\tschrome.crx [2010-11-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-19] (ArcSoft Inc.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-17] (Bitdefender)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-11-14] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1355840 2011-11-14] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-11-14] (Intel Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Change Modem Device Service; C:\Windows\SysWOW64\ChgService.exe [135168 2011-09-19] () [File not signed]
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [111776 2011-08-25] (Atheros Communication Inc.) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [294216 2011-04-26] (AuthenTec, Inc)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2012-01-04] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
R2 ObjectStore Cache Manager R7.0; C:\Program Files (x86)\Common Files\Progress Software\ObjectStore 7.0\bin\oscmgr6.exe [162816 2013-02-28] (Progress Software Corp.) [File not signed]
R2 ObjectStore Server R7.0; C:\Program Files (x86)\Common Files\Progress Software\ObjectStore 7.0\bin\osserver.exe [545792 2013-02-28] (Progress Software Corp.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-24] (ArcSoft, Inc.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-17] (Bitdefender)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-17] (Bitdefender)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-17] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-17] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-08-19] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-17] (BitDefender S.R.L.)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-05-27] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-05-27] (Microsoft Corporation) [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 19:01 - 2014-09-03 20:03 - 00034585 ____C () C:\Users\syahrul\Downloads\FRST.txt
2014-09-03 19:01 - 2014-09-03 19:02 - 00071419 ____C () C:\Users\syahrul\Downloads\Addition.txt
2014-09-03 18:52 - 2014-09-03 20:03 - 00000000 ___DC () C:\FRST
2014-09-03 18:52 - 2014-09-03 18:52 - 02104832 ____C (Farbar) C:\Users\syahrul\Downloads\FRST64.exe
2014-09-03 18:14 - 2014-09-03 18:15 - 00000677 ____C () C:\DelFix.txt
2014-09-03 18:14 - 2014-09-03 18:14 - 00000000 ___DC () C:\Windows\ERUNT
2014-09-03 18:06 - 2014-09-03 18:06 - 00000000 ___DC () C:\Users\syahrul\AppData\Temp
2014-09-03 17:18 - 2014-09-03 17:54 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:18 - 2014-09-03 17:18 - 00001108 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:18 - 2014-09-03 17:18 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:17 - 2014-09-03 17:18 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:17 - 2014-09-03 17:17 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2014-09-03 17:17 - 2014-05-12 07:26 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-03 17:17 - 2014-05-12 07:26 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 17:17 - 2014-05-12 07:25 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 17:15 - 2014-09-03 17:15 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\syahrul\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 10:33 - 2014-09-03 10:33 - 00000000 ___DC () C:\Users\syahrul\AppData\Local\Norman Malware Cleaner
2014-09-03 10:20 - 2014-09-03 10:33 - 352379672 ____C (Norman Shark AS) C:\Users\syahrul\Downloads\Norman_Malware_Cleaner.exe
2014-09-02 11:01 - 2014-09-02 11:01 - 00001718 ____C () C:\Users\syahrul\Desktop\Celcom_OSS.lnk
2014-09-02 10:54 - 2014-09-02 12:51 - 00000032 ____C () C:\Windows\concentr.ini
2014-09-02 10:52 - 2014-09-02 11:01 - 00000045 ____C () C:\Windows\webica.ini
2014-09-02 10:52 - 2014-09-02 11:01 - 00000037 ____C () C:\WFCNAME.INI
2014-09-02 10:51 - 2014-09-02 10:25 - 00000000 ___DC () C:\Program Files\ICA Client
2014-09-02 10:31 - 2014-09-02 10:31 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Citrix
2014-09-02 10:18 - 2014-09-02 10:18 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
2014-09-02 10:18 - 2014-09-02 10:18 - 00000000 ___DC () C:\Program Files (x86)\Citrix
2014-09-01 14:07 - 2014-09-03 10:29 - 02214299 ____C () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.1.exe
2014-09-01 00:28 - 2014-09-01 00:28 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\captcha_error
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files\iTunes
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files\iPod
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files (x86)\iTunes
2014-08-29 16:22 - 2014-08-29 16:22 - 00001459 ____C () C:\Users\syahrul\Desktop\Web Intelligence Rich Client.lnk
2014-08-28 09:25 - 2014-08-28 10:13 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 09:25 - 2014-08-28 10:13 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:25 - 2014-08-28 10:13 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-26 18:09 - 2014-08-26 18:09 - 00002504 ____C () C:\Users\syahrul\.isqlPreferences11
2014-08-26 18:09 - 2014-08-26 18:09 - 00000073 ____C () C:\Users\syahrul\.jlogon11
2014-08-26 18:09 - 2014-08-26 18:09 - 00000034 ____C () C:\Users\syahrul\.isqlHistory11
2014-08-26 17:58 - 2014-08-26 17:58 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Business Objects
2014-08-26 17:31 - 2014-08-26 17:31 - 00000000 ___DC () C:\ProgramData\SQL Anywhere 11
2014-08-26 17:09 - 2014-08-26 18:09 - 00000000 ___DC () C:\ProgramData\Sybase Central 6.0.0
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\Users\syahrul\sybase
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\ProgramData\SybaseIQ
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\ProgramData\DBISQL 11.0.1
2014-08-26 17:08 - 2014-08-26 17:08 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sybase
2014-08-26 17:07 - 2014-08-26 17:10 - 00000000 ___DC () C:\Sybase
2014-08-26 11:38 - 2014-08-26 11:39 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-26 11:38 - 2014-08-26 11:39 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-26 11:38 - 2014-08-26 11:39 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-26 11:38 - 2014-08-26 11:39 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-26 11:36 - 2014-08-26 11:39 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-26 11:36 - 2014-08-26 11:39 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-26 11:36 - 2014-08-26 11:39 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-26 11:36 - 2014-08-26 11:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-25 18:37 - 2014-08-25 18:37 - 00851456 ____C () C:\Users\syahrul\Downloads\mcom2001-site-data.xls
2014-08-25 18:37 - 2014-08-25 18:37 - 00374272 ____C () C:\Users\syahrul\Downloads\mcom2001-gsm-carrier-data.xls
2014-08-25 15:05 - 2014-08-25 15:05 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BusinessObjects XI 3.1
2014-08-25 15:04 - 2014-08-26 18:01 - 00000544 ____C () C:\Windows\ODBC.INI
2014-08-25 14:39 - 2014-08-26 17:12 - 00000000 ___DC () C:\ebid
2014-08-25 12:26 - 2014-08-26 18:11 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\NetSarang
2014-08-25 12:21 - 2014-08-25 12:24 - 29813576 ____C (NetSarang Computer, Inc.) C:\Users\syahrul\Downloads\Xshell4.exe
2014-08-22 09:39 - 2014-09-02 10:18 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-08-21 15:54 - 2014-09-03 11:25 - 00000000 ___DC () C:\ProgramData\Degoo
2014-08-21 15:54 - 2014-08-21 15:54 - 00000000 ___DC () C:\Users\syahrul\.swt
2014-08-21 15:53 - 2014-08-21 15:54 - 22355720 ____C (Degoo Backup AB) C:\Users\syahrul\Downloads\DegooSetup-Production-1.0.743.exe
2014-08-19 17:07 - 2014-08-19 17:07 - 00345600 ____C () C:\Users\syahrul\Downloads\T065B00001F0041PPTE.ppt
2014-08-19 15:03 - 2014-08-19 15:03 - 00003276 ____C () C:\Windows\System32\Tasks\{EDA0CA98-04B3-420F-BF42-08B7BD642593}
2014-08-19 10:32 - 2014-08-19 10:32 - 00003142 ____C () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-08-19 10:32 - 2014-08-19 10:32 - 00002033 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
2014-08-19 10:32 - 2014-08-19 10:32 - 00000000 _RHDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-08-19 10:25 - 2014-08-19 10:29 - 114445544 ____C (Sony Corporation) C:\Users\syahrul\Downloads\EP0000322168.exe
2014-08-19 09:32 - 2014-09-03 19:57 - 00002530 ____C () C:\Windows\setupact.log
2014-08-19 09:32 - 2014-08-19 09:32 - 00000000 ____C () C:\Windows\setuperr.log
2014-08-17 02:13 - 2014-08-17 02:13 - 00419616 ____C (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-08-17 01:58 - 2014-08-17 01:58 - 00272808 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00098216 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-17 01:58 - 2014-08-17 01:58 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-08-17 01:02 - 2014-08-17 01:05 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 01:02 - 2014-08-17 01:05 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 01:02 - 2014-08-17 01:05 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 01:02 - 2014-08-17 01:05 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-17 01:02 - 2014-08-17 01:05 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 01:02 - 2014-08-17 01:05 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 01:01 - 2014-08-17 01:05 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 01:01 - 2014-08-17 01:05 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-17 01:00 - 2014-08-17 01:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-17 01:00 - 2014-08-17 01:06 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-17 01:00 - 2014-08-17 01:06 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-17 01:00 - 2014-08-17 01:06 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-17 00:20 - 2014-08-17 01:06 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-17 00:20 - 2014-08-17 01:06 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-17 00:20 - 2014-08-17 01:01 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-17 00:20 - 2014-08-17 01:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-17 00:19 - 2014-08-17 01:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-17 00:19 - 2014-08-17 01:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-17 00:19 - 2014-08-17 01:07 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-17 00:19 - 2014-08-17 01:05 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-17 00:19 - 2014-08-17 01:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-16 19:52 - 2014-08-19 10:40 - 00000000 ___DC () C:\Update

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 20:06 - 2014-09-03 19:01 - 00034585 ____C () C:\Users\syahrul\Downloads\FRST.txt
2014-09-03 20:03 - 2014-09-03 18:52 - 00000000 ___DC () C:\FRST
2014-09-03 20:03 - 2014-05-22 14:59 - 01911671 ____C () C:\Windows\WindowsUpdate.log
2014-09-03 20:02 - 2014-05-22 23:33 - 00000000 ___DC () C:\Users\syahrul\Documents\Outlook Files
2014-09-03 19:57 - 2014-08-19 09:32 - 00002530 ____C () C:\Windows\setupact.log
2014-09-03 19:57 - 2014-05-27 10:59 - 00000896 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-03 19:57 - 2009-07-14 13:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-09-03 19:56 - 2010-11-21 11:47 - 00643098 ____C () C:\Windows\PFRO.log
2014-09-03 19:35 - 2014-05-27 01:41 - 00000830 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 19:19 - 2014-07-17 10:14 - 00000916 ____C () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-19288706-1046810751-1018935600-1000UA.job
2014-09-03 19:10 - 2014-05-27 10:59 - 00000900 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-03 19:02 - 2014-09-03 19:01 - 00071419 ____C () C:\Users\syahrul\Downloads\Addition.txt
2014-09-03 18:52 - 2014-09-03 18:52 - 02104832 ____C (Farbar) C:\Users\syahrul\Downloads\FRST64.exe
2014-09-03 18:51 - 2009-07-14 12:45 - 00032240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-03 18:51 - 2009-07-14 12:45 - 00032240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 18:15 - 2014-09-03 18:14 - 00000677 ____C () C:\DelFix.txt
2014-09-03 18:14 - 2014-09-03 18:14 - 00000000 ___DC () C:\Windows\ERUNT
2014-09-03 18:06 - 2014-09-03 18:06 - 00000000 ___DC () C:\Users\syahrul\AppData\Temp
2014-09-03 18:00 - 2014-05-22 15:05 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2014-09-03 17:55 - 2014-05-23 04:29 - 00410794 ____C () C:\Windows\system32\perfh00D.dat
2014-09-03 17:55 - 2014-05-23 04:29 - 00094374 ____C () C:\Windows\system32\perfc00D.dat
2014-09-03 17:55 - 2009-07-14 13:13 - 01280386 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-09-03 17:54 - 2014-09-03 17:18 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:44 - 2014-05-22 00:47 - 00000000 ___DC () C:\Users\syahrul\AppData\Local\VirtualStore
2014-09-03 17:30 - 2014-05-27 18:34 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Skype
2014-09-03 17:18 - 2014-09-03 17:18 - 00001108 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:18 - 2014-09-03 17:18 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:18 - 2014-09-03 17:17 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:17 - 2014-09-03 17:17 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2014-09-03 17:15 - 2014-09-03 17:15 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\syahrul\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 16:40 - 2014-06-25 16:40 - 00000000 ___DC () C:\Users\syahrul\ALEX_TMP
2014-09-03 16:29 - 2014-05-31 12:40 - 00000000 ___DC () C:\Users\syahrul\AppData\Local\Digsby
2014-09-03 12:17 - 2014-06-10 12:13 - 00000000 ___DC () C:\Windows\AutoKMS
2014-09-03 12:13 - 2014-06-06 18:20 - 00000000 ___DC () C:\Users\syahrul\Documents\My Received Files
2014-09-03 11:25 - 2014-08-21 15:54 - 00000000 ___DC () C:\ProgramData\Degoo
2014-09-03 10:57 - 2014-05-22 00:46 - 00000000 ___DC () C:\Windows\pss
2014-09-03 10:33 - 2014-09-03 10:33 - 00000000 ___DC () C:\Users\syahrul\AppData\Local\Norman Malware Cleaner
2014-09-03 10:33 - 2014-09-03 10:20 - 352379672 ____C (Norman Shark AS) C:\Users\syahrul\Downloads\Norman_Malware_Cleaner.exe
2014-09-03 10:29 - 2014-09-01 14:07 - 02214299 ____C () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.1.exe
2014-09-03 10:25 - 2014-07-01 16:51 - 00000000 ___DC () C:\Users\syahrul\AppData\Local\Deployment
2014-09-03 10:19 - 2014-07-17 10:14 - 00000864 ____C () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-19288706-1046810751-1018935600-1000Core.job
2014-09-02 12:51 - 2014-09-02 10:54 - 00000032 ____C () C:\Windows\concentr.ini
2014-09-02 11:01 - 2014-09-02 11:01 - 00001718 ____C () C:\Users\syahrul\Desktop\Celcom_OSS.lnk
2014-09-02 11:01 - 2014-09-02 10:52 - 00000045 ____C () C:\Windows\webica.ini
2014-09-02 11:01 - 2014-09-02 10:52 - 00000037 ____C () C:\WFCNAME.INI
2014-09-02 10:56 - 2014-05-22 00:46 - 00000000 ___DC () C:\Users\syahrul
2014-09-02 10:31 - 2014-09-02 10:31 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Citrix
2014-09-02 10:25 - 2014-09-02 10:51 - 00000000 ___DC () C:\Program Files\ICA Client
2014-09-02 10:18 - 2014-09-02 10:18 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
2014-09-02 10:18 - 2014-09-02 10:18 - 00000000 ___DC () C:\Program Files (x86)\Citrix
2014-09-02 10:18 - 2014-08-22 09:39 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 10:18 - 2014-05-27 11:23 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\ICAClient
2014-09-01 19:23 - 2014-05-27 11:27 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Nitro PDF
2014-09-01 01:34 - 2014-05-22 01:44 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\iolo
2014-09-01 00:28 - 2014-09-01 00:28 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\captcha_error
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files\iTunes
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files\iPod
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files (x86)\iTunes
2014-08-29 16:22 - 2014-08-29 16:22 - 00001459 ____C () C:\Users\syahrul\Desktop\Web Intelligence Rich Client.lnk
2014-08-28 16:18 - 2009-07-14 12:45 - 00460776 ____C () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 13:14 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-08-28 10:13 - 2014-08-28 09:25 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 10:13 - 2014-08-28 09:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 10:13 - 2014-08-28 09:25 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-26 18:15 - 2014-05-24 19:54 - 00000000 __RDC () C:\Users\syahrul\Virtual Machines
2014-08-26 18:11 - 2014-08-25 12:26 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\NetSarang
2014-08-26 18:09 - 2014-08-26 18:09 - 00002504 ____C () C:\Users\syahrul\.isqlPreferences11
2014-08-26 18:09 - 2014-08-26 18:09 - 00000073 ____C () C:\Users\syahrul\.jlogon11
2014-08-26 18:09 - 2014-08-26 18:09 - 00000034 ____C () C:\Users\syahrul\.isqlHistory11
2014-08-26 18:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\ProgramData\Sybase Central 6.0.0
2014-08-26 18:01 - 2014-08-25 15:04 - 00000544 ____C () C:\Windows\ODBC.INI
2014-08-26 17:58 - 2014-08-26 17:58 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Business Objects
2014-08-26 17:31 - 2014-08-26 17:31 - 00000000 ___DC () C:\ProgramData\SQL Anywhere 11
2014-08-26 17:12 - 2014-08-25 14:39 - 00000000 ___DC () C:\ebid
2014-08-26 17:10 - 2014-08-26 17:07 - 00000000 ___DC () C:\Sybase
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\Users\syahrul\sybase
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\ProgramData\SybaseIQ
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\ProgramData\DBISQL 11.0.1
2014-08-26 17:08 - 2014-08-26 17:08 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sybase
2014-08-26 17:05 - 2014-06-18 09:39 - 00000000 ___DC () C:\Program Files (x86)\Business Objects
2014-08-26 12:18 - 2014-05-27 01:41 - 00699568 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-26 12:18 - 2014-05-27 01:41 - 00003768 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-26 12:18 - 2014-05-22 15:19 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-26 11:58 - 2014-05-23 00:07 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\BitComet
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\uk-UA
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\th-TH
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\sl-SI
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\sk-SK
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\lv-LV
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\he-IL
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\uk-UA
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\th-TH
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\sl-SI
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\sk-SK
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\lv-LV
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\he-IL
2014-08-26 11:40 - 2014-08-26 11:37 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-26 11:40 - 2014-08-26 11:37 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-26 11:40 - 2014-08-26 11:37 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-26 11:40 - 2014-08-26 11:37 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-26 11:40 - 2014-08-26 11:37 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-26 11:40 - 2014-08-26 11:37 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-26 11:39 - 2014-08-26 11:38 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-26 11:39 - 2014-08-26 11:38 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-26 11:39 - 2014-08-26 11:38 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-26 11:39 - 2014-08-26 11:38 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-26 11:39 - 2014-08-26 11:36 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-26 11:39 - 2014-08-26 11:36 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-26 11:39 - 2014-08-26 11:36 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-26 11:39 - 2014-08-26 11:36 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-25 18:37 - 2014-08-25 18:37 - 00851456 ____C () C:\Users\syahrul\Downloads\mcom2001-site-data.xls
2014-08-25 18:37 - 2014-08-25 18:37 - 00374272 ____C () C:\Users\syahrul\Downloads\mcom2001-gsm-carrier-data.xls
2014-08-25 15:08 - 2014-05-22 00:47 - 00128728 ____C () C:\Users\syahrul\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-25 15:05 - 2014-08-25 15:05 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BusinessObjects XI 3.1
2014-08-25 15:03 - 2014-05-22 22:36 - 00000000 ___DC () C:\Program Files (x86)\Microsoft Office
2014-08-25 12:46 - 2014-05-24 23:32 - 00000000 ___DC () C:\Users\syahrul\Downloads\BitComet
2014-08-25 12:24 - 2014-08-25 12:21 - 29813576 ____C (NetSarang Computer, Inc.) C:\Users\syahrul\Downloads\Xshell4.exe
2014-08-22 23:36 - 2014-05-23 00:31 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-22 17:18 - 2014-05-27 18:34 - 00000000 ___DC () C:\ProgramData\Skype
2014-08-22 16:28 - 2014-05-22 23:18 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Nitro
2014-08-21 15:54 - 2014-08-21 15:54 - 00000000 ___DC () C:\Users\syahrul\.swt
2014-08-21 15:54 - 2014-08-21 15:53 - 22355720 ____C (Degoo Backup AB) C:\Users\syahrul\Downloads\DegooSetup-Production-1.0.743.exe
2014-08-19 17:07 - 2014-08-19 17:07 - 00345600 ____C () C:\Users\syahrul\Downloads\T065B00001F0041PPTE.ppt
2014-08-19 16:52 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\NDF
2014-08-19 15:17 - 2014-06-25 10:46 - 00007605 ____C () C:\Users\syahrul\AppData\Local\Resmon.ResmonCfg
2014-08-19 15:05 - 2014-06-25 16:40 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ALEXwin
2014-08-19 15:05 - 2014-06-25 16:40 - 00000000 ___DC () C:\Program Files (x86)\ALEXwin
2014-08-19 15:03 - 2014-08-19 15:03 - 00003276 ____C () C:\Windows\System32\Tasks\{EDA0CA98-04B3-420F-BF42-08B7BD642593}
2014-08-19 14:47 - 2014-06-25 18:05 - 00001004 ____C () C:\Users\syahrul\Desktop\ALEX.lnk
2014-08-19 10:40 - 2014-08-16 19:52 - 00000000 ___DC () C:\Update
2014-08-19 10:32 - 2014-08-19 10:32 - 00003142 ____C () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-08-19 10:32 - 2014-08-19 10:32 - 00002033 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
2014-08-19 10:32 - 2014-08-19 10:32 - 00000000 _RHDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-08-19 10:31 - 2014-05-22 15:49 - 00000000 ___DC () C:\Program Files\Sony
2014-08-19 10:31 - 2014-05-22 15:14 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-08-19 10:30 - 2014-05-24 19:35 - 00013792 ____C () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2014-08-19 10:29 - 2014-08-19 10:25 - 114445544 ____C (Sony Corporation) C:\Users\syahrul\Downloads\EP0000322168.exe
2014-08-19 09:32 - 2014-08-19 09:32 - 00000000 ____C () C:\Windows\setuperr.log
2014-08-19 09:11 - 2014-05-27 09:14 - 00000407 ____C () C:\Windows\system32\checkdnsid.xml
2014-08-17 02:19 - 2014-05-25 01:17 - 00647752 ____C (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-08-17 02:16 - 2014-05-25 01:17 - 01260120 ____C (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-08-17 02:15 - 2014-05-25 00:45 - 00084848 ____C (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2014-08-17 02:15 - 2014-05-25 00:45 - 00034384 ____C (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2014-08-17 02:13 - 2014-08-17 02:13 - 00419616 ____C (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-08-17 02:12 - 2014-05-25 00:45 - 00074512 ____C (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-08-17 01:58 - 2014-08-17 01:58 - 00272808 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00098216 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-17 01:58 - 2014-08-17 01:58 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-08-17 01:58 - 2014-06-11 09:38 - 00000000 ___DC () C:\ProgramData\Oracle
2014-08-17 01:36 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\zh-HK
2014-08-17 01:36 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\ar-SA
2014-08-17 01:36 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\zh-HK
2014-08-17 01:36 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\ar-SA
2014-08-17 01:36 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\PolicyDefinitions
2014-08-17 01:18 - 2014-05-22 22:36 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2014-08-17 01:12 - 2014-05-22 03:23 - 00000000 ___DC () C:\Windows\system32\MRT
2014-08-17 01:09 - 2014-05-22 03:23 - 99218768 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-17 01:08 - 2014-08-17 00:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-17 01:08 - 2014-08-17 00:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-17 01:07 - 2014-08-17 00:19 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-17 01:06 - 2014-08-17 01:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-17 01:06 - 2014-08-17 01:00 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-17 01:06 - 2014-08-17 01:00 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-17 01:06 - 2014-08-17 01:00 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-17 01:06 - 2014-08-17 00:20 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-17 01:06 - 2014-08-17 00:20 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-17 01:05 - 2014-08-17 01:02 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 01:05 - 2014-08-17 01:02 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 01:05 - 2014-08-17 01:02 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 01:05 - 2014-08-17 01:02 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-17 01:05 - 2014-08-17 01:02 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 01:05 - 2014-08-17 01:02 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 01:05 - 2014-08-17 01:01 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 01:05 - 2014-08-17 01:01 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 01:05 - 2014-08-17 00:19 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-17 01:05 - 2014-08-17 00:19 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-17 01:01 - 2014-08-17 00:20 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-17 01:01 - 2014-08-17 00:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-17 01:01 - 2014-05-22 20:39 - 00000000 __SDC () C:\Windows\system32\CompatTel

Files to move or delete:
====================
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.


LastRegBack: 2014-08-28 13:06

==================== End Of Log ============================



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 AM

Posted 03 September 2014 - 07:48 AM

Ok, let's switch gears then.
Please follow this instruction carefully step-by-step exactly the way it is written.



Please download this attached Attached File  fixlist.txt   85bytes   6 downloads and save it in the same directory as FRST.


Please download Process Monitor and unzip it.
  • Start procmon.exe and accept the license agreement.
  • Procmon will be logging right away. Stop it with "File -> Capture Events" (or hit CTRL+E).
  • Clean the log with "Edit -> Clear Display" (or hit CTRL+X).
  • Then go to "Filter -> Filter..." (or CTRL+L).
    Create a new filter with the conditions: "Path" "contains" "proxy" then "Include" and click on "Add". Click on "Apply" and "OK".
  • Start the logging with "File -> Capture Events" (or hit CTRL+E). and leave the program running.

Now do the FRST fix:
  • Now start FRST with Administrator privileges.
  • Press the Fix button.

Wait for two minutes or so, then go to Process Monitor again.
  • Stop the logging with "File -> Capture Events" (or hit CTRL+E).
  • Then go to "File -> Save...". Select the options "Events displayed using current filter" and "Comma-Seperated Values (CSV)" as format. Choose a path to save the *.csv file and click "OK".
  • Please post up this *csv-file in your next reply.

Edited by aharonov, 03 September 2014 - 07:49 AM.


#9 rxqual

rxqual
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 03 September 2014 - 08:54 AM

Hi Aharonov,

 

Updated. Thanks.

 

Time of Day Process Name PID Operation Path Result Detail 46:48.5 DllHost.exe 4876 RegOpenKey HKCU\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 46:48.5 DllHost.exe 4876 RegOpenKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:48.5 DllHost.exe 4876 RegQueryKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Query: Name 46:48.5 DllHost.exe 4876 RegQueryKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x0 46:48.5 DllHost.exe 4876 RegOpenKey HKCU\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:48.5 DllHost.exe 4876 RegQueryValue HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 46:48.5 DllHost.exe 4876 RegCloseKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   46:48.5 DllHost.exe 4876 RegOpenKey HKCU\Software\Classes\Interface\{75121952-E0D0-43E5-9380-1D80483ACF72}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 46:48.5 DllHost.exe 4876 RegOpenKey HKCR\Interface\{75121952-E0D0-43E5-9380-1D80483ACF72}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:48.5 DllHost.exe 4876 RegQueryKey HKCR\Interface\{75121952-E0D0-43E5-9380-1D80483ACF72}\ProxyStubClsid32 SUCCESS Query: Name 46:48.5 DllHost.exe 4876 RegQueryKey HKCR\Interface\{75121952-E0D0-43E5-9380-1D80483ACF72}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x0 46:48.5 DllHost.exe 4876 RegOpenKey HKCU\Software\Classes\Interface\{75121952-E0D0-43E5-9380-1D80483ACF72}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:48.5 DllHost.exe 4876 RegQueryValue HKCR\Interface\{75121952-E0D0-43E5-9380-1D80483ACF72}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {F562A2C8-E850-4F05-8E7A-E7192E4E6C23} 46:48.5 DllHost.exe 4876 RegCloseKey HKCR\Interface\{75121952-E0D0-43E5-9380-1D80483ACF72}\ProxyStubClsid32 SUCCESS   46:49.0 safeboxservice.exe 4608 RegOpenKey HKCR\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access 46:49.0 safeboxservice.exe 4608 RegQueryValue HKCR\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 46:49.0 safeboxservice.exe 4608 RegCloseKey HKCR\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32 SUCCESS   46:49.0 Explorer.EXE 1868 RegOpenKey HKCU\Software\Classes\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:49.0 Explorer.EXE 1868 RegOpenKey HKCR\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 46:49.0 Explorer.EXE 1868 RegQueryKey HKCR\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32 SUCCESS Query: Name 46:49.0 Explorer.EXE 1868 RegQueryKey HKCR\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x0 46:49.0 Explorer.EXE 1868 RegOpenKey HKCU\Software\Classes\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:49.0 Explorer.EXE 1868 RegQueryValue HKCR\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 46:49.0 Explorer.EXE 1868 RegCloseKey HKCR\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32 SUCCESS   46:49.1 Explorer.EXE 1868 RegOpenKey HKCU\Software\Classes\Interface\{43658EED-A3DC-4919-86C3-925B40218BBA}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:49.1 Explorer.EXE 1868 RegOpenKey HKCR\Interface\{43658EED-A3DC-4919-86C3-925B40218BBA}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 46:49.1 Explorer.EXE 1868 RegQueryKey HKCR\Interface\{43658EED-A3DC-4919-86C3-925B40218BBA}\ProxyStubClsid32 SUCCESS Query: Name 46:49.1 Explorer.EXE 1868 RegQueryKey HKCR\Interface\{43658EED-A3DC-4919-86C3-925B40218BBA}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x0 46:49.1 Explorer.EXE 1868 RegOpenKey HKCU\Software\Classes\Interface\{43658EED-A3DC-4919-86C3-925B40218BBA}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:49.1 Explorer.EXE 1868 RegQueryValue HKCR\Interface\{43658EED-A3DC-4919-86C3-925B40218BBA}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 46:49.1 Explorer.EXE 1868 RegCloseKey HKCR\Interface\{43658EED-A3DC-4919-86C3-925B40218BBA}\ProxyStubClsid32 SUCCESS   46:51.3 igfxsrvc.exe 10156 RegOpenKey HKCU\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 46:51.3 igfxsrvc.exe 10156 RegOpenKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:51.3 igfxsrvc.exe 10156 RegQueryKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Query: Name 46:51.3 igfxsrvc.exe 10156 RegQueryKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x0 46:51.3 igfxsrvc.exe 10156 RegOpenKey HKCU\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:51.3 igfxsrvc.exe 10156 RegQueryValue HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 46:51.3 igfxsrvc.exe 10156 RegCloseKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   46:51.3 igfxsrvc.exe 10156 RegOpenKey HKCU\Software\Classes\Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 46:51.3 igfxsrvc.exe 10156 RegOpenKey HKCR\Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:51.3 igfxsrvc.exe 10156 RegQueryKey HKCR\Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}\ProxyStubClsid32 SUCCESS Query: Name 46:51.3 igfxsrvc.exe 10156 RegQueryKey HKCR\Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x0 46:51.3 igfxsrvc.exe 10156 RegOpenKey HKCU\Software\Classes\Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:51.3 igfxsrvc.exe 10156 RegQueryValue HKCR\Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {DDA11344-AB20-4AEC-94C4-6AA091574CD0} 46:51.3 igfxsrvc.exe 10156 RegCloseKey HKCR\Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}\ProxyStubClsid32 SUCCESS   46:52.2 DllHost.exe 8500 RegOpenKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:52.2 DllHost.exe 8500 RegQueryValue HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 46:52.2 DllHost.exe 8500 RegCloseKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   46:52.2 DllHost.exe 8500 RegOpenKey HKCR\Interface\{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:52.2 DllHost.exe 8500 RegQueryValue HKCR\Interface\{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} 46:52.2 DllHost.exe 8500 RegCloseKey HKCR\Interface\{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\ProxyStubClsid32 SUCCESS   46:52.5 DllHost.exe 8936 RegOpenKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:52.5 DllHost.exe 8936 RegQueryValue HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 46:52.5 DllHost.exe 8936 RegCloseKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   46:52.5 DllHost.exe 8936 RegOpenKey HKCR\Interface\{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:52.5 DllHost.exe 8936 RegQueryValue HKCR\Interface\{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} 46:52.5 DllHost.exe 8936 RegCloseKey HKCR\Interface\{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\ProxyStubClsid32 SUCCESS   46:52.7 FRST64.exe 9292 RegOpenKey HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289 NAME NOT FOUND Desired Access: Query Value 46:52.7 FRST64.exe 9292 RegOpenKey HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289 NAME NOT FOUND Desired Access: Query Value 46:52.7 FRST64.exe 9292 RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableLegacyAutoProxyFeatures NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy SUCCESS Type: REG_DWORD, Length: 4, Data: 1 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable SUCCESS Type: REG_DWORD, Length: 4, Data: 1 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer SUCCESS Type: REG_SZ, Length: 42, Data: http=127.0.0.1:15571 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride SUCCESS Type: REG_SZ, Length: 84, Data: <local>;*origin.com;*ea.com;*akamaihd.net 46:52.7 FRST64.exe 9292 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable SUCCESS Type: REG_DWORD, Length: 4, Data: 1 46:52.7 FRST64.exe 9292 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer SUCCESS Type: REG_SZ, Length: 42, Data: http=127.0.0.1:15571 46:52.7 FRST64.exe 9292 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride SUCCESS Type: REG_SZ, Length: 84, Data: <local>;*origin.com;*ea.com;*akamaihd.net 46:52.7 FRST64.exe 9292 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass SUCCESS Type: REG_DWORD, Length: 4, Data: 1 46:52.7 FRST64.exe 9292 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass SUCCESS Type: REG_DWORD, Length: 4, Data: 1 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass SUCCESS Type: REG_DWORD, Length: 4, Data: 1 46:52.7 chrome.exe 5456 RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser NAME NOT FOUND Length: 144 46:52.7 chrome.exe 5456 RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser NAME NOT FOUND Length: 144 46:55.5 igfxsrvc.exe 10156 RegOpenKey HKCU\Software\Classes\Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 46:55.5 igfxsrvc.exe 10156 RegOpenKey HKCR\Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:55.5 igfxsrvc.exe 10156 RegQueryKey HKCR\Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}\ProxyStubClsid32 SUCCESS Query: Name 46:55.5 igfxsrvc.exe 10156 RegQueryKey HKCR\Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x0 46:55.5 igfxsrvc.exe 10156 RegOpenKey HKCU\Software\Classes\Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:55.5 igfxsrvc.exe 10156 RegQueryValue HKCR\Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {DDA11344-AB20-4AEC-94C4-6AA091574CD0} 46:55.5 igfxsrvc.exe 10156 RegCloseKey HKCR\Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}\ProxyStubClsid32 SUCCESS   46:55.5 igfxsrvc.exe 10156 RegOpenKey HKCU\Software\Classes\Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 46:55.5 igfxsrvc.exe 10156 RegOpenKey HKCR\Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:55.5 igfxsrvc.exe 10156 RegQueryKey HKCR\Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}\ProxyStubClsid32 SUCCESS Query: Name 46:55.5 igfxsrvc.exe 10156 RegQueryKey HKCR\Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x0 46:55.5 igfxsrvc.exe 10156 RegOpenKey HKCU\Software\Classes\Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:55.5 igfxsrvc.exe 10156 RegQueryValue HKCR\Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {DDA11344-AB20-4AEC-94C4-6AA091574CD0} 46:55.5 igfxsrvc.exe 10156 RegCloseKey HKCR\Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}\ProxyStubClsid32 SUCCESS   47:02.0 DllHost.exe 4352 QueryNameInformationFile C:\Program Files (x86)\Common Files\Sony Shared\Sony Utilities\SSLProxyCOM.dll SUCCESS Name: \Program Files (x86)\Common Files\Sony Shared\Sony Utilities\SSLProxyCOM.dll 47:02.1 iexplore.exe 8160 QueryNameInformationFile C:\Program Files\Internet Explorer\ieproxy.dll SUCCESS Name: \Program Files\Internet Explorer\ieproxy.dll 47:02.1 IEXPLORE.EXE 8896 QueryNameInformationFile C:\Program Files (x86)\Internet Explorer\ieproxy.dll SUCCESS Name: \Program Files (x86)\Internet Explorer\ieproxy.dll 47:02.1 FRST64.exe 9292 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable SUCCESS   47:02.2 FRST64.exe 9292 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer SUCCESS   47:02.2 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.2 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 47:02.2 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   47:02.2 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{4F5385F1-F9A8-4536-9920-93E8D144DBD0}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.2 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{4F5385F1-F9A8-4536-9920-93E8D144DBD0}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {B056521A-9B10-425E-B616-1FCD828DB3B1} 47:02.2 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{4F5385F1-F9A8-4536-9920-93E8D144DBD0}\ProxyStubClsid32 SUCCESS   47:02.3 SearchProtocolHost.exe 9508 RegOpenKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchProtocolHost.exe 9508 RegQueryValue HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 47:02.3 SearchProtocolHost.exe 9508 RegCloseKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   47:02.3 SearchProtocolHost.exe 9508 RegOpenKey HKCR\Interface\{4F5385F1-F9A8-4536-9920-93E8D144DBD0}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchProtocolHost.exe 9508 RegQueryValue HKCR\Interface\{4F5385F1-F9A8-4536-9920-93E8D144DBD0}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {B056521A-9B10-425E-B616-1FCD828DB3B1} 47:02.3 SearchProtocolHost.exe 9508 RegCloseKey HKCR\Interface\{4F5385F1-F9A8-4536-9920-93E8D144DBD0}\ProxyStubClsid32 SUCCESS   47:02.3 SearchProtocolHost.exe 9508 RegOpenKey HKCR\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchProtocolHost.exe 9508 RegQueryValue HKCR\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 47:02.3 SearchProtocolHost.exe 9508 RegCloseKey HKCR\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020420-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32 SUCCESS   47:02.4 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{89BCB740-6119-101A-BCB7-00DD010655AF}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.4 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{89BCB740-6119-101A-BCB7-00DD010655AF}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {B056521A-9B10-425E-B616-1FCD828DB3B1} 47:02.4 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{89BCB740-6119-101A-BCB7-00DD010655AF}\ProxyStubClsid32 SUCCESS   47:02.4 SearchProtocolHost.exe 9508 RegOpenKey HKCR\Interface\{89BCB740-6119-101A-BCB7-00DD010655AF}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.4 SearchProtocolHost.exe 9508 RegQueryValue HKCR\Interface\{89BCB740-6119-101A-BCB7-00DD010655AF}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {B056521A-9B10-425E-B616-1FCD828DB3B1} 47:02.4 SearchProtocolHost.exe 9508 RegCloseKey HKCR\Interface\{89BCB740-6119-101A-BCB7-00DD010655AF}\ProxyStubClsid32 SUCCESS   47:04.8 WerFault.exe 6992 RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser NAME NOT FOUND Length: 144 47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 47:15.8 firefox.exe 5536 RegOpenKey HKCR\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Query: Name 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x401 47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 47:15.8 firefox.exe 5536 RegQueryValue HKCR\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 47:15.8 firefox.exe 5536 RegCloseKey HKCR\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 47:15.8 firefox.exe 5536 RegOpenKey HKCR\Wow6432Node\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32 SUCCESS Query: Name 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x401 47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 47:15.8 firefox.exe 5536 RegQueryValue HKCR\Wow6432Node\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {7C857801-7381-11CF-884D-00AA004B2E24} 47:15.8 firefox.exe 5536 RegCloseKey HKCR\Wow6432Node\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32 SUCCESS   47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 47:15.8 firefox.exe 5536 RegOpenKey HKCR\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32 SUCCESS Query: Name 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x401 47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 47:15.8 firefox.exe 5536 RegQueryValue HKCR\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {7C857801-7381-11CF-884D-00AA004B2E24} 47:15.8 firefox.exe 5536 RegCloseKey HKCR\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32 SUCCESS   47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 47:15.8 firefox.exe 5536 RegOpenKey HKCR\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32 SUCCESS Query: Name 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x401 47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 47:15.8 firefox.exe 5536 RegQueryValue HKCR\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {D68AF00A-29CB-43FA-8504-CE99A996D9EA} 47:15.8 firefox.exe 5536 RegCloseKey HKCR\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32 SUCCESS   47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 47:15.8 firefox.exe 5536 RegOpenKey HKCR\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32 SUCCESS Query: Name 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x401 47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 47:15.8 firefox.exe 5536 RegQueryValue HKCR\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {1B1CAD8C-2DAB-11D2-B604-00104B703EFD} 47:15.8 firefox.exe 5536 RegCloseKey HKCR\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32 SUCCESS   47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 47:15.8 firefox.exe 5536 RegOpenKey HKCR\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32 SUCCESS Query: Name 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x401 47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 47:15.8 firefox.exe 5536 RegQueryValue HKCR\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {7C857801-7381-11CF-884D-00AA004B2E24} 47:15.8 firefox.exe 5536 RegCloseKey HKCR\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32 SUCCESS   47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 47:15.8 firefox.exe 5536 RegOpenKey HKCR\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32 SUCCESS Query: Name 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x401 47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 47:15.8 firefox.exe 5536 RegQueryValue HKCR\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {7C857801-7381-11CF-884D-00AA004B2E24} 47:15.8 firefox.exe 5536 RegCloseKey HKCR\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32 SUCCESS  

#10 rxqual

rxqual
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 03 September 2014 - 09:07 AM

Hi,

 

Updated.

 

Time of Day Process Name PID Operation Path Result Detail 46:48.5 DllHost.exe 4876 RegOpenKey HKCU\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 46:48.5 DllHost.exe 4876 RegOpenKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:48.5 DllHost.exe 4876 RegQueryKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Query: Name 46:48.5 DllHost.exe 4876 RegQueryKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x0 46:48.5 DllHost.exe 4876 RegOpenKey HKCU\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:48.5 DllHost.exe 4876 RegQueryValue HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 46:48.5 DllHost.exe 4876 RegCloseKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   46:48.5 DllHost.exe 4876 RegOpenKey HKCU\Software\Classes\Interface\{75121952-E0D0-43E5-9380-1D80483ACF72}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 46:48.5 DllHost.exe 4876 RegOpenKey HKCR\Interface\{75121952-E0D0-43E5-9380-1D80483ACF72}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:48.5 DllHost.exe 4876 RegQueryKey HKCR\Interface\{75121952-E0D0-43E5-9380-1D80483ACF72}\ProxyStubClsid32 SUCCESS Query: Name 46:48.5 DllHost.exe 4876 RegQueryKey HKCR\Interface\{75121952-E0D0-43E5-9380-1D80483ACF72}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x0 46:48.5 DllHost.exe 4876 RegOpenKey HKCU\Software\Classes\Interface\{75121952-E0D0-43E5-9380-1D80483ACF72}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:48.5 DllHost.exe 4876 RegQueryValue HKCR\Interface\{75121952-E0D0-43E5-9380-1D80483ACF72}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {F562A2C8-E850-4F05-8E7A-E7192E4E6C23} 46:48.5 DllHost.exe 4876 RegCloseKey HKCR\Interface\{75121952-E0D0-43E5-9380-1D80483ACF72}\ProxyStubClsid32 SUCCESS   46:49.0 safeboxservice.exe 4608 RegOpenKey HKCR\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access 46:49.0 safeboxservice.exe 4608 RegQueryValue HKCR\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 46:49.0 safeboxservice.exe 4608 RegCloseKey HKCR\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32 SUCCESS   46:49.0 Explorer.EXE 1868 RegOpenKey HKCU\Software\Classes\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:49.0 Explorer.EXE 1868 RegOpenKey HKCR\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 46:49.0 Explorer.EXE 1868 RegQueryKey HKCR\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32 SUCCESS Query: Name 46:49.0 Explorer.EXE 1868 RegQueryKey HKCR\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x0 46:49.0 Explorer.EXE 1868 RegOpenKey HKCU\Software\Classes\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:49.0 Explorer.EXE 1868 RegQueryValue HKCR\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 46:49.0 Explorer.EXE 1868 RegCloseKey HKCR\Interface\{E88D15A5-0510-4115-9AEE-A8421C96DFFF}\ProxyStubClsid32 SUCCESS   46:49.1 Explorer.EXE 1868 RegOpenKey HKCU\Software\Classes\Interface\{43658EED-A3DC-4919-86C3-925B40218BBA}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:49.1 Explorer.EXE 1868 RegOpenKey HKCR\Interface\{43658EED-A3DC-4919-86C3-925B40218BBA}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 46:49.1 Explorer.EXE 1868 RegQueryKey HKCR\Interface\{43658EED-A3DC-4919-86C3-925B40218BBA}\ProxyStubClsid32 SUCCESS Query: Name 46:49.1 Explorer.EXE 1868 RegQueryKey HKCR\Interface\{43658EED-A3DC-4919-86C3-925B40218BBA}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x0 46:49.1 Explorer.EXE 1868 RegOpenKey HKCU\Software\Classes\Interface\{43658EED-A3DC-4919-86C3-925B40218BBA}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:49.1 Explorer.EXE 1868 RegQueryValue HKCR\Interface\{43658EED-A3DC-4919-86C3-925B40218BBA}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 46:49.1 Explorer.EXE 1868 RegCloseKey HKCR\Interface\{43658EED-A3DC-4919-86C3-925B40218BBA}\ProxyStubClsid32 SUCCESS   46:51.3 igfxsrvc.exe 10156 RegOpenKey HKCU\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 46:51.3 igfxsrvc.exe 10156 RegOpenKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:51.3 igfxsrvc.exe 10156 RegQueryKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Query: Name 46:51.3 igfxsrvc.exe 10156 RegQueryKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x0 46:51.3 igfxsrvc.exe 10156 RegOpenKey HKCU\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:51.3 igfxsrvc.exe 10156 RegQueryValue HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 46:51.3 igfxsrvc.exe 10156 RegCloseKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   46:51.3 igfxsrvc.exe 10156 RegOpenKey HKCU\Software\Classes\Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 46:51.3 igfxsrvc.exe 10156 RegOpenKey HKCR\Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:51.3 igfxsrvc.exe 10156 RegQueryKey HKCR\Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}\ProxyStubClsid32 SUCCESS Query: Name 46:51.3 igfxsrvc.exe 10156 RegQueryKey HKCR\Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x0 46:51.3 igfxsrvc.exe 10156 RegOpenKey HKCU\Software\Classes\Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:51.3 igfxsrvc.exe 10156 RegQueryValue HKCR\Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {DDA11344-AB20-4AEC-94C4-6AA091574CD0} 46:51.3 igfxsrvc.exe 10156 RegCloseKey HKCR\Interface\{916FEC45-8FAB-460F-9BD1-325055E3DEC9}\ProxyStubClsid32 SUCCESS   46:52.2 DllHost.exe 8500 RegOpenKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:52.2 DllHost.exe 8500 RegQueryValue HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 46:52.2 DllHost.exe 8500 RegCloseKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   46:52.2 DllHost.exe 8500 RegOpenKey HKCR\Interface\{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:52.2 DllHost.exe 8500 RegQueryValue HKCR\Interface\{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} 46:52.2 DllHost.exe 8500 RegCloseKey HKCR\Interface\{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\ProxyStubClsid32 SUCCESS   46:52.5 DllHost.exe 8936 RegOpenKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:52.5 DllHost.exe 8936 RegQueryValue HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 46:52.5 DllHost.exe 8936 RegCloseKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   46:52.5 DllHost.exe 8936 RegOpenKey HKCR\Interface\{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:52.5 DllHost.exe 8936 RegQueryValue HKCR\Interface\{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} 46:52.5 DllHost.exe 8936 RegCloseKey HKCR\Interface\{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\ProxyStubClsid32 SUCCESS   46:52.7 FRST64.exe 9292 RegOpenKey HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289 NAME NOT FOUND Desired Access: Query Value 46:52.7 FRST64.exe 9292 RegOpenKey HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289 NAME NOT FOUND Desired Access: Query Value 46:52.7 FRST64.exe 9292 RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableLegacyAutoProxyFeatures NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType NAME NOT FOUND Length: 144 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy SUCCESS Type: REG_DWORD, Length: 4, Data: 1 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable SUCCESS Type: REG_DWORD, Length: 4, Data: 1 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer SUCCESS Type: REG_SZ, Length: 42, Data: http=127.0.0.1:15571 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride SUCCESS Type: REG_SZ, Length: 84, Data: <local>;*origin.com;*ea.com;*akamaihd.net 46:52.7 FRST64.exe 9292 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable SUCCESS Type: REG_DWORD, Length: 4, Data: 1 46:52.7 FRST64.exe 9292 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer SUCCESS Type: REG_SZ, Length: 42, Data: http=127.0.0.1:15571 46:52.7 FRST64.exe 9292 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride SUCCESS Type: REG_SZ, Length: 84, Data: <local>;*origin.com;*ea.com;*akamaihd.net 46:52.7 FRST64.exe 9292 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass SUCCESS Type: REG_DWORD, Length: 4, Data: 1 46:52.7 FRST64.exe 9292 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass SUCCESS Type: REG_DWORD, Length: 4, Data: 1 46:52.7 FRST64.exe 9292 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass SUCCESS Type: REG_DWORD, Length: 4, Data: 1 46:52.7 chrome.exe 5456 RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser NAME NOT FOUND Length: 144 46:52.7 chrome.exe 5456 RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser NAME NOT FOUND Length: 144 46:55.5 igfxsrvc.exe 10156 RegOpenKey HKCU\Software\Classes\Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 46:55.5 igfxsrvc.exe 10156 RegOpenKey HKCR\Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:55.5 igfxsrvc.exe 10156 RegQueryKey HKCR\Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}\ProxyStubClsid32 SUCCESS Query: Name 46:55.5 igfxsrvc.exe 10156 RegQueryKey HKCR\Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x0 46:55.5 igfxsrvc.exe 10156 RegOpenKey HKCU\Software\Classes\Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:55.5 igfxsrvc.exe 10156 RegQueryValue HKCR\Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {DDA11344-AB20-4AEC-94C4-6AA091574CD0} 46:55.5 igfxsrvc.exe 10156 RegCloseKey HKCR\Interface\{63CDDDB9-A85B-411E-AA78-101B3BC17261}\ProxyStubClsid32 SUCCESS   46:55.5 igfxsrvc.exe 10156 RegOpenKey HKCU\Software\Classes\Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 46:55.5 igfxsrvc.exe 10156 RegOpenKey HKCR\Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}\ProxyStubClsid32 SUCCESS Desired Access: Read 46:55.5 igfxsrvc.exe 10156 RegQueryKey HKCR\Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}\ProxyStubClsid32 SUCCESS Query: Name 46:55.5 igfxsrvc.exe 10156 RegQueryKey HKCR\Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x0 46:55.5 igfxsrvc.exe 10156 RegOpenKey HKCU\Software\Classes\Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 46:55.5 igfxsrvc.exe 10156 RegQueryValue HKCR\Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {DDA11344-AB20-4AEC-94C4-6AA091574CD0} 46:55.5 igfxsrvc.exe 10156 RegCloseKey HKCR\Interface\{DC61FD6D-FB60-4ABC-BF2E-4DF75C90C601}\ProxyStubClsid32 SUCCESS   47:02.0 DllHost.exe 4352 QueryNameInformationFile C:\Program Files (x86)\Common Files\Sony Shared\Sony Utilities\SSLProxyCOM.dll SUCCESS Name: \Program Files (x86)\Common Files\Sony Shared\Sony Utilities\SSLProxyCOM.dll 47:02.1 iexplore.exe 8160 QueryNameInformationFile C:\Program Files\Internet Explorer\ieproxy.dll SUCCESS Name: \Program Files\Internet Explorer\ieproxy.dll 47:02.1 IEXPLORE.EXE 8896 QueryNameInformationFile C:\Program Files (x86)\Internet Explorer\ieproxy.dll SUCCESS Name: \Program Files (x86)\Internet Explorer\ieproxy.dll 47:02.1 FRST64.exe 9292 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable SUCCESS   47:02.2 FRST64.exe 9292 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer SUCCESS   47:02.2 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.2 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 47:02.2 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   47:02.2 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{4F5385F1-F9A8-4536-9920-93E8D144DBD0}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.2 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{4F5385F1-F9A8-4536-9920-93E8D144DBD0}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {B056521A-9B10-425E-B616-1FCD828DB3B1} 47:02.2 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{4F5385F1-F9A8-4536-9920-93E8D144DBD0}\ProxyStubClsid32 SUCCESS   47:02.3 SearchProtocolHost.exe 9508 RegOpenKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchProtocolHost.exe 9508 RegQueryValue HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 47:02.3 SearchProtocolHost.exe 9508 RegCloseKey HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   47:02.3 SearchProtocolHost.exe 9508 RegOpenKey HKCR\Interface\{4F5385F1-F9A8-4536-9920-93E8D144DBD0}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchProtocolHost.exe 9508 RegQueryValue HKCR\Interface\{4F5385F1-F9A8-4536-9920-93E8D144DBD0}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {B056521A-9B10-425E-B616-1FCD828DB3B1} 47:02.3 SearchProtocolHost.exe 9508 RegCloseKey HKCR\Interface\{4F5385F1-F9A8-4536-9920-93E8D144DBD0}\ProxyStubClsid32 SUCCESS   47:02.3 SearchProtocolHost.exe 9508 RegOpenKey HKCR\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchProtocolHost.exe 9508 RegQueryValue HKCR\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 47:02.3 SearchProtocolHost.exe 9508 RegCloseKey HKCR\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020420-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E4-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E2-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E3-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E9-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651EA-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651DF-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651E0-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651F6-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{B05651F8-9B10-425E-B616-1FCD828DB3B1}\ProxyStubClsid32 SUCCESS   47:02.3 SearchIndexer.exe 3636 RegOpenKey HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read, Write DAC 47:02.3 SearchIndexer.exe 3636 RegQueryValue HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchIndexer.exe 3636 RegCloseKey HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32 SUCCESS   47:02.3 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32 SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 47:02.3 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046} 47:02.3 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{9D0876CA-02DC-453A-95D9-F2194A656442}\ProxyStubClsid32 SUCCESS   47:02.4 SearchFilterHost.exe 10100 RegOpenKey HKCR\Interface\{89BCB740-6119-101A-BCB7-00DD010655AF}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.4 SearchFilterHost.exe 10100 RegQueryValue HKCR\Interface\{89BCB740-6119-101A-BCB7-00DD010655AF}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {B056521A-9B10-425E-B616-1FCD828DB3B1} 47:02.4 SearchFilterHost.exe 10100 RegCloseKey HKCR\Interface\{89BCB740-6119-101A-BCB7-00DD010655AF}\ProxyStubClsid32 SUCCESS   47:02.4 SearchProtocolHost.exe 9508 RegOpenKey HKCR\Interface\{89BCB740-6119-101A-BCB7-00DD010655AF}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:02.4 SearchProtocolHost.exe 9508 RegQueryValue HKCR\Interface\{89BCB740-6119-101A-BCB7-00DD010655AF}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {B056521A-9B10-425E-B616-1FCD828DB3B1} 47:02.4 SearchProtocolHost.exe 9508 RegCloseKey HKCR\Interface\{89BCB740-6119-101A-BCB7-00DD010655AF}\ProxyStubClsid32 SUCCESS   47:04.8 WerFault.exe 6992 RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser NAME NOT FOUND Length: 144 47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 47:15.8 firefox.exe 5536 RegOpenKey HKCR\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Query: Name 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x401 47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 47:15.8 firefox.exe 5536 RegQueryValue HKCR\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046} 47:15.8 firefox.exe 5536 RegCloseKey HKCR\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 SUCCESS   47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 47:15.8 firefox.exe 5536 RegOpenKey HKCR\Wow6432Node\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32 SUCCESS Query: Name 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x401 47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 47:15.8 firefox.exe 5536 RegQueryValue HKCR\Wow6432Node\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {7C857801-7381-11CF-884D-00AA004B2E24} 47:15.8 firefox.exe 5536 RegCloseKey HKCR\Wow6432Node\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32 SUCCESS   47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 47:15.8 firefox.exe 5536 RegOpenKey HKCR\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32 SUCCESS Query: Name 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x401 47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 47:15.8 firefox.exe 5536 RegQueryValue HKCR\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {7C857801-7381-11CF-884D-00AA004B2E24} 47:15.8 firefox.exe 5536 RegCloseKey HKCR\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32 SUCCESS   47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 47:15.8 firefox.exe 5536 RegOpenKey HKCR\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32 SUCCESS Query: Name 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x401 47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 47:15.8 firefox.exe 5536 RegQueryValue HKCR\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {D68AF00A-29CB-43FA-8504-CE99A996D9EA} 47:15.8 firefox.exe 5536 RegCloseKey HKCR\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32 SUCCESS   47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 47:15.8 firefox.exe 5536 RegOpenKey HKCR\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32 SUCCESS Query: Name 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x401 47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 47:15.8 firefox.exe 5536 RegQueryValue HKCR\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {1B1CAD8C-2DAB-11D2-B604-00104B703EFD} 47:15.8 firefox.exe 5536 RegCloseKey HKCR\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32 SUCCESS   47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 47:15.8 firefox.exe 5536 RegOpenKey HKCR\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32 SUCCESS Query: Name 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x401 47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 47:15.8 firefox.exe 5536 RegQueryValue HKCR\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {7C857801-7381-11CF-884D-00AA004B2E24} 47:15.8 firefox.exe 5536 RegCloseKey HKCR\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32 SUCCESS   47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read 47:15.8 firefox.exe 5536 RegOpenKey HKCR\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32 SUCCESS Desired Access: Read 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32 SUCCESS Query: Name 47:15.8 firefox.exe 5536 RegQueryKey HKCR\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32 SUCCESS Query: HandleTags, HandleTags: 0x401 47:15.8 firefox.exe 5536 RegOpenKey HKCU\Software\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed 47:15.8 firefox.exe 5536 RegQueryValue HKCR\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default) SUCCESS Type: REG_SZ, Length: 78, Data: {7C857801-7381-11CF-884D-00AA004B2E24} 47:15.8 firefox.exe 5536 RegCloseKey HKCR\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32 SUCCESS  

#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 AM

Posted 03 September 2014 - 10:59 AM

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#12 rxqual

rxqual
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 03 September 2014 - 08:06 PM

Hi Aharonov,

 

Output from the log file as below.

Thanks.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 01
Ran by syahrul (administrator) on SYAHRUL-VAIO on 04-09-2014 09:04:52
Running from C:\Users\syahrul\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(AuthenTec, Inc) C:\Program Files\TrueSuite\TrueSuite.Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\ChgService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Progress Software Corp.) C:\Program Files (x86)\Common Files\Progress Software\ObjectStore 7.0\bin\oscmgr6.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
(Progress Software Corp.) C:\Program Files (x86)\Common Files\Progress Software\ObjectStore 7.0\bin\osserver.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Anite) C:\Program Files (x86)\Anite\Nemo Analyze\AnalyzeGuard.exe
(Ziff-Davis Media, Inc.) D:\01_Peace\03_Download Center\NetPerSec_v1.1.4_(WWW.CRACK-CD.COM)\NetPerSec.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(www.IslamicFinder.org) C:\Program Files (x86)\Athan\Athan.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sysinternals - www.sysinternals.com) C:\Users\syahrul\Downloads\ProcessMonitor\Procmon.exe
(Sysinternals - www.sysinternals.com) C:\Users\syahrul\AppData\Local\Temp\Procmon64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(iolo technologies, LLC) C:\Program Files\Sony\VAIO Care\Iolo\ioloTools.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(AuthenTec Inc.) C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2011-06-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2179688 2011-06-17] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-06-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ClientAppLogon] => C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [ClientAppLogon32] => C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2012-01-04] (Intel® Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-17] (Bitdefender)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-21] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2801288 2011-06-01] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-16] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-12-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Athan] => C:\Program Files (x86)\Athan\Athan.exe [1216512 2014-05-04] (www.IslamicFinder.org)
HKLM-x32\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [77056 2013-05-16] (WordWeb Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-17] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-17] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-17] (Bitdefender)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-17] (Bitdefender)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-17] (Bitdefender)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-17] (Bitdefender)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\Run: [GoogleChromeAutoLaunch_1B1B5316B74349678A8ED142D2B49890] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\Run: [Google Update] => C:\Users\syahrul\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-17] (Google Inc.)
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\MountPoints2: F - F:\.\ShowModem.exe
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\MountPoints2: {2aad15d5-08d5-11e4-8542-88532e651a57} - F:\.\ShowModem.exe
HKU\S-1-5-21-19288706-1046810751-1018935600-1000\...\MountPoints2: {ab6ae2cf-0047-11e4-ac8b-88532e651a57} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nemo Analyze Guard.lnk
ShortcutTarget: Nemo Analyze Guard.lnk -> C:\Program Files (x86)\Anite\Nemo Analyze\AnalyzeGuard.exe (Anite)
Startup: C:\Users\syahrul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPerSec.lnk
ShortcutTarget: NetPerSec.lnk -> D:\01_Peace\03_Download Center\NetPerSec_v1.1.4_(WWW.CRACK-CD.COM)\NetPerSec.exe (Ziff-Davis Media, Inc.)
ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:15571
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://corp.sony.com.my/vaio/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {4EA8B7F7-39D2-477A-9B7A-51E3E36BB6D6} URL = http://www.baidu.com/baidu?tn=dealio_dg&wd={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: TrueSuite WebStore -> {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: TrueSuite WebStore -> {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: EZ YouTube Video Downloader 1.0 -> {FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A} -> C:\PROGRA~2\EZYOUT~1\yvd.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {76CBDDBA-3897-4EAC-A1D3-CCC47DE82EFB} https://btsesise1.mi3g.lcl:8443/auth/provisioning/download/239aa7cd-d04f-4223-97e3-4ec0fcf9091e/taweb.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.1.65.100 10.1.65.99

FireFox:
========
FF ProfilePath: C:\Users\syahrul\AppData\Roaming\Mozilla\Firefox\Profiles\fx1u642h.default
FF Homepage: hxxp://www.google.com.my
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "backup.ftp", "10.1.255.20"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "10.1.255.20"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "10.1.255.20"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "10.1.255.20"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "10.1.255.20"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "10.1.255.20"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "10.1.255.20"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\syahrul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\syahrul\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\syahrul\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\syahrul\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\SpeedUp\SpeedUpAppsStore\bin\npAppUp.dll No File
FF user.js: detected! => C:\Users\syahrul\AppData\Roaming\Mozilla\Firefox\Profiles\fx1u642h.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\logging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\syahrul\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\syahrul\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\syahrul\AppData\Roaming\Mozilla\Firefox\Profiles\fx1u642h.default\searchplugins\baidu.xml
FF Extension: TrueSuite Website Log On - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com [2014-09-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-08-22]
FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-05-25]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-05-25]
FF HKLM-x32\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2014-05-27]
FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com.my/"
CHR NewTab: Default -> "chrome-extension://gpiifgmgnfdiblgpaepbmfdkcheicgof/redirect.html"
CHR DefaultSearchKeyword: Default -> 5B760B62C97ACDB4C5A6DF5C5212F3E8BD7830938D0BFED58314B502FD23D0E4
CHR DefaultSearchURL: Default -> 805B94190E1DF8505223AB471E08E8AE3B0EEAE8F7BE3A8F6BC4A45954984623
CHR Profile: C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-27]
CHR Extension: (Google Drive) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-27]
CHR Extension: (Google Search) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-27]
CHR Extension: (Skype Click to Call) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-29]
CHR Extension: (Shopping Helper) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof [2014-08-16]
CHR Extension: (Google Wallet) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-27]
CHR Extension: (Website Logon) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo [2014-05-27]
CHR Extension: (Gmail) - C:\Users\syahrul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-05-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [oiokdoppleiafjmfmggefbkghfblaplo] - C:\Program Files\TrueSuite\x86\tschrome.crx [2010-11-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-19] (ArcSoft Inc.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-17] (Bitdefender)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-11-14] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1355840 2011-11-14] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-11-14] (Intel Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Change Modem Device Service; C:\Windows\SysWOW64\ChgService.exe [135168 2011-09-19] () [File not signed]
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [111776 2011-08-25] (Atheros Communication Inc.) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [294216 2011-04-26] (AuthenTec, Inc)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2012-01-04] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
R2 ObjectStore Cache Manager R7.0; C:\Program Files (x86)\Common Files\Progress Software\ObjectStore 7.0\bin\oscmgr6.exe [162816 2013-02-28] (Progress Software Corp.) [File not signed]
R2 ObjectStore Server R7.0; C:\Program Files (x86)\Common Files\Progress Software\ObjectStore 7.0\bin\osserver.exe [545792 2013-02-28] (Progress Software Corp.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-24] (ArcSoft, Inc.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-17] (Bitdefender)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-17] (Bitdefender)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-17] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-17] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-08-19] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-17] (BitDefender S.R.L.)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-05-27] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-05-27] (Microsoft Corporation) [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 22:32 - 2014-09-03 22:32 - 00000085 ____C () C:\Users\syahrul\Downloads\fixlist.txt
2014-09-03 21:43 - 2014-09-03 21:50 - 00000000 ___DC () C:\Users\syahrul\Downloads\ProcessMonitor
2014-09-03 21:43 - 2014-09-03 21:43 - 01121208 ____C () C:\Users\syahrul\Downloads\ProcessMonitor.zip
2014-09-03 19:01 - 2014-09-04 09:04 - 00035391 ____C () C:\Users\syahrul\Downloads\FRST.txt
2014-09-03 19:01 - 2014-09-03 19:02 - 00071419 ____C () C:\Users\syahrul\Downloads\Addition.txt
2014-09-03 18:52 - 2014-09-04 09:04 - 00000000 ___DC () C:\FRST
2014-09-03 18:52 - 2014-09-03 18:52 - 02104832 ____C (Farbar) C:\Users\syahrul\Downloads\FRST64.exe
2014-09-03 18:14 - 2014-09-03 18:15 - 00000677 ____C () C:\DelFix.txt
2014-09-03 18:14 - 2014-09-03 18:14 - 00000000 ___DC () C:\Windows\ERUNT
2014-09-03 18:06 - 2014-09-03 18:06 - 00000000 ___DC () C:\Users\syahrul\AppData\Temp
2014-09-03 17:18 - 2014-09-03 17:54 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:18 - 2014-09-03 17:18 - 00001108 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:18 - 2014-09-03 17:18 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:17 - 2014-09-03 17:18 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:17 - 2014-09-03 17:17 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2014-09-03 17:17 - 2014-05-12 07:26 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-03 17:17 - 2014-05-12 07:26 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 17:17 - 2014-05-12 07:25 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 17:15 - 2014-09-03 17:15 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\syahrul\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 10:33 - 2014-09-03 10:33 - 00000000 ___DC () C:\Users\syahrul\AppData\Local\Norman Malware Cleaner
2014-09-03 10:20 - 2014-09-03 10:33 - 352379672 ____C (Norman Shark AS) C:\Users\syahrul\Downloads\Norman_Malware_Cleaner.exe
2014-09-02 11:01 - 2014-09-02 11:01 - 00001718 ____C () C:\Users\syahrul\Desktop\Celcom_OSS.lnk
2014-09-02 10:54 - 2014-09-02 12:51 - 00000032 ____C () C:\Windows\concentr.ini
2014-09-02 10:52 - 2014-09-02 11:01 - 00000045 ____C () C:\Windows\webica.ini
2014-09-02 10:52 - 2014-09-02 11:01 - 00000037 ____C () C:\WFCNAME.INI
2014-09-02 10:51 - 2014-09-02 10:25 - 00000000 ___DC () C:\Program Files\ICA Client
2014-09-02 10:31 - 2014-09-02 10:31 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Citrix
2014-09-02 10:18 - 2014-09-02 10:18 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
2014-09-02 10:18 - 2014-09-02 10:18 - 00000000 ___DC () C:\Program Files (x86)\Citrix
2014-09-01 14:07 - 2014-09-03 10:29 - 02214299 ____C () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.1.exe
2014-09-01 00:28 - 2014-09-01 00:28 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\captcha_error
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files\iTunes
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files\iPod
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files (x86)\iTunes
2014-08-29 16:22 - 2014-08-29 16:22 - 00001459 ____C () C:\Users\syahrul\Desktop\Web Intelligence Rich Client.lnk
2014-08-28 09:25 - 2014-08-28 10:13 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 09:25 - 2014-08-28 10:13 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:25 - 2014-08-28 10:13 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-26 18:09 - 2014-08-26 18:09 - 00002504 ____C () C:\Users\syahrul\.isqlPreferences11
2014-08-26 18:09 - 2014-08-26 18:09 - 00000073 ____C () C:\Users\syahrul\.jlogon11
2014-08-26 18:09 - 2014-08-26 18:09 - 00000034 ____C () C:\Users\syahrul\.isqlHistory11
2014-08-26 17:58 - 2014-08-26 17:58 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Business Objects
2014-08-26 17:31 - 2014-08-26 17:31 - 00000000 ___DC () C:\ProgramData\SQL Anywhere 11
2014-08-26 17:09 - 2014-08-26 18:09 - 00000000 ___DC () C:\ProgramData\Sybase Central 6.0.0
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\Users\syahrul\sybase
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\ProgramData\SybaseIQ
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\ProgramData\DBISQL 11.0.1
2014-08-26 17:08 - 2014-08-26 17:08 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sybase
2014-08-26 17:07 - 2014-08-26 17:10 - 00000000 ___DC () C:\Sybase
2014-08-26 11:38 - 2014-08-26 11:39 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-26 11:38 - 2014-08-26 11:39 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-26 11:38 - 2014-08-26 11:39 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-26 11:38 - 2014-08-26 11:39 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-26 11:37 - 2014-08-26 11:40 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-26 11:36 - 2014-08-26 11:39 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-26 11:36 - 2014-08-26 11:39 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-26 11:36 - 2014-08-26 11:39 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-26 11:36 - 2014-08-26 11:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-25 18:37 - 2014-08-25 18:37 - 00851456 ____C () C:\Users\syahrul\Downloads\mcom2001-site-data.xls
2014-08-25 18:37 - 2014-08-25 18:37 - 00374272 ____C () C:\Users\syahrul\Downloads\mcom2001-gsm-carrier-data.xls
2014-08-25 15:05 - 2014-08-25 15:05 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BusinessObjects XI 3.1
2014-08-25 15:04 - 2014-08-26 18:01 - 00000544 ____C () C:\Windows\ODBC.INI
2014-08-25 14:39 - 2014-08-26 17:12 - 00000000 ___DC () C:\ebid
2014-08-25 12:26 - 2014-08-26 18:11 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\NetSarang
2014-08-25 12:21 - 2014-08-25 12:24 - 29813576 ____C (NetSarang Computer, Inc.) C:\Users\syahrul\Downloads\Xshell4.exe
2014-08-22 09:39 - 2014-09-02 10:18 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-08-21 15:54 - 2014-09-03 11:25 - 00000000 ___DC () C:\ProgramData\Degoo
2014-08-21 15:54 - 2014-08-21 15:54 - 00000000 ___DC () C:\Users\syahrul\.swt
2014-08-21 15:53 - 2014-08-21 15:54 - 22355720 ____C (Degoo Backup AB) C:\Users\syahrul\Downloads\DegooSetup-Production-1.0.743.exe
2014-08-19 17:07 - 2014-08-19 17:07 - 00345600 ____C () C:\Users\syahrul\Downloads\T065B00001F0041PPTE.ppt
2014-08-19 15:03 - 2014-08-19 15:03 - 00003276 ____C () C:\Windows\System32\Tasks\{EDA0CA98-04B3-420F-BF42-08B7BD642593}
2014-08-19 10:32 - 2014-08-19 10:32 - 00003142 ____C () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-08-19 10:32 - 2014-08-19 10:32 - 00002033 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
2014-08-19 10:32 - 2014-08-19 10:32 - 00000000 _RHDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-08-19 10:25 - 2014-08-19 10:29 - 114445544 ____C (Sony Corporation) C:\Users\syahrul\Downloads\EP0000322168.exe
2014-08-19 09:32 - 2014-09-03 19:57 - 00002530 ____C () C:\Windows\setupact.log
2014-08-19 09:32 - 2014-08-19 09:32 - 00000000 ____C () C:\Windows\setuperr.log
2014-08-17 02:13 - 2014-08-17 02:13 - 00419616 ____C (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-08-17 01:58 - 2014-08-17 01:58 - 00272808 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00098216 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-17 01:58 - 2014-08-17 01:58 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-08-17 01:02 - 2014-08-17 01:05 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 01:02 - 2014-08-17 01:05 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 01:02 - 2014-08-17 01:05 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 01:02 - 2014-08-17 01:05 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-17 01:02 - 2014-08-17 01:05 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 01:02 - 2014-08-17 01:05 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 01:01 - 2014-08-17 01:05 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 01:01 - 2014-08-17 01:05 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-17 01:00 - 2014-08-17 01:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-17 01:00 - 2014-08-17 01:06 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-17 01:00 - 2014-08-17 01:06 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-17 01:00 - 2014-08-17 01:06 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-17 01:00 - 2014-08-17 01:06 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-17 01:00 - 2014-08-17 01:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-17 00:20 - 2014-08-17 01:06 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-17 00:20 - 2014-08-17 01:06 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-17 00:20 - 2014-08-17 01:01 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-17 00:20 - 2014-08-17 01:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-17 00:19 - 2014-08-17 01:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-17 00:19 - 2014-08-17 01:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-17 00:19 - 2014-08-17 01:07 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-17 00:19 - 2014-08-17 01:07 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-17 00:19 - 2014-08-17 01:05 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-17 00:19 - 2014-08-17 01:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-16 19:52 - 2014-08-19 10:40 - 00000000 ___DC () C:\Update

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 09:05 - 2014-09-03 19:01 - 00035391 ____C () C:\Users\syahrul\Downloads\FRST.txt
2014-09-04 09:04 - 2014-09-03 18:52 - 00000000 ___DC () C:\FRST
2014-09-04 09:00 - 2014-05-22 23:33 - 00000000 ___DC () C:\Users\syahrul\Documents\Outlook Files
2014-09-04 08:35 - 2014-05-27 01:41 - 00000830 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 08:19 - 2014-07-17 10:14 - 00000916 ____C () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-19288706-1046810751-1018935600-1000UA.job
2014-09-04 08:10 - 2014-05-27 10:59 - 00000900 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-04 06:32 - 2014-05-22 14:59 - 01937155 ____C () C:\Windows\WindowsUpdate.log
2014-09-03 22:32 - 2014-09-03 22:32 - 00000085 ____C () C:\Users\syahrul\Downloads\fixlist.txt
2014-09-03 21:50 - 2014-09-03 21:43 - 00000000 ___DC () C:\Users\syahrul\Downloads\ProcessMonitor
2014-09-03 21:43 - 2014-09-03 21:43 - 01121208 ____C () C:\Users\syahrul\Downloads\ProcessMonitor.zip
2014-09-03 20:07 - 2009-07-14 12:45 - 00032240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-03 20:07 - 2009-07-14 12:45 - 00032240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 19:57 - 2014-08-19 09:32 - 00002530 ____C () C:\Windows\setupact.log
2014-09-03 19:57 - 2014-05-27 10:59 - 00000896 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-03 19:57 - 2009-07-14 13:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-09-03 19:56 - 2010-11-21 11:47 - 00643098 ____C () C:\Windows\PFRO.log
2014-09-03 19:02 - 2014-09-03 19:01 - 00071419 ____C () C:\Users\syahrul\Downloads\Addition.txt
2014-09-03 18:52 - 2014-09-03 18:52 - 02104832 ____C (Farbar) C:\Users\syahrul\Downloads\FRST64.exe
2014-09-03 18:15 - 2014-09-03 18:14 - 00000677 ____C () C:\DelFix.txt
2014-09-03 18:14 - 2014-09-03 18:14 - 00000000 ___DC () C:\Windows\ERUNT
2014-09-03 18:06 - 2014-09-03 18:06 - 00000000 ___DC () C:\Users\syahrul\AppData\Temp
2014-09-03 18:00 - 2014-05-22 15:05 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2014-09-03 17:55 - 2014-05-23 04:29 - 00410794 ____C () C:\Windows\system32\perfh00D.dat
2014-09-03 17:55 - 2014-05-23 04:29 - 00094374 ____C () C:\Windows\system32\perfc00D.dat
2014-09-03 17:55 - 2009-07-14 13:13 - 01280386 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-09-03 17:54 - 2014-09-03 17:18 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 17:44 - 2014-05-22 00:47 - 00000000 ___DC () C:\Users\syahrul\AppData\Local\VirtualStore
2014-09-03 17:30 - 2014-05-27 18:34 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Skype
2014-09-03 17:18 - 2014-09-03 17:18 - 00001108 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 17:18 - 2014-09-03 17:18 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 17:18 - 2014-09-03 17:17 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 17:17 - 2014-09-03 17:17 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2014-09-03 17:15 - 2014-09-03 17:15 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\syahrul\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-03 16:40 - 2014-06-25 16:40 - 00000000 ___DC () C:\Users\syahrul\ALEX_TMP
2014-09-03 16:29 - 2014-05-31 12:40 - 00000000 ___DC () C:\Users\syahrul\AppData\Local\Digsby
2014-09-03 12:17 - 2014-06-10 12:13 - 00000000 ___DC () C:\Windows\AutoKMS
2014-09-03 12:13 - 2014-06-06 18:20 - 00000000 ___DC () C:\Users\syahrul\Documents\My Received Files
2014-09-03 11:25 - 2014-08-21 15:54 - 00000000 ___DC () C:\ProgramData\Degoo
2014-09-03 10:57 - 2014-05-22 00:46 - 00000000 ___DC () C:\Windows\pss
2014-09-03 10:33 - 2014-09-03 10:33 - 00000000 ___DC () C:\Users\syahrul\AppData\Local\Norman Malware Cleaner
2014-09-03 10:33 - 2014-09-03 10:20 - 352379672 ____C (Norman Shark AS) C:\Users\syahrul\Downloads\Norman_Malware_Cleaner.exe
2014-09-03 10:29 - 2014-09-01 14:07 - 02214299 ____C () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.1.exe
2014-09-03 10:25 - 2014-07-01 16:51 - 00000000 ___DC () C:\Users\syahrul\AppData\Local\Deployment
2014-09-03 10:19 - 2014-07-17 10:14 - 00000864 ____C () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-19288706-1046810751-1018935600-1000Core.job
2014-09-02 12:51 - 2014-09-02 10:54 - 00000032 ____C () C:\Windows\concentr.ini
2014-09-02 11:01 - 2014-09-02 11:01 - 00001718 ____C () C:\Users\syahrul\Desktop\Celcom_OSS.lnk
2014-09-02 11:01 - 2014-09-02 10:52 - 00000045 ____C () C:\Windows\webica.ini
2014-09-02 11:01 - 2014-09-02 10:52 - 00000037 ____C () C:\WFCNAME.INI
2014-09-02 10:56 - 2014-05-22 00:46 - 00000000 ___DC () C:\Users\syahrul
2014-09-02 10:31 - 2014-09-02 10:31 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Citrix
2014-09-02 10:25 - 2014-09-02 10:51 - 00000000 ___DC () C:\Program Files\ICA Client
2014-09-02 10:18 - 2014-09-02 10:18 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
2014-09-02 10:18 - 2014-09-02 10:18 - 00000000 ___DC () C:\Program Files (x86)\Citrix
2014-09-02 10:18 - 2014-08-22 09:39 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 10:18 - 2014-05-27 11:23 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\ICAClient
2014-09-01 19:23 - 2014-05-27 11:27 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Nitro PDF
2014-09-01 01:34 - 2014-05-22 01:44 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\iolo
2014-09-01 00:28 - 2014-09-01 00:28 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\captcha_error
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files\iTunes
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files\iPod
2014-09-01 00:24 - 2014-09-01 00:24 - 00000000 ___DC () C:\Program Files (x86)\iTunes
2014-08-29 16:22 - 2014-08-29 16:22 - 00001459 ____C () C:\Users\syahrul\Desktop\Web Intelligence Rich Client.lnk
2014-08-28 16:18 - 2009-07-14 12:45 - 00460776 ____C () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 13:14 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-08-28 10:13 - 2014-08-28 09:25 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 10:13 - 2014-08-28 09:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 10:13 - 2014-08-28 09:25 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-26 18:15 - 2014-05-24 19:54 - 00000000 __RDC () C:\Users\syahrul\Virtual Machines
2014-08-26 18:11 - 2014-08-25 12:26 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\NetSarang
2014-08-26 18:09 - 2014-08-26 18:09 - 00002504 ____C () C:\Users\syahrul\.isqlPreferences11
2014-08-26 18:09 - 2014-08-26 18:09 - 00000073 ____C () C:\Users\syahrul\.jlogon11
2014-08-26 18:09 - 2014-08-26 18:09 - 00000034 ____C () C:\Users\syahrul\.isqlHistory11
2014-08-26 18:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\ProgramData\Sybase Central 6.0.0
2014-08-26 18:01 - 2014-08-25 15:04 - 00000544 ____C () C:\Windows\ODBC.INI
2014-08-26 17:58 - 2014-08-26 17:58 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Business Objects
2014-08-26 17:31 - 2014-08-26 17:31 - 00000000 ___DC () C:\ProgramData\SQL Anywhere 11
2014-08-26 17:12 - 2014-08-25 14:39 - 00000000 ___DC () C:\ebid
2014-08-26 17:10 - 2014-08-26 17:07 - 00000000 ___DC () C:\Sybase
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\Users\syahrul\sybase
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\ProgramData\SybaseIQ
2014-08-26 17:09 - 2014-08-26 17:09 - 00000000 ___DC () C:\ProgramData\DBISQL 11.0.1
2014-08-26 17:08 - 2014-08-26 17:08 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sybase
2014-08-26 17:05 - 2014-06-18 09:39 - 00000000 ___DC () C:\Program Files (x86)\Business Objects
2014-08-26 12:18 - 2014-05-27 01:41 - 00699568 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-26 12:18 - 2014-05-27 01:41 - 00003768 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-26 12:18 - 2014-05-22 15:19 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-26 11:58 - 2014-05-23 00:07 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\BitComet
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\uk-UA
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\th-TH
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\sl-SI
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\sk-SK
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\lv-LV
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\he-IL
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\uk-UA
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\th-TH
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\sl-SI
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\sk-SK
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\lv-LV
2014-08-26 11:58 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\he-IL
2014-08-26 11:40 - 2014-08-26 11:37 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-26 11:40 - 2014-08-26 11:37 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-26 11:40 - 2014-08-26 11:37 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-26 11:40 - 2014-08-26 11:37 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-26 11:40 - 2014-08-26 11:37 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-26 11:40 - 2014-08-26 11:37 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-26 11:39 - 2014-08-26 11:38 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-26 11:39 - 2014-08-26 11:38 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-26 11:39 - 2014-08-26 11:38 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-26 11:39 - 2014-08-26 11:38 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-26 11:39 - 2014-08-26 11:36 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-26 11:39 - 2014-08-26 11:36 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-26 11:39 - 2014-08-26 11:36 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-26 11:39 - 2014-08-26 11:36 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-25 18:37 - 2014-08-25 18:37 - 00851456 ____C () C:\Users\syahrul\Downloads\mcom2001-site-data.xls
2014-08-25 18:37 - 2014-08-25 18:37 - 00374272 ____C () C:\Users\syahrul\Downloads\mcom2001-gsm-carrier-data.xls
2014-08-25 15:08 - 2014-05-22 00:47 - 00128728 ____C () C:\Users\syahrul\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-25 15:05 - 2014-08-25 15:05 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BusinessObjects XI 3.1
2014-08-25 15:03 - 2014-05-22 22:36 - 00000000 ___DC () C:\Program Files (x86)\Microsoft Office
2014-08-25 12:46 - 2014-05-24 23:32 - 00000000 ___DC () C:\Users\syahrul\Downloads\BitComet
2014-08-25 12:24 - 2014-08-25 12:21 - 29813576 ____C (NetSarang Computer, Inc.) C:\Users\syahrul\Downloads\Xshell4.exe
2014-08-22 23:36 - 2014-05-23 00:31 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-22 17:18 - 2014-05-27 18:34 - 00000000 ___DC () C:\ProgramData\Skype
2014-08-22 16:28 - 2014-05-22 23:18 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Nitro
2014-08-21 15:54 - 2014-08-21 15:54 - 00000000 ___DC () C:\Users\syahrul\.swt
2014-08-21 15:54 - 2014-08-21 15:53 - 22355720 ____C (Degoo Backup AB) C:\Users\syahrul\Downloads\DegooSetup-Production-1.0.743.exe
2014-08-19 17:07 - 2014-08-19 17:07 - 00345600 ____C () C:\Users\syahrul\Downloads\T065B00001F0041PPTE.ppt
2014-08-19 16:52 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\NDF
2014-08-19 15:17 - 2014-06-25 10:46 - 00007605 ____C () C:\Users\syahrul\AppData\Local\Resmon.ResmonCfg
2014-08-19 15:05 - 2014-06-25 16:40 - 00000000 ___DC () C:\Users\syahrul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ALEXwin
2014-08-19 15:05 - 2014-06-25 16:40 - 00000000 ___DC () C:\Program Files (x86)\ALEXwin
2014-08-19 15:03 - 2014-08-19 15:03 - 00003276 ____C () C:\Windows\System32\Tasks\{EDA0CA98-04B3-420F-BF42-08B7BD642593}
2014-08-19 14:47 - 2014-06-25 18:05 - 00001004 ____C () C:\Users\syahrul\Desktop\ALEX.lnk
2014-08-19 10:40 - 2014-08-16 19:52 - 00000000 ___DC () C:\Update
2014-08-19 10:32 - 2014-08-19 10:32 - 00003142 ____C () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-08-19 10:32 - 2014-08-19 10:32 - 00002033 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
2014-08-19 10:32 - 2014-08-19 10:32 - 00000000 _RHDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-08-19 10:31 - 2014-05-22 15:49 - 00000000 ___DC () C:\Program Files\Sony
2014-08-19 10:31 - 2014-05-22 15:14 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-08-19 10:30 - 2014-05-24 19:35 - 00013792 ____C () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2014-08-19 10:29 - 2014-08-19 10:25 - 114445544 ____C (Sony Corporation) C:\Users\syahrul\Downloads\EP0000322168.exe
2014-08-19 09:32 - 2014-08-19 09:32 - 00000000 ____C () C:\Windows\setuperr.log
2014-08-19 09:11 - 2014-05-27 09:14 - 00000407 ____C () C:\Windows\system32\checkdnsid.xml
2014-08-17 02:19 - 2014-05-25 01:17 - 00647752 ____C (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-08-17 02:16 - 2014-05-25 01:17 - 01260120 ____C (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-08-17 02:15 - 2014-05-25 00:45 - 00084848 ____C (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2014-08-17 02:15 - 2014-05-25 00:45 - 00034384 ____C (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2014-08-17 02:13 - 2014-08-17 02:13 - 00419616 ____C (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-08-17 02:12 - 2014-05-25 00:45 - 00074512 ____C (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-08-17 01:58 - 2014-08-17 01:58 - 00272808 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-17 01:58 - 2014-08-17 01:58 - 00098216 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-17 01:58 - 2014-08-17 01:58 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-08-17 01:58 - 2014-06-11 09:38 - 00000000 ___DC () C:\ProgramData\Oracle
2014-08-17 01:36 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\zh-HK
2014-08-17 01:36 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\SysWOW64\ar-SA
2014-08-17 01:36 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\zh-HK
2014-08-17 01:36 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\system32\ar-SA
2014-08-17 01:36 - 2009-07-14 11:20 - 00000000 ___DC () C:\Windows\PolicyDefinitions
2014-08-17 01:18 - 2014-05-22 22:36 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2014-08-17 01:12 - 2014-05-22 03:23 - 00000000 ___DC () C:\Windows\system32\MRT
2014-08-17 01:09 - 2014-05-22 03:23 - 99218768 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-17 01:08 - 2014-08-17 00:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-17 01:08 - 2014-08-17 00:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-17 01:07 - 2014-08-17 00:19 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-17 01:07 - 2014-08-17 00:19 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-17 01:06 - 2014-08-17 01:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-17 01:06 - 2014-08-17 01:00 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-17 01:06 - 2014-08-17 01:00 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-17 01:06 - 2014-08-17 01:00 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-17 01:06 - 2014-08-17 01:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-17 01:06 - 2014-08-17 01:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-17 01:06 - 2014-08-17 00:20 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-17 01:06 - 2014-08-17 00:20 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-17 01:05 - 2014-08-17 01:02 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 01:05 - 2014-08-17 01:02 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 01:05 - 2014-08-17 01:02 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 01:05 - 2014-08-17 01:02 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-17 01:05 - 2014-08-17 01:02 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 01:05 - 2014-08-17 01:02 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 01:05 - 2014-08-17 01:01 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 01:05 - 2014-08-17 01:01 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 01:05 - 2014-08-17 00:19 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-17 01:05 - 2014-08-17 00:19 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-17 01:01 - 2014-08-17 00:20 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-17 01:01 - 2014-08-17 00:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-17 01:01 - 2014-05-22 20:39 - 00000000 __SDC () C:\Windows\system32\CompatTel

Files to move or delete:
====================
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.1.exe


Some content of TEMP:
====================
C:\Users\syahrul\AppData\Local\Temp\Procmon64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.


LastRegBack: 2014-08-28 13:06

==================== End Of Log ============================



#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 AM

Posted 04 September 2014 - 05:08 AM

Hi,

it's still not clear what sets these proxy settings again.
Let's do a boot log:




Please download this attached Attached File  fixlist.txt   92bytes   2 downloads and save it in the same directory as FRST.


Start Process Monitor again.
  • Procmon will be logging right away. Stop it with "File -> Capture Events" (or hit CTRL+E).
  • Clean the log with "Edit -> Clear Display" (or hit CTRL+X).
  • Then go to "Filter -> Filter..." (or CTRL+L).
    Create a new filter with the conditions: "Path" "contains" "ProxyServer" then "Include" and click on "Add". Click on "Apply" and "OK".
  • Click on "Options -> Enable Boot Logging" and confirm it.
Do the FRST fix:
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • The computer will be rebooted.
After the reboot:
  • Open Process Monitor
  • You will be prompted that a previous instance has created a boot-time activity log. Click "Yes" to save the collected data and save the *.pml-file.
  • Then go to "File -> Save...". Select the options "Events displayed using current filter" and "Comma-Seperated Values (CSV)" as format. Choose a path to save the *.csv file and click "OK".
  • Please post up this *csv-file in your next reply.


#14 rxqual

rxqual
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 04 September 2014 - 05:08 AM

Hi Aharonov,

 

Still waiting for your reply. Tq


Edited by rxqual, 04 September 2014 - 05:09 AM.


#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 AM

Posted 04 September 2014 - 05:18 AM

See above.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users